Access Control

This document describes the access control options available to you in Cloud Security Scanner. Cloud Security Scanner uses Identity and Access Management (IAM) for access control.

In Cloud Security Scanner, access control can be configured at the project level. To give users the ability to create and manage security scans, you can add users to your project and grant them permissions using IAM roles.

Cloud Security Scanner supports primitive roles. and predefined roles that give more granular access to Cloud Security Scanner resources.

Primitive IAM roles

The table below describes the primitive roles.

Role Description
Owner Full access to all Cloud Security Scanner resources
Editor Full access to all Cloud Security Scanner resources
Viewer No access to Cloud Security Scanner

Predefined IAM roles

The table below describes the permissions granted by the predefined roles.

Role Description
cloudsecurityscanner.viewer Read-only access to all Cloud Security Scanner resources
cloudsecurityscanner.runner Read-only access to scan and scan run, plus the ability to kick off scans
cloudsecurityscanner.editor Full access to all Cloud Security Scanner resources

Send feedback about...

Cloud Security Scanner Documentation