>

Security Products

Contact sales Try free

Access control

Cloud Identity and Access Management (Cloud IAM) roles prescribe how you can use the Cloud Security Command Center (Cloud SCC) API. Below is a list of each Cloud IAM role available for Cloud SCC and the methods available to them.

Security Center Roles

Role	Title	Description	Permissions	Lowest Resource
`roles/ securitycenter.admin`	Security Center Admin ^Beta	Admin(super user) access to security center	resourcemanager.organizations.get securitycenter.assets.group securitycenter.assets.list securitycenter.assets.listAssetPropertyNames securitycenter.assets.runDiscovery securitycenter.assetsecuritymarks.* securitycenter.findings.group securitycenter.findings.list securitycenter.findings.listFindingPropertyNames securitycenter.findings.update securitycenter.findingsecuritymarks.* securitycenter.organizationsettings.* securitycenter.sources.*
`roles/ securitycenter.adminEditor`	Security Center Admin Editor ^Beta	Admin Read-write access to security center	resourcemanager.organizations.get securitycenter.assets.runDiscovery securitycenter.assetsecuritymarks.* securitycenter.findings.group securitycenter.findings.list securitycenter.findings.listFindingPropertyNames securitycenter.findings.update securitycenter.findingsecuritymarks.* securitycenter.sources.get securitycenter.sources.list securitycenter.sources.update
`roles/ securitycenter.adminViewer`	Security Center Admin Viewer ^Beta	Admin Read access to security center	resourcemanager.organizations.get securitycenter.assets.group securitycenter.assets.list securitycenter.assets.listAssetPropertyNames securitycenter.findings.group securitycenter.findings.list securitycenter.findings.listFindingPropertyNames securitycenter.sources.get securitycenter.sources.list
`roles/ securitycenter.assetSecurityMarksWriter`	Security Center Asset Security Marks Writer ^Beta	Write access to asset security marks	securitycenter.assetsecuritymarks.*
`roles/ securitycenter.assetsDiscoveryRunner`	Security Center Assets Discovery Runner ^Beta	Run asset discovery access to assets	securitycenter.assets.runDiscovery
`roles/ securitycenter.assetsViewer`	Security Center Assets Viewer ^Beta	Read access to assets	resourcemanager.organizations.get securitycenter.assets.group securitycenter.assets.list securitycenter.assets.listAssetPropertyNames
`roles/ securitycenter.editor`	Security Center Editor ^Beta	Read-write access to assets, configs, notification streams, and marks, readonly access to scans	resourcemanager.organizations.get securitycenter.assets.get securitycenter.assets.getFieldNames securitycenter.assets.list securitycenter.assets.triggerDiscovery securitycenter.assets.update securitycenter.configs.get securitycenter.configs.getIamPolicy securitycenter.configs.update securitycenter.scans.*
`roles/ securitycenter.findingSecurityMarksWriter`	Security Center Finding Security Marks Writer ^Beta	Write access to finding security marks	securitycenter.findingsecuritymarks.*
`roles/ securitycenter.findingsEditor`	Security Center Findings Editor ^Beta	Read-write access to findings	resourcemanager.organizations.get securitycenter.findings.group securitycenter.findings.list securitycenter.findings.listFindingPropertyNames securitycenter.findings.update securitycenter.sources.get securitycenter.sources.list
`roles/ securitycenter.findingsStateSetter`	Security Center Findings State Setter ^Beta	Set state access to findings	securitycenter.findings.setState
`roles/ securitycenter.findingsViewer`	Security Center Findings Viewer ^Beta	Read access to findings	resourcemanager.organizations.get securitycenter.findings.group securitycenter.findings.list securitycenter.findings.listFindingPropertyNames securitycenter.sources.get securitycenter.sources.list
`roles/ securitycenter.sourcesAdmin`	Security Center Sources Admin ^Beta	Admin access to sources	resourcemanager.organizations.get securitycenter.sources.*
`roles/ securitycenter.sourcesEditor`	Security Center Sources Editor ^Beta	Read-write access to sources	resourcemanager.organizations.get securitycenter.sources.get securitycenter.sources.list securitycenter.sources.update
`roles/ securitycenter.sourcesViewer`	Security Center Sources Viewer ^Beta	Read access to sources	resourcemanager.organizations.get securitycenter.sources.get securitycenter.sources.list
`roles/ securitycenter.viewer`	Security Center Viewer ^Beta	Read access to assets, configs, notification streams, scans, and marks	resourcemanager.organizations.get securitycenter.assets.get securitycenter.assets.getFieldNames securitycenter.assets.list securitycenter.configs.get securitycenter.configs.getIamPolicy securitycenter.scans.*

For more information about Cloud IAM roles, see understanding roles.

Was this page helpful? Let us know how we did:

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see our Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated April 10, 2019.

Send feedback about...

This page

Documentation feedback

Cloud Security Command Center

Product feedback

Need help? Visit our support page.