>

Access control

Cloud Identity and Access Management (Cloud IAM) roles prescribe how you can use the Cloud Security Command Center (Cloud SCC) API. Below is a list of each Cloud IAM role available for Cloud SCC and the methods available to them.

Security Center Roles

Role Title Description Permissions Lowest Resource
roles/
securitycenter.admin
Security Center Admin Beta Admin(super user) access to security center resourcemanager.organizations.get
securitycenter.assets.group
securitycenter.assets.list
securitycenter.assets.listAssetPropertyNames
securitycenter.assets.runDiscovery
securitycenter.assetsecuritymarks.*
securitycenter.findings.group
securitycenter.findings.list
securitycenter.findings.listFindingPropertyNames
securitycenter.findings.update
securitycenter.findingsecuritymarks.*
securitycenter.organizationsettings.*
securitycenter.sources.*
roles/
securitycenter.adminEditor
Security Center Admin Editor Beta Admin Read-write access to security center resourcemanager.organizations.get
securitycenter.assets.runDiscovery
securitycenter.assetsecuritymarks.*
securitycenter.findings.group
securitycenter.findings.list
securitycenter.findings.listFindingPropertyNames
securitycenter.findings.update
securitycenter.findingsecuritymarks.*
securitycenter.sources.get
securitycenter.sources.list
securitycenter.sources.update
roles/
securitycenter.adminViewer
Security Center Admin Viewer Beta Admin Read access to security center resourcemanager.organizations.get
securitycenter.assets.group
securitycenter.assets.list
securitycenter.assets.listAssetPropertyNames
securitycenter.findings.group
securitycenter.findings.list
securitycenter.findings.listFindingPropertyNames
securitycenter.sources.get
securitycenter.sources.list
roles/
securitycenter.assetSecurityMarksWriter
Security Center Asset Security Marks Writer Beta Write access to asset security marks securitycenter.assetsecuritymarks.*
roles/
securitycenter.assetsDiscoveryRunner
Security Center Assets Discovery Runner Beta Run asset discovery access to assets securitycenter.assets.runDiscovery
roles/
securitycenter.assetsViewer
Security Center Assets Viewer Beta Read access to assets resourcemanager.organizations.get
securitycenter.assets.group
securitycenter.assets.list
securitycenter.assets.listAssetPropertyNames
roles/
securitycenter.editor
Security Center Editor Beta Read-write access to assets, configs, notification streams, and marks, readonly access to scans resourcemanager.organizations.get
securitycenter.assets.get
securitycenter.assets.getFieldNames
securitycenter.assets.list
securitycenter.assets.triggerDiscovery
securitycenter.assets.update
securitycenter.configs.get
securitycenter.configs.getIamPolicy
securitycenter.configs.update
securitycenter.scans.*
roles/
securitycenter.findingSecurityMarksWriter
Security Center Finding Security Marks Writer Beta Write access to finding security marks securitycenter.findingsecuritymarks.*
roles/
securitycenter.findingsEditor
Security Center Findings Editor Beta Read-write access to findings resourcemanager.organizations.get
securitycenter.findings.group
securitycenter.findings.list
securitycenter.findings.listFindingPropertyNames
securitycenter.findings.update
securitycenter.sources.get
securitycenter.sources.list
roles/
securitycenter.findingsStateSetter
Security Center Findings State Setter Beta Set state access to findings securitycenter.findings.setState
roles/
securitycenter.findingsViewer
Security Center Findings Viewer Beta Read access to findings resourcemanager.organizations.get
securitycenter.findings.group
securitycenter.findings.list
securitycenter.findings.listFindingPropertyNames
securitycenter.sources.get
securitycenter.sources.list
roles/
securitycenter.sourcesAdmin
Security Center Sources Admin Beta Admin access to sources resourcemanager.organizations.get
securitycenter.sources.*
roles/
securitycenter.sourcesEditor
Security Center Sources Editor Beta Read-write access to sources resourcemanager.organizations.get
securitycenter.sources.get
securitycenter.sources.list
securitycenter.sources.update
roles/
securitycenter.sourcesViewer
Security Center Sources Viewer Beta Read access to sources resourcemanager.organizations.get
securitycenter.sources.get
securitycenter.sources.list
roles/
securitycenter.viewer
Security Center Viewer Beta Read access to assets, configs, notification streams, scans, and marks resourcemanager.organizations.get
securitycenter.assets.get
securitycenter.assets.getFieldNames
securitycenter.assets.list
securitycenter.configs.get
securitycenter.configs.getIamPolicy
securitycenter.scans.*

For more information about Cloud IAM roles, see understanding roles.

Was this page helpful? Let us know how we did:

Send feedback about...

Cloud Security Command Center
Need help? Visit our support page.