The Security Command Center Enterprise tier provides both the Google Cloud console and Security Operations console to investigate and remediate vulnerabilities, misconfigurations, and threats. Security Command Center Enterprise users need IAM permissions to access Security Command Center features in both Google Cloud console and Security Operations console.
Google Security Operations has a set of predefined IAM roles that let you access SIEM-related features and SOAR-related features.
As you plan your deployment, review the following to identify which users need access to features:
To grant user access to features and findings in the Google Cloud console, see Access control with IAM.
To grant user access to SIEM-related threat detection and investigation features in the Security Operations console, see Configure feature access control using IAM.
To grant users access to SOAR-related response features in the Security Operations console, see Map IAM roles in the SOAR side of the Security Operations console. You also map the SOAR-related IAM roles to SOC roles, permission groups, and environments under SOAR settings in the Security Operations console.
To access features in Security Operations console that are provided with Security Command Center Enterprise, such as the Posture Overview page, grant users the required IAM roles in the organization where Security Command Center Enterprise is activated.
To create custom IAM roles using Google SecOps IAM permissions, see Create and assign a custom role to a group.
The steps to grant access to features is different depending on the identity provider configuration.
If you use Google Workspace or Cloud Identity as the identity provider, you grant roles directly to a user or group. See Configure a Google Cloud identity provider for an example of how to do this.
If you use Workforce Identity Federation to connect to a third-party identity provider (such as Okta or Azure AD), you grant roles to identities in a workforce identity pool or to a group within the workforce identity pool. See Grant a role to enable sign in to Google SecOps for an example of how to do this.