Google uses AI technology to translate content into your preferred language. AI translations can contain errors.

IAM untuk aktivasi tingkat organisasi

Halaman ini menjelaskan cara menggunakan Identity and Access Management (IAM) untuk mengontrol akses ke resource dalam aktivasi Security Command Center tingkat organisasi. Halaman ini relevan bagi Anda jika salah satu kondisi berikut berlaku:

Security Command Center diaktifkan di tingkat organisasi, bukan di tingkat project.
Security Command Center Standard sudah diaktifkan di tingkat organisasi. Selain itu, Anda telah mengaktifkan Security Command Center Premium di satu atau beberapa project.

Jika Anda mengaktifkan Security Command Center di tingkat project—dan bukan tingkat organisasi—lihat IAM untuk aktivasi tingkat project sebagai gantinya.

Dalam aktivasi Security Command Center tingkat organisasi, Anda dapat mengontrol akses ke resource di berbagai tingkat hierarki resource. Security Command Center menggunakan peran IAM untuk memungkinkan Anda mengontrol siapa yang dapat melakukan apa pada aset, temuan, dan sumber keamanan di lingkungan Security Command Center Anda. Anda memberikan peran kepada individu dan aplikasi, dan setiap peran memberikan izin tertentu.

Izin

Diperlukan untuk aktivasi

Untuk mengaktifkan Security Command Center, lihat salah satu hal berikut berdasarkan paket layanan Anda:

Diperlukan untuk administrasi dan penggunaan berkelanjutan

Bagian ini menjelaskan izin yang diperlukan untuk mengelola dan menggunakan Security Command Center Premium dan Standard. Untuk mengetahui informasi tentang Security Command Center Enterprise, lihat Mengonfigurasi izin untuk penggunaan Security Command Center Enterprise yang berkelanjutan.

Untuk mengubah konfigurasi organisasi, Anda memerlukan kedua peran berikut di tingkat organisasi:

Organization Administrator (roles/resourcemanager.organizationAdmin)
Security Center Admin (roles/securitycenter.admin)

Jika pengguna tidak memerlukan izin edit, pertimbangkan untuk memberikan peran penampil kepada mereka.

Untuk melihat semua aset, temuan, dan jalur serangan di Security Command Center, pengguna memerlukan peran Security Center Admin Viewer (roles/securitycenter.adminViewer) di tingkat organisasi.

Untuk melihat setelan, pengguna memerlukan peran Security Center Admin (roles/securitycenter.admin) di tingkat organisasi.

Untuk membatasi akses ke folder dan project tertentu, jangan berikan semua peran di tingkat organisasi level. Sebagai gantinya, berikan peran berikut di tingkat folder atau project:

Security Center Assets Viewer (roles/securitycenter.assetsViewer)
Security Center Findings Viewer (roles/securitycenter.findingsViewer)

Setiap layanan deteksi mungkin memerlukan izin tambahan untuk mengaktifkan atau mengonfigurasinya. Lihat dokumentasi khusus untuk setiap layanan guna mengetahui informasi selengkapnya.

Peran tingkat organisasi

Saat peran IAM diterapkan di tingkat organisasi, project dan folder di bawah organisasi tersebut akan mewarisi binding perannya.

Gambar berikut mengilustrasikan hierarki resource Security Command Center umum dengan peran yang diberikan di tingkat organisasi.

Struktur izin dan hierarki resource Security Command Center — Hierarki resource Security Command Center dan peran tingkat organisasi (klik untuk memperbesar)

Peran IAM mencakup izin untuk melihat, mengedit, memperbarui, membuat, atau menghapus resource. Peran yang diberikan di tingkat organisasi di Security Command Center memungkinkan Anda melakukan tindakan yang ditentukan pada temuan, aset, dan sumber keamanan di seluruh organisasi. Misalnya, pengguna yang diberi peran Security Center Findings Editor (roles/securitycenter.findingsEditor) dapat melihat atau mengedit temuan yang dilampirkan ke resource mana pun di project atau folder mana pun di organisasi Anda. Dengan struktur ini, Anda tidak perlu memberikan peran kepada pengguna di setiap folder atau project.

Untuk mengetahui petunjuk tentang cara mengelola peran dan izin, lihat Mengelola akses ke project, folder, dan organisasi.

Peran tingkat organisasi tidak cocok untuk semua kasus penggunaan, terutama untuk aplikasi sensitif atau standar kepatuhan yang memerlukan kontrol akses yang ketat. Untuk membuat kebijakan akses yang terperinci, Anda dapat memberikan peran di tingkat folder dan project.

Peran tingkat folder dan project

Security Command Center memungkinkan Anda memberikan peran IAM Security Command Center untuk folder dan project tertentu, membuat beberapa tampilan, atau silo, dalam organisasi Anda. Anda memberikan izin akses dan edit yang berbeda kepada pengguna dan grup untuk folder dan project di seluruh organisasi Anda.

Video berikut menjelaskan cara memberikan peran tingkat folder dan project serta cara mengelolanya di konsol Security Command Center.

Dengan peran folder dan project, pengguna yang memiliki peran Security Command Center dapat mengelola aset dan temuan dalam project atau folder yang ditentukan. Misalnya, engineer keamanan dapat diberi akses terbatas untuk memilih folder dan project, sedangkan administrator keamanan dapat mengelola semua resource di tingkat organisasi.

Peran folder dan project memungkinkan izin Security Command Center diterapkan di tingkat yang lebih rendah dalam hierarki resource organisasi Anda, tetapi tidak mengubah hierarki. Gambar berikut mengilustrasikan pengguna dengan izin Security Command Center untuk mengakses temuan dalam project tertentu.

Pengguna dengan peran folder dan project melihat subset resource organisasi. Tindakan apa pun yang mereka lakukan terbatas pada cakupan yang sama. Misalnya, jika pengguna memiliki izin untuk folder, mereka dapat mengakses resource di project mana pun dalam folder tersebut. Izin untuk project memberi pengguna akses ke resource dalam project tersebut.

Untuk mengetahui petunjuk tentang cara mengelola peran dan izin, lihat Mengelola akses ke project, folder, dan organisasi.

Batasan peran

Dengan memberikan peran Security Command Center di tingkat folder atau project, administrator Security Command Center dapat melakukan hal berikut:

Membatasi izin lihat atau edit Security Command Center ke folder dan project tertentu
Memberikan izin lihat dan edit untuk grup aset atau temuan kepada pengguna atau tim tertentu
Membatasi kemampuan untuk melihat atau mengedit detail temuan, termasuk pembaruan pada tanda keamanan dan status temuan, kepada individu atau grup yang memiliki akses ke temuan yang mendasarinya
Mengontrol akses ke setelan Security Command Center, yang hanya dapat dilihat oleh individu dengan peran tingkat organisasi

Fungsi Security Command Center

Fungsi Security Command Center juga dibatasi berdasarkan izin lihat dan edit.

Di Google Cloud konsol, Security Command Center memungkinkan individu tanpa izin tingkat organisasi hanya memilih resource yang dapat mereka akses. Pilihan mereka memperbarui semua elemen antarmuka pengguna, termasuk aset, temuan, dan kontrol setelan. Pengguna melihat hak istimewa yang dilampirkan ke peran mereka dan apakah mereka dapat mengakses atau mengedit temuan dalam cakupan saat ini.

Security Command Center API dan Google Cloud CLI juga membatasi fungsi ke folder dan project yang ditentukan. Jika panggilan untuk mencantumkan atau mengelompokkan aset dan temuan dilakukan oleh pengguna yang diberi peran folder atau project, hanya temuan atau aset dalam cakupan tersebut yang akan ditampilkan.

Untuk aktivasi Security Command Center tingkat organisasi, panggilan untuk membuat atau memperbarui temuan dan notifikasi temuan hanya mendukung cakupan organisasi. Anda memerlukan peran tingkat organisasi untuk melakukan tugas ini.

Untuk melihat jalur serangan yang dihasilkan oleh simulasi jalur serangan, izin yang sesuai harus diberikan di tingkat organisasi dan tampilan konsol harus ditetapkan ke organisasi. Google Cloud

Resource induk untuk temuan

Biasanya, temuan dilampirkan ke resource, seperti mesin virtual (VM) atau firewall. Security Command Center melampirkan temuan ke container terdekat untuk resource yang menghasilkan temuan. Misalnya, jika VM menghasilkan temuan, temuan tersebut akan dilampirkan ke project yang berisi VM. Temuan yang tidak terhubung ke Google Cloud resource dilampirkan ke organisasi dan dapat dilihat oleh siapa saja yang memiliki izin Security Command Center tingkat organisasi.

Peran Security Command Center

Peran IAM berikut tersedia untuk Security Command Center. Anda dapat memberikan peran ini di tingkat organisasi, folder, atau project.

Role Permissions

Role	Permissions
Security Center Admin (`roles/securitycenter.admin`) Admin(super user) access to security center Lowest-level resources where you can grant this role: Project	`aiplatform.artifacts.get` `aiplatform.artifacts.list` `aiplatform.batchPredictionJobs.get` `aiplatform.batchPredictionJobs.list` `aiplatform.customJobs.get` `aiplatform.customJobs.list` `aiplatform.datasets.get` `aiplatform.datasets.list` `aiplatform.endpoints.get` `aiplatform.endpoints.list` `aiplatform.executions.get` `aiplatform.executions.list` `aiplatform.models.get` `aiplatform.models.list` `aiplatform.tuningJobs.get` `aiplatform.tuningJobs.list` `appengine.applications.get` `artifactregistry.attachments.get` `artifactregistry.attachments.list` `artifactregistry.dockerimages.` `artifactregistry.dockerimages.get` `artifactregistry.dockerimages.list` `artifactregistry.files.download` `artifactregistry.files.get` `artifactregistry.files.list` `artifactregistry.locations.` `artifactregistry.locations.get` `artifactregistry.locations.list` `artifactregistry.mavenartifacts.` `artifactregistry.mavenartifacts.get` `artifactregistry.mavenartifacts.list` `artifactregistry.npmpackages.` `artifactregistry.npmpackages.get` `artifactregistry.npmpackages.list` `artifactregistry.packages.get` `artifactregistry.packages.list` `artifactregistry.projectsettings.get` `artifactregistry.pythonpackages.` `artifactregistry.pythonpackages.get` `artifactregistry.pythonpackages.list` `artifactregistry.repositories.create` `artifactregistry.repositories.downloadArtifacts` `artifactregistry.repositories.exportArtifacts` `artifactregistry.repositories.get` `artifactregistry.repositories.list` `artifactregistry.repositories.listEffectiveTags` `artifactregistry.repositories.listTagBindings` `artifactregistry.repositories.readViaVirtualRepository` `artifactregistry.rules.get` `artifactregistry.rules.list` `artifactregistry.tags.get` `artifactregistry.tags.list` `artifactregistry.versions.get` `artifactregistry.versions.list` `assuredoss.` `assuredoss.config.get` `assuredoss.customers.create` `assuredoss.locations.get` `assuredoss.locations.list` `assuredoss.metadata.get` `assuredoss.metadata.list` `assuredoss.operations.cancel` `assuredoss.operations.delete` `assuredoss.operations.get` `assuredoss.operations.list` `auditmanager.auditReports.` `auditmanager.auditReports.generate` `auditmanager.auditReports.get` `auditmanager.auditReports.list` `auditmanager.auditScopeReports.generate` `auditmanager.billingSettings.get` `auditmanager.controlReports.` `auditmanager.controlReports.get` `auditmanager.controlReports.list` `auditmanager.controls.list` `auditmanager.findings.list` `auditmanager.locations.` `auditmanager.locations.enrollResource` `auditmanager.locations.get` `auditmanager.locations.list` `auditmanager.operations.` `auditmanager.operations.get` `auditmanager.operations.list` `auditmanager.resourceEnrollmentStatuses.` `auditmanager.resourceEnrollmentStatuses.get` `auditmanager.resourceEnrollmentStatuses.list` `cloudasset.assets.exportAiplatformBatchPredictionJobs` `cloudasset.assets.exportAiplatformCustomJobs` `cloudasset.assets.exportAiplatformDataLabelingJobs` `cloudasset.assets.exportAiplatformDatasets` `cloudasset.assets.exportAiplatformEndpoints` `cloudasset.assets.exportAiplatformHyperparameterTuningJobs` `cloudasset.assets.exportAiplatformMetadataStores` `cloudasset.assets.exportAiplatformModelDeploymentMonitoringJobs` `cloudasset.assets.exportAiplatformModels` `cloudasset.assets.exportAiplatformPipelineJobs` `cloudasset.assets.exportAiplatformSpecialistPools` `cloudasset.assets.exportAiplatformTrainingPipelines` `cloudasset.assets.exportIamPolicy` `cloudasset.assets.exportOSInventories` `cloudasset.assets.exportResource` `cloudasset.assets.queryAccessPolicy` `cloudasset.assets.queryIamPolicy` `cloudasset.assets.queryOSInventories` `cloudasset.assets.queryResource` `cloudasset.assets.searchAllIamPolicies` `cloudasset.assets.searchAllResources` `cloudasset.assets.searchEnrichmentResourceOwners` `cloudasset.othercloudconnections.get` `cloudasset.othercloudconnections.list` `cloudasset.othercloudconnections.verify` `cloudnotifications.activities.list` `cloudsecuritycompliance.` `cloudsecuritycompliance.auditReports.generate` `cloudsecuritycompliance.auditReports.get` `cloudsecuritycompliance.auditReports.list` `cloudsecuritycompliance.auditScopeReports.generate` `cloudsecuritycompliance.billingSettings.get` `cloudsecuritycompliance.cloudControlDeployments.create` `cloudsecuritycompliance.cloudControlDeployments.delete` `cloudsecuritycompliance.cloudControlDeployments.get` `cloudsecuritycompliance.cloudControlDeployments.list` `cloudsecuritycompliance.cloudControlDeployments.update` `cloudsecuritycompliance.cloudControlPredictions.create` `cloudsecuritycompliance.cloudControlPredictions.get` `cloudsecuritycompliance.cloudControlPredictions.list` `cloudsecuritycompliance.cloudControls.create` `cloudsecuritycompliance.cloudControls.delete` `cloudsecuritycompliance.cloudControls.get` `cloudsecuritycompliance.cloudControls.list` `cloudsecuritycompliance.cloudControls.update` `cloudsecuritycompliance.cmEnrollments.get` `cloudsecuritycompliance.cmEnrollments.update` `cloudsecuritycompliance.controlComplianceSummaries.list` `cloudsecuritycompliance.controlReports.get` `cloudsecuritycompliance.controls.get` `cloudsecuritycompliance.controls.list` `cloudsecuritycompliance.findingSummaries.list` `cloudsecuritycompliance.findings.list` `cloudsecuritycompliance.frameworkAudits.create` `cloudsecuritycompliance.frameworkAudits.get` `cloudsecuritycompliance.frameworkAudits.list` `cloudsecuritycompliance.frameworkComplianceReports.aggregate` `cloudsecuritycompliance.frameworkComplianceReports.get` `cloudsecuritycompliance.frameworkComplianceSummaries.list` `cloudsecuritycompliance.frameworkDeployments.create` `cloudsecuritycompliance.frameworkDeployments.delete` `cloudsecuritycompliance.frameworkDeployments.get` `cloudsecuritycompliance.frameworkDeployments.list` `cloudsecuritycompliance.frameworkDeployments.update` `cloudsecuritycompliance.frameworks.create` `cloudsecuritycompliance.frameworks.delete` `cloudsecuritycompliance.frameworks.get` `cloudsecuritycompliance.frameworks.list` `cloudsecuritycompliance.frameworks.update` `cloudsecuritycompliance.locations.enrollResource` `cloudsecuritycompliance.locations.get` `cloudsecuritycompliance.locations.list` `cloudsecuritycompliance.operations.cancel` `cloudsecuritycompliance.operations.delete` `cloudsecuritycompliance.operations.get` `cloudsecuritycompliance.operations.list` `cloudsecuritycompliance.resourceEnrollmentStatuses.get` `cloudsecuritycompliance.resourceEnrollmentStatuses.list` `cloudsecurityscanner.` `cloudsecurityscanner.crawledurls.list` `cloudsecurityscanner.results.get` `cloudsecurityscanner.results.list` `cloudsecurityscanner.scanruns.get` `cloudsecurityscanner.scanruns.getSummary` `cloudsecurityscanner.scanruns.list` `cloudsecurityscanner.scanruns.stop` `cloudsecurityscanner.scans.create` `cloudsecurityscanner.scans.delete` `cloudsecurityscanner.scans.get` `cloudsecurityscanner.scans.list` `cloudsecurityscanner.scans.run` `cloudsecurityscanner.scans.update` `compute.addresses.list` `dlp.` `dlp.analyzeRiskTemplates.create` `dlp.analyzeRiskTemplates.delete` `dlp.analyzeRiskTemplates.get` `dlp.analyzeRiskTemplates.list` `dlp.analyzeRiskTemplates.update` `dlp.charts.get` `dlp.columnDataProfiles.get` `dlp.columnDataProfiles.list` `dlp.connections.create` `dlp.connections.delete` `dlp.connections.get` `dlp.connections.list` `dlp.connections.search` `dlp.connections.update` `dlp.deidentifyTemplates.create` `dlp.deidentifyTemplates.delete` `dlp.deidentifyTemplates.get` `dlp.deidentifyTemplates.list` `dlp.deidentifyTemplates.update` `dlp.estimates.cancel` `dlp.estimates.create` `dlp.estimates.delete` `dlp.estimates.get` `dlp.estimates.list` `dlp.fileStoreProfiles.delete` `dlp.fileStoreProfiles.get` `dlp.fileStoreProfiles.list` `dlp.inspectFindings.list` `dlp.inspectTemplates.create` `dlp.inspectTemplates.delete` `dlp.inspectTemplates.get` `dlp.inspectTemplates.list` `dlp.inspectTemplates.update` `dlp.jobTriggers.create` `dlp.jobTriggers.delete` `dlp.jobTriggers.get` `dlp.jobTriggers.hybridInspect` `dlp.jobTriggers.list` `dlp.jobTriggers.update` `dlp.jobs.cancel` `dlp.jobs.create` `dlp.jobs.delete` `dlp.jobs.get` `dlp.jobs.hybridInspect` `dlp.jobs.list` `dlp.kms.encrypt` `dlp.locations.get` `dlp.locations.list` `dlp.projectDataProfiles.get` `dlp.projectDataProfiles.list` `dlp.storedInfoTypes.create` `dlp.storedInfoTypes.delete` `dlp.storedInfoTypes.get` `dlp.storedInfoTypes.list` `dlp.storedInfoTypes.update` `dlp.subscriptions.cancel` `dlp.subscriptions.create` `dlp.subscriptions.get` `dlp.subscriptions.list` `dlp.subscriptions.update` `dlp.tableDataProfiles.delete` `dlp.tableDataProfiles.get` `dlp.tableDataProfiles.list` `dspm.` `dspm.locations.computeAggregation` `dspm.locations.fetchDataGovernanceAnalytics` `dspm.locations.fetchDspmGovernedProjects` `dspm.locations.fetchGovernedResourceMetrics` `dspm.locations.fetchLineageConnections` `dspm.locations.get` `dspm.locations.list` `dspm.operations.cancel` `dspm.operations.delete` `dspm.operations.get` `dspm.operations.list` `iam.serviceAccountKeys.create` `iam.serviceAccounts.create` `iam.serviceAccounts.get` `modelarmor.floorSettings.` `modelarmor.floorSettings.computeEffectiveFloorSetting` `modelarmor.floorSettings.get` `modelarmor.floorSettings.update` `modelarmor.locations.` `modelarmor.locations.get` `modelarmor.locations.list` `modelarmor.templates.` `modelarmor.templates.create` `modelarmor.templates.delete` `modelarmor.templates.get` `modelarmor.templates.list` `modelarmor.templates.update` `modelarmor.templates.useToSanitizeInput` `modelarmor.templates.useToSanitizeModelResponse` `modelarmor.templates.useToSanitizeOutput` `modelarmor.templates.useToSanitizeUserPrompt` `monitoring.alertPolicies.get` `monitoring.alertPolicies.list` `monitoring.alertPolicies.listEffectiveTags` `monitoring.alertPolicies.listTagBindings` `monitoring.alerts.` `monitoring.alerts.get` `monitoring.alerts.list` `monitoring.dashboards.get` `monitoring.dashboards.list` `monitoring.dashboards.listEffectiveTags` `monitoring.dashboards.listTagBindings` `monitoring.groups.get` `monitoring.groups.list` `monitoring.metricDescriptors.get` `monitoring.metricDescriptors.list` `monitoring.monitoredResourceDescriptors.` `monitoring.monitoredResourceDescriptors.get` `monitoring.monitoredResourceDescriptors.list` `monitoring.notificationChannelDescriptors.` `monitoring.notificationChannelDescriptors.get` `monitoring.notificationChannelDescriptors.list` `monitoring.notificationChannels.get` `monitoring.notificationChannels.list` `monitoring.services.get` `monitoring.services.list` `monitoring.slos.get` `monitoring.slos.list` `monitoring.snoozes.get` `monitoring.snoozes.list` `monitoring.timeSeries.list` `monitoring.uptimeCheckConfigs.get` `monitoring.uptimeCheckConfigs.list` `opsconfigmonitoring.resourceMetadata.list` `pubsub.messageTransforms.validate` `pubsub.schemas.get` `pubsub.schemas.list` `pubsub.schemas.listRevisions` `pubsub.schemas.validate` `pubsub.snapshots.get` `pubsub.snapshots.list` `pubsub.snapshots.listEffectiveTags` `pubsub.snapshots.listTagBindings` `pubsub.subscriptions.create` `pubsub.subscriptions.get` `pubsub.subscriptions.list` `pubsub.subscriptions.listEffectiveTags` `pubsub.subscriptions.listTagBindings` `pubsub.subscriptions.update` `pubsub.topics.get` `pubsub.topics.list` `pubsub.topics.listEffectiveTags` `pubsub.topics.listTagBindings` `resourcemanager.folders.get` `resourcemanager.folders.list` `resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list` `resourcemanager.tagValues.get` `securitycenter.` `securitycenter.assets.group` `securitycenter.assets.list` `securitycenter.assets.listAssetPropertyNames` `securitycenter.assets.runDiscovery` `securitycenter.assetsecuritymarks.update` `securitycenter.attackpaths.list` `securitycenter.bigQueryExports.create` `securitycenter.bigQueryExports.delete` `securitycenter.bigQueryExports.get` `securitycenter.bigQueryExports.list` `securitycenter.bigQueryExports.update` `securitycenter.billingtier.update` `securitycenter.complianceReports.aggregate` `securitycenter.compliancesnapshots.list` `securitycenter.containerthreatdetectionsettings.calculate` `securitycenter.containerthreatdetectionsettings.get` `securitycenter.containerthreatdetectionsettings.update` `securitycenter.effectivesecurityhealthanalyticscustommodules.get` `securitycenter.effectivesecurityhealthanalyticscustommodules.list` `securitycenter.eventthreatdetectionsettings.calculate` `securitycenter.eventthreatdetectionsettings.get` `securitycenter.eventthreatdetectionsettings.update` `securitycenter.exposurepathexplan.get` `securitycenter.findingexplanations.get` `securitycenter.findingexternalsystems.update` `securitycenter.findings.bulkMuteUpdate` `securitycenter.findings.export` `securitycenter.findings.group` `securitycenter.findings.list` `securitycenter.findings.listFindingPropertyNames` `securitycenter.findings.setMute` `securitycenter.findings.setState` `securitycenter.findings.setWorkflowState` `securitycenter.findings.update` `securitycenter.findingsecuritymarks.update` `securitycenter.graphs.get` `securitycenter.graphs.query` `securitycenter.integratedvulnerabilityscannersettings.calculate` `securitycenter.integratedvulnerabilityscannersettings.get` `securitycenter.integratedvulnerabilityscannersettings.update` `securitycenter.issues.get` `securitycenter.issues.group` `securitycenter.issues.list` `securitycenter.issues.listFilterValues` `securitycenter.issues.mute` `securitycenter.muteconfigs.create` `securitycenter.muteconfigs.delete` `securitycenter.muteconfigs.get` `securitycenter.muteconfigs.list` `securitycenter.muteconfigs.update` `securitycenter.notificationconfig.create` `securitycenter.notificationconfig.delete` `securitycenter.notificationconfig.get` `securitycenter.notificationconfig.list` `securitycenter.notificationconfig.update` `securitycenter.organizationsettings.get` `securitycenter.organizationsettings.update` `securitycenter.rapidvulnerabilitydetectionsettings.calculate` `securitycenter.rapidvulnerabilitydetectionsettings.get` `securitycenter.rapidvulnerabilitydetectionsettings.update` `securitycenter.resourcevalueconfigs.create` `securitycenter.resourcevalueconfigs.delete` `securitycenter.resourcevalueconfigs.get` `securitycenter.resourcevalueconfigs.list` `securitycenter.resourcevalueconfigs.update` `securitycenter.riskreports.get` `securitycenter.riskreports.list` `securitycenter.securitycentersettings.get` `securitycenter.securitycentersettings.update` `securitycenter.securityhealthanalyticscustommodules.create` `securitycenter.securityhealthanalyticscustommodules.delete` `securitycenter.securityhealthanalyticscustommodules.get` `securitycenter.securityhealthanalyticscustommodules.list` `securitycenter.securityhealthanalyticscustommodules.simulate` `securitycenter.securityhealthanalyticscustommodules.test` `securitycenter.securityhealthanalyticscustommodules.update` `securitycenter.securityhealthanalyticssettings.calculate` `securitycenter.securityhealthanalyticssettings.get` `securitycenter.securityhealthanalyticssettings.update` `securitycenter.simulations.get` `securitycenter.sources.get` `securitycenter.sources.getIamPolicy` `securitycenter.sources.list` `securitycenter.sources.setIamPolicy` `securitycenter.sources.update` `securitycenter.subscription.get` `securitycenter.userinterfacemetadata.get` `securitycenter.valuedresources.list` `securitycenter.virtualmachinethreatdetectionsettings.calculate` `securitycenter.virtualmachinethreatdetectionsettings.get` `securitycenter.virtualmachinethreatdetectionsettings.update` `securitycenter.vulnerabilitysnapshots.list` `securitycenter.websecurityscannersettings.calculate` `securitycenter.websecurityscannersettings.get` `securitycenter.websecurityscannersettings.update` `securitycentermanagement.` `securitycentermanagement.billingMetadata.get` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.get` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.list` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list` `securitycentermanagement.eventThreatDetectionCustomModules.create` `securitycentermanagement.eventThreatDetectionCustomModules.delete` `securitycentermanagement.eventThreatDetectionCustomModules.get` `securitycentermanagement.eventThreatDetectionCustomModules.list` `securitycentermanagement.eventThreatDetectionCustomModules.update` `securitycentermanagement.eventThreatDetectionCustomModules.validate` `securitycentermanagement.locations.get` `securitycentermanagement.locations.list` `securitycentermanagement.operations.cancel` `securitycentermanagement.operations.delete` `securitycentermanagement.operations.get` `securitycentermanagement.operations.list` `securitycentermanagement.securityCenter.get` `securitycentermanagement.securityCenter.migrate` `securitycentermanagement.securityCenter.update` `securitycentermanagement.securityCenterServices.get` `securitycentermanagement.securityCenterServices.list` `securitycentermanagement.securityCenterServices.update` `securitycentermanagement.securityCommandCenter.activate` `securitycentermanagement.securityCommandCenter.checkActivationOperation` `securitycentermanagement.securityCommandCenter.checkEligibility` `securitycentermanagement.securityCommandCenter.checkOnboardingStatus` `securitycentermanagement.securityCommandCenter.generateServiceAccounts` `securitycentermanagement.securityCommandCenter.get` `securitycentermanagement.securityCommandCenter.update` `securitycentermanagement.securityHealthAnalyticsCustomModules.create` `securitycentermanagement.securityHealthAnalyticsCustomModules.delete` `securitycentermanagement.securityHealthAnalyticsCustomModules.get` `securitycentermanagement.securityHealthAnalyticsCustomModules.list` `securitycentermanagement.securityHealthAnalyticsCustomModules.simulate` `securitycentermanagement.securityHealthAnalyticsCustomModules.test` `securitycentermanagement.securityHealthAnalyticsCustomModules.update` `securityposture.operations.get` `securityposture.postureDeployments.get` `securityposture.postureDeployments.list` `securityposture.postureTemplates.` `securityposture.postureTemplates.get` `securityposture.postureTemplates.list` `securityposture.postures.get` `securityposture.postures.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.*` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.enable` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.services.use` `serviceusage.values.test` `stackdriver.projects.get` `stackdriver.resourceMetadata.list`
Security Center Admin Editor (`roles/securitycenter.adminEditor`) Admin Read-write access to security center Lowest-level resources where you can grant this role: Project	`aiplatform.artifacts.get` `aiplatform.artifacts.list` `aiplatform.batchPredictionJobs.get` `aiplatform.batchPredictionJobs.list` `aiplatform.customJobs.get` `aiplatform.customJobs.list` `aiplatform.datasets.get` `aiplatform.datasets.list` `aiplatform.endpoints.get` `aiplatform.endpoints.list` `aiplatform.executions.get` `aiplatform.executions.list` `aiplatform.models.get` `aiplatform.models.list` `aiplatform.tuningJobs.get` `aiplatform.tuningJobs.list` `appengine.applications.get` `artifactregistry.attachments.get` `artifactregistry.attachments.list` `artifactregistry.dockerimages.` `artifactregistry.dockerimages.get` `artifactregistry.dockerimages.list` `artifactregistry.files.download` `artifactregistry.files.get` `artifactregistry.files.list` `artifactregistry.locations.` `artifactregistry.locations.get` `artifactregistry.locations.list` `artifactregistry.mavenartifacts.` `artifactregistry.mavenartifacts.get` `artifactregistry.mavenartifacts.list` `artifactregistry.npmpackages.` `artifactregistry.npmpackages.get` `artifactregistry.npmpackages.list` `artifactregistry.packages.get` `artifactregistry.packages.list` `artifactregistry.projectsettings.get` `artifactregistry.pythonpackages.` `artifactregistry.pythonpackages.get` `artifactregistry.pythonpackages.list` `artifactregistry.repositories.downloadArtifacts` `artifactregistry.repositories.exportArtifacts` `artifactregistry.repositories.get` `artifactregistry.repositories.list` `artifactregistry.repositories.listEffectiveTags` `artifactregistry.repositories.listTagBindings` `artifactregistry.repositories.readViaVirtualRepository` `artifactregistry.rules.get` `artifactregistry.rules.list` `artifactregistry.tags.get` `artifactregistry.tags.list` `artifactregistry.versions.get` `artifactregistry.versions.list` `assuredoss.config.get` `assuredoss.locations.` `assuredoss.locations.get` `assuredoss.locations.list` `assuredoss.metadata.` `assuredoss.metadata.get` `assuredoss.metadata.list` `assuredoss.operations.get` `assuredoss.operations.list` `auditmanager.auditReports.get` `auditmanager.auditReports.list` `auditmanager.billingSettings.get` `auditmanager.controlReports.` `auditmanager.controlReports.get` `auditmanager.controlReports.list` `auditmanager.controls.list` `auditmanager.findings.list` `auditmanager.locations.get` `auditmanager.locations.list` `auditmanager.operations.` `auditmanager.operations.get` `auditmanager.operations.list` `auditmanager.resourceEnrollmentStatuses.` `auditmanager.resourceEnrollmentStatuses.get` `auditmanager.resourceEnrollmentStatuses.list` `cloudasset.assets.exportAiplatformBatchPredictionJobs` `cloudasset.assets.exportAiplatformCustomJobs` `cloudasset.assets.exportAiplatformDataLabelingJobs` `cloudasset.assets.exportAiplatformDatasets` `cloudasset.assets.exportAiplatformEndpoints` `cloudasset.assets.exportAiplatformHyperparameterTuningJobs` `cloudasset.assets.exportAiplatformMetadataStores` `cloudasset.assets.exportAiplatformModelDeploymentMonitoringJobs` `cloudasset.assets.exportAiplatformModels` `cloudasset.assets.exportAiplatformPipelineJobs` `cloudasset.assets.exportAiplatformSpecialistPools` `cloudasset.assets.exportAiplatformTrainingPipelines` `cloudasset.assets.exportIamPolicy` `cloudasset.assets.exportOSInventories` `cloudasset.assets.exportResource` `cloudasset.assets.queryAccessPolicy` `cloudasset.assets.queryIamPolicy` `cloudasset.assets.queryOSInventories` `cloudasset.assets.queryResource` `cloudasset.assets.searchAllIamPolicies` `cloudasset.assets.searchAllResources` `cloudasset.assets.searchEnrichmentResourceOwners` `cloudasset.othercloudconnections.get` `cloudasset.othercloudconnections.list` `cloudasset.othercloudconnections.verify` `cloudnotifications.activities.list` `cloudsecuritycompliance.auditReports.get` `cloudsecuritycompliance.auditReports.list` `cloudsecuritycompliance.billingSettings.get` `cloudsecuritycompliance.cloudControlDeployments.get` `cloudsecuritycompliance.cloudControlDeployments.list` `cloudsecuritycompliance.cloudControlPredictions.get` `cloudsecuritycompliance.cloudControlPredictions.list` `cloudsecuritycompliance.cloudControls.get` `cloudsecuritycompliance.cloudControls.list` `cloudsecuritycompliance.cmEnrollments.get` `cloudsecuritycompliance.controlComplianceSummaries.list` `cloudsecuritycompliance.controlReports.get` `cloudsecuritycompliance.controls.` `cloudsecuritycompliance.controls.get` `cloudsecuritycompliance.controls.list` `cloudsecuritycompliance.findingSummaries.list` `cloudsecuritycompliance.findings.list` `cloudsecuritycompliance.frameworkAudits.get` `cloudsecuritycompliance.frameworkAudits.list` `cloudsecuritycompliance.frameworkComplianceReports.` `cloudsecuritycompliance.frameworkComplianceReports.aggregate` `cloudsecuritycompliance.frameworkComplianceReports.get` `cloudsecuritycompliance.frameworkComplianceSummaries.list` `cloudsecuritycompliance.frameworkDeployments.get` `cloudsecuritycompliance.frameworkDeployments.list` `cloudsecuritycompliance.frameworks.get` `cloudsecuritycompliance.frameworks.list` `cloudsecuritycompliance.locations.get` `cloudsecuritycompliance.locations.list` `cloudsecuritycompliance.operations.get` `cloudsecuritycompliance.operations.list` `cloudsecuritycompliance.resourceEnrollmentStatuses.` `cloudsecuritycompliance.resourceEnrollmentStatuses.get` `cloudsecuritycompliance.resourceEnrollmentStatuses.list` `cloudsecurityscanner.` `cloudsecurityscanner.crawledurls.list` `cloudsecurityscanner.results.get` `cloudsecurityscanner.results.list` `cloudsecurityscanner.scanruns.get` `cloudsecurityscanner.scanruns.getSummary` `cloudsecurityscanner.scanruns.list` `cloudsecurityscanner.scanruns.stop` `cloudsecurityscanner.scans.create` `cloudsecurityscanner.scans.delete` `cloudsecurityscanner.scans.get` `cloudsecurityscanner.scans.list` `cloudsecurityscanner.scans.run` `cloudsecurityscanner.scans.update` `compute.addresses.list` `dlp.charts.get` `dlp.columnDataProfiles.` `dlp.columnDataProfiles.get` `dlp.columnDataProfiles.list` `dlp.fileStoreProfiles.get` `dlp.fileStoreProfiles.list` `dlp.projectDataProfiles.` `dlp.projectDataProfiles.get` `dlp.projectDataProfiles.list` `dlp.tableDataProfiles.get` `dlp.tableDataProfiles.list` `dspm.locations.` `dspm.locations.computeAggregation` `dspm.locations.fetchDataGovernanceAnalytics` `dspm.locations.fetchDspmGovernedProjects` `dspm.locations.fetchGovernedResourceMetrics` `dspm.locations.fetchLineageConnections` `dspm.locations.get` `dspm.locations.list` `dspm.operations.get` `dspm.operations.list` `monitoring.alertPolicies.get` `monitoring.alertPolicies.list` `monitoring.alertPolicies.listEffectiveTags` `monitoring.alertPolicies.listTagBindings` `monitoring.alerts.` `monitoring.alerts.get` `monitoring.alerts.list` `monitoring.dashboards.get` `monitoring.dashboards.list` `monitoring.dashboards.listEffectiveTags` `monitoring.dashboards.listTagBindings` `monitoring.groups.get` `monitoring.groups.list` `monitoring.metricDescriptors.get` `monitoring.metricDescriptors.list` `monitoring.monitoredResourceDescriptors.` `monitoring.monitoredResourceDescriptors.get` `monitoring.monitoredResourceDescriptors.list` `monitoring.notificationChannelDescriptors.` `monitoring.notificationChannelDescriptors.get` `monitoring.notificationChannelDescriptors.list` `monitoring.notificationChannels.get` `monitoring.notificationChannels.list` `monitoring.services.get` `monitoring.services.list` `monitoring.slos.get` `monitoring.slos.list` `monitoring.snoozes.get` `monitoring.snoozes.list` `monitoring.timeSeries.list` `monitoring.uptimeCheckConfigs.get` `monitoring.uptimeCheckConfigs.list` `opsconfigmonitoring.resourceMetadata.list` `pubsub.messageTransforms.validate` `pubsub.schemas.get` `pubsub.schemas.list` `pubsub.schemas.listRevisions` `pubsub.schemas.validate` `pubsub.snapshots.get` `pubsub.snapshots.list` `pubsub.snapshots.listEffectiveTags` `pubsub.snapshots.listTagBindings` `pubsub.subscriptions.get` `pubsub.subscriptions.list` `pubsub.subscriptions.listEffectiveTags` `pubsub.subscriptions.listTagBindings` `pubsub.topics.get` `pubsub.topics.list` `pubsub.topics.listEffectiveTags` `pubsub.topics.listTagBindings` `resourcemanager.folders.get` `resourcemanager.folders.list` `resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list` `resourcemanager.tagValues.get` `securitycenter.assets.` `securitycenter.assets.group` `securitycenter.assets.list` `securitycenter.assets.listAssetPropertyNames` `securitycenter.assets.runDiscovery` `securitycenter.assetsecuritymarks.update` `securitycenter.attackpaths.list` `securitycenter.bigQueryExports.` `securitycenter.bigQueryExports.create` `securitycenter.bigQueryExports.delete` `securitycenter.bigQueryExports.get` `securitycenter.bigQueryExports.list` `securitycenter.bigQueryExports.update` `securitycenter.complianceReports.aggregate` `securitycenter.compliancesnapshots.list` `securitycenter.containerthreatdetectionsettings.calculate` `securitycenter.containerthreatdetectionsettings.get` `securitycenter.effectivesecurityhealthanalyticscustommodules.` `securitycenter.effectivesecurityhealthanalyticscustommodules.get` `securitycenter.effectivesecurityhealthanalyticscustommodules.list` `securitycenter.eventthreatdetectionsettings.calculate` `securitycenter.eventthreatdetectionsettings.get` `securitycenter.exposurepathexplan.get` `securitycenter.findingexplanations.get` `securitycenter.findingexternalsystems.update` `securitycenter.findings.` `securitycenter.findings.bulkMuteUpdate` `securitycenter.findings.export` `securitycenter.findings.group` `securitycenter.findings.list` `securitycenter.findings.listFindingPropertyNames` `securitycenter.findings.setMute` `securitycenter.findings.setState` `securitycenter.findings.setWorkflowState` `securitycenter.findings.update` `securitycenter.findingsecuritymarks.update` `securitycenter.graphs.` `securitycenter.graphs.get` `securitycenter.graphs.query` `securitycenter.integratedvulnerabilityscannersettings.calculate` `securitycenter.integratedvulnerabilityscannersettings.get` `securitycenter.issues.` `securitycenter.issues.get` `securitycenter.issues.group` `securitycenter.issues.list` `securitycenter.issues.listFilterValues` `securitycenter.issues.mute` `securitycenter.muteconfigs.` `securitycenter.muteconfigs.create` `securitycenter.muteconfigs.delete` `securitycenter.muteconfigs.get` `securitycenter.muteconfigs.list` `securitycenter.muteconfigs.update` `securitycenter.notificationconfig.` `securitycenter.notificationconfig.create` `securitycenter.notificationconfig.delete` `securitycenter.notificationconfig.get` `securitycenter.notificationconfig.list` `securitycenter.notificationconfig.update` `securitycenter.organizationsettings.get` `securitycenter.rapidvulnerabilitydetectionsettings.calculate` `securitycenter.rapidvulnerabilitydetectionsettings.get` `securitycenter.resourcevalueconfigs.` `securitycenter.resourcevalueconfigs.create` `securitycenter.resourcevalueconfigs.delete` `securitycenter.resourcevalueconfigs.get` `securitycenter.resourcevalueconfigs.list` `securitycenter.resourcevalueconfigs.update` `securitycenter.securitycentersettings.get` `securitycenter.securityhealthanalyticscustommodules.get` `securitycenter.securityhealthanalyticscustommodules.list` `securitycenter.securityhealthanalyticscustommodules.simulate` `securitycenter.securityhealthanalyticscustommodules.test` `securitycenter.securityhealthanalyticssettings.calculate` `securitycenter.securityhealthanalyticssettings.get` `securitycenter.simulations.get` `securitycenter.sources.get` `securitycenter.sources.list` `securitycenter.sources.update` `securitycenter.subscription.get` `securitycenter.userinterfacemetadata.get` `securitycenter.valuedresources.list` `securitycenter.virtualmachinethreatdetectionsettings.calculate` `securitycenter.virtualmachinethreatdetectionsettings.get` `securitycenter.vulnerabilitysnapshots.list` `securitycenter.websecurityscannersettings.calculate` `securitycenter.websecurityscannersettings.get` `securitycentermanagement.billingMetadata.get` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.get` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.list` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list` `securitycentermanagement.eventThreatDetectionCustomModules.get` `securitycentermanagement.eventThreatDetectionCustomModules.list` `securitycentermanagement.eventThreatDetectionCustomModules.validate` `securitycentermanagement.locations.` `securitycentermanagement.locations.get` `securitycentermanagement.locations.list` `securitycentermanagement.operations.get` `securitycentermanagement.operations.list` `securitycentermanagement.securityCenter.get` `securitycentermanagement.securityCenterServices.get` `securitycentermanagement.securityCenterServices.list` `securitycentermanagement.securityCommandCenter.checkActivationOperation` `securitycentermanagement.securityCommandCenter.checkOnboardingStatus` `securitycentermanagement.securityCommandCenter.generateServiceAccounts` `securitycentermanagement.securityCommandCenter.get` `securitycentermanagement.securityCommandCenter.update` `securitycentermanagement.securityHealthAnalyticsCustomModules.get` `securitycentermanagement.securityHealthAnalyticsCustomModules.list` `securitycentermanagement.securityHealthAnalyticsCustomModules.simulate` `securitycentermanagement.securityHealthAnalyticsCustomModules.test` `securityposture.operations.get` `securityposture.postureDeployments.get` `securityposture.postureDeployments.list` `securityposture.postureTemplates.` `securityposture.postureTemplates.get` `securityposture.postureTemplates.list` `securityposture.postures.get` `securityposture.postures.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test` `stackdriver.projects.get` `stackdriver.resourceMetadata.list`
Security Center Admin Viewer (`roles/securitycenter.adminViewer`) Admin Read access to security center Lowest-level resources where you can grant this role: Project	`aiplatform.artifacts.get` `aiplatform.artifacts.list` `aiplatform.batchPredictionJobs.get` `aiplatform.batchPredictionJobs.list` `aiplatform.customJobs.get` `aiplatform.customJobs.list` `aiplatform.datasets.get` `aiplatform.datasets.list` `aiplatform.endpoints.get` `aiplatform.endpoints.list` `aiplatform.executions.get` `aiplatform.executions.list` `aiplatform.models.get` `aiplatform.models.list` `aiplatform.tuningJobs.get` `aiplatform.tuningJobs.list` `artifactregistry.attachments.get` `artifactregistry.attachments.list` `artifactregistry.dockerimages.` `artifactregistry.dockerimages.get` `artifactregistry.dockerimages.list` `artifactregistry.files.download` `artifactregistry.files.get` `artifactregistry.files.list` `artifactregistry.locations.` `artifactregistry.locations.get` `artifactregistry.locations.list` `artifactregistry.mavenartifacts.` `artifactregistry.mavenartifacts.get` `artifactregistry.mavenartifacts.list` `artifactregistry.npmpackages.` `artifactregistry.npmpackages.get` `artifactregistry.npmpackages.list` `artifactregistry.packages.get` `artifactregistry.packages.list` `artifactregistry.projectsettings.get` `artifactregistry.pythonpackages.` `artifactregistry.pythonpackages.get` `artifactregistry.pythonpackages.list` `artifactregistry.repositories.downloadArtifacts` `artifactregistry.repositories.exportArtifacts` `artifactregistry.repositories.get` `artifactregistry.repositories.list` `artifactregistry.repositories.listEffectiveTags` `artifactregistry.repositories.listTagBindings` `artifactregistry.repositories.readViaVirtualRepository` `artifactregistry.rules.get` `artifactregistry.rules.list` `artifactregistry.tags.get` `artifactregistry.tags.list` `artifactregistry.versions.get` `artifactregistry.versions.list` `assuredoss.config.get` `assuredoss.locations.` `assuredoss.locations.get` `assuredoss.locations.list` `assuredoss.metadata.` `assuredoss.metadata.get` `assuredoss.metadata.list` `assuredoss.operations.get` `assuredoss.operations.list` `auditmanager.auditReports.get` `auditmanager.auditReports.list` `auditmanager.billingSettings.get` `auditmanager.controlReports.` `auditmanager.controlReports.get` `auditmanager.controlReports.list` `auditmanager.controls.list` `auditmanager.findings.list` `auditmanager.locations.get` `auditmanager.locations.list` `auditmanager.operations.` `auditmanager.operations.get` `auditmanager.operations.list` `auditmanager.resourceEnrollmentStatuses.` `auditmanager.resourceEnrollmentStatuses.get` `auditmanager.resourceEnrollmentStatuses.list` `cloudasset.assets.exportAiplatformBatchPredictionJobs` `cloudasset.assets.exportAiplatformCustomJobs` `cloudasset.assets.exportAiplatformDataLabelingJobs` `cloudasset.assets.exportAiplatformDatasets` `cloudasset.assets.exportAiplatformEndpoints` `cloudasset.assets.exportAiplatformHyperparameterTuningJobs` `cloudasset.assets.exportAiplatformMetadataStores` `cloudasset.assets.exportAiplatformModelDeploymentMonitoringJobs` `cloudasset.assets.exportAiplatformModels` `cloudasset.assets.exportAiplatformPipelineJobs` `cloudasset.assets.exportAiplatformSpecialistPools` `cloudasset.assets.exportAiplatformTrainingPipelines` `cloudasset.assets.exportIamPolicy` `cloudasset.assets.exportOSInventories` `cloudasset.assets.exportResource` `cloudasset.assets.queryAccessPolicy` `cloudasset.assets.queryIamPolicy` `cloudasset.assets.queryOSInventories` `cloudasset.assets.queryResource` `cloudasset.assets.searchAllIamPolicies` `cloudasset.assets.searchAllResources` `cloudasset.assets.searchEnrichmentResourceOwners` `cloudasset.othercloudconnections.get` `cloudasset.othercloudconnections.list` `cloudasset.othercloudconnections.verify` `cloudnotifications.activities.list` `cloudsecuritycompliance.auditReports.get` `cloudsecuritycompliance.auditReports.list` `cloudsecuritycompliance.billingSettings.get` `cloudsecuritycompliance.cloudControlDeployments.get` `cloudsecuritycompliance.cloudControlDeployments.list` `cloudsecuritycompliance.cloudControlPredictions.get` `cloudsecuritycompliance.cloudControlPredictions.list` `cloudsecuritycompliance.cloudControls.get` `cloudsecuritycompliance.cloudControls.list` `cloudsecuritycompliance.cmEnrollments.get` `cloudsecuritycompliance.controlComplianceSummaries.list` `cloudsecuritycompliance.controlReports.get` `cloudsecuritycompliance.controls.` `cloudsecuritycompliance.controls.get` `cloudsecuritycompliance.controls.list` `cloudsecuritycompliance.findingSummaries.list` `cloudsecuritycompliance.findings.list` `cloudsecuritycompliance.frameworkAudits.get` `cloudsecuritycompliance.frameworkAudits.list` `cloudsecuritycompliance.frameworkComplianceReports.` `cloudsecuritycompliance.frameworkComplianceReports.aggregate` `cloudsecuritycompliance.frameworkComplianceReports.get` `cloudsecuritycompliance.frameworkComplianceSummaries.list` `cloudsecuritycompliance.frameworkDeployments.get` `cloudsecuritycompliance.frameworkDeployments.list` `cloudsecuritycompliance.frameworks.get` `cloudsecuritycompliance.frameworks.list` `cloudsecuritycompliance.locations.get` `cloudsecuritycompliance.locations.list` `cloudsecuritycompliance.operations.get` `cloudsecuritycompliance.operations.list` `cloudsecuritycompliance.resourceEnrollmentStatuses.` `cloudsecuritycompliance.resourceEnrollmentStatuses.get` `cloudsecuritycompliance.resourceEnrollmentStatuses.list` `cloudsecurityscanner.crawledurls.list` `cloudsecurityscanner.results.` `cloudsecurityscanner.results.get` `cloudsecurityscanner.results.list` `cloudsecurityscanner.scanruns.get` `cloudsecurityscanner.scanruns.getSummary` `cloudsecurityscanner.scanruns.list` `cloudsecurityscanner.scans.get` `cloudsecurityscanner.scans.list` `dlp.charts.get` `dlp.columnDataProfiles.` `dlp.columnDataProfiles.get` `dlp.columnDataProfiles.list` `dlp.fileStoreProfiles.get` `dlp.fileStoreProfiles.list` `dlp.projectDataProfiles.` `dlp.projectDataProfiles.get` `dlp.projectDataProfiles.list` `dlp.tableDataProfiles.get` `dlp.tableDataProfiles.list` `dspm.locations.` `dspm.locations.computeAggregation` `dspm.locations.fetchDataGovernanceAnalytics` `dspm.locations.fetchDspmGovernedProjects` `dspm.locations.fetchGovernedResourceMetrics` `dspm.locations.fetchLineageConnections` `dspm.locations.get` `dspm.locations.list` `dspm.operations.get` `dspm.operations.list` `monitoring.alertPolicies.get` `monitoring.alertPolicies.list` `monitoring.alertPolicies.listEffectiveTags` `monitoring.alertPolicies.listTagBindings` `monitoring.alerts.` `monitoring.alerts.get` `monitoring.alerts.list` `monitoring.dashboards.get` `monitoring.dashboards.list` `monitoring.dashboards.listEffectiveTags` `monitoring.dashboards.listTagBindings` `monitoring.groups.get` `monitoring.groups.list` `monitoring.metricDescriptors.get` `monitoring.metricDescriptors.list` `monitoring.monitoredResourceDescriptors.` `monitoring.monitoredResourceDescriptors.get` `monitoring.monitoredResourceDescriptors.list` `monitoring.notificationChannelDescriptors.` `monitoring.notificationChannelDescriptors.get` `monitoring.notificationChannelDescriptors.list` `monitoring.notificationChannels.get` `monitoring.notificationChannels.list` `monitoring.services.get` `monitoring.services.list` `monitoring.slos.get` `monitoring.slos.list` `monitoring.snoozes.get` `monitoring.snoozes.list` `monitoring.timeSeries.list` `monitoring.uptimeCheckConfigs.get` `monitoring.uptimeCheckConfigs.list` `opsconfigmonitoring.resourceMetadata.list` `pubsub.messageTransforms.validate` `pubsub.schemas.get` `pubsub.schemas.list` `pubsub.schemas.listRevisions` `pubsub.schemas.validate` `pubsub.snapshots.get` `pubsub.snapshots.list` `pubsub.snapshots.listEffectiveTags` `pubsub.snapshots.listTagBindings` `pubsub.subscriptions.get` `pubsub.subscriptions.list` `pubsub.subscriptions.listEffectiveTags` `pubsub.subscriptions.listTagBindings` `pubsub.topics.get` `pubsub.topics.list` `pubsub.topics.listEffectiveTags` `pubsub.topics.listTagBindings` `resourcemanager.folders.get` `resourcemanager.folders.list` `resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list` `resourcemanager.tagValues.get` `securitycenter.assets.group` `securitycenter.assets.list` `securitycenter.assets.listAssetPropertyNames` `securitycenter.attackpaths.list` `securitycenter.bigQueryExports.get` `securitycenter.bigQueryExports.list` `securitycenter.complianceReports.aggregate` `securitycenter.compliancesnapshots.list` `securitycenter.containerthreatdetectionsettings.calculate` `securitycenter.containerthreatdetectionsettings.get` `securitycenter.effectivesecurityhealthanalyticscustommodules.` `securitycenter.effectivesecurityhealthanalyticscustommodules.get` `securitycenter.effectivesecurityhealthanalyticscustommodules.list` `securitycenter.eventthreatdetectionsettings.calculate` `securitycenter.eventthreatdetectionsettings.get` `securitycenter.exposurepathexplan.get` `securitycenter.findingexplanations.get` `securitycenter.findings.group` `securitycenter.findings.list` `securitycenter.findings.listFindingPropertyNames` `securitycenter.graphs.` `securitycenter.graphs.get` `securitycenter.graphs.query` `securitycenter.integratedvulnerabilityscannersettings.calculate` `securitycenter.integratedvulnerabilityscannersettings.get` `securitycenter.issues.get` `securitycenter.issues.group` `securitycenter.issues.list` `securitycenter.issues.listFilterValues` `securitycenter.muteconfigs.get` `securitycenter.muteconfigs.list` `securitycenter.notificationconfig.get` `securitycenter.notificationconfig.list` `securitycenter.organizationsettings.get` `securitycenter.rapidvulnerabilitydetectionsettings.calculate` `securitycenter.rapidvulnerabilitydetectionsettings.get` `securitycenter.resourcevalueconfigs.get` `securitycenter.resourcevalueconfigs.list` `securitycenter.securitycentersettings.get` `securitycenter.securityhealthanalyticscustommodules.get` `securitycenter.securityhealthanalyticscustommodules.list` `securitycenter.securityhealthanalyticscustommodules.simulate` `securitycenter.securityhealthanalyticscustommodules.test` `securitycenter.securityhealthanalyticssettings.calculate` `securitycenter.securityhealthanalyticssettings.get` `securitycenter.simulations.get` `securitycenter.sources.get` `securitycenter.sources.list` `securitycenter.subscription.get` `securitycenter.userinterfacemetadata.get` `securitycenter.valuedresources.list` `securitycenter.virtualmachinethreatdetectionsettings.calculate` `securitycenter.virtualmachinethreatdetectionsettings.get` `securitycenter.vulnerabilitysnapshots.list` `securitycenter.websecurityscannersettings.calculate` `securitycenter.websecurityscannersettings.get` `securitycentermanagement.billingMetadata.get` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.get` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.list` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list` `securitycentermanagement.eventThreatDetectionCustomModules.get` `securitycentermanagement.eventThreatDetectionCustomModules.list` `securitycentermanagement.eventThreatDetectionCustomModules.validate` `securitycentermanagement.locations.` `securitycentermanagement.locations.get` `securitycentermanagement.locations.list` `securitycentermanagement.operations.get` `securitycentermanagement.operations.list` `securitycentermanagement.securityCenter.get` `securitycentermanagement.securityCenterServices.get` `securitycentermanagement.securityCenterServices.list` `securitycentermanagement.securityCommandCenter.checkActivationOperation` `securitycentermanagement.securityCommandCenter.checkOnboardingStatus` `securitycentermanagement.securityCommandCenter.get` `securitycentermanagement.securityHealthAnalyticsCustomModules.get` `securitycentermanagement.securityHealthAnalyticsCustomModules.list` `securitycentermanagement.securityHealthAnalyticsCustomModules.simulate` `securitycentermanagement.securityHealthAnalyticsCustomModules.test` `securityposture.operations.get` `securityposture.postureDeployments.get` `securityposture.postureDeployments.list` `securityposture.postureTemplates.` `securityposture.postureTemplates.get` `securityposture.postureTemplates.list` `securityposture.postures.get` `securityposture.postures.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.*` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test` `stackdriver.projects.get` `stackdriver.resourceMetadata.list`
Security Center Asset Security Marks Writer (`roles/securitycenter.assetSecurityMarksWriter`) Write access to asset security marks Lowest-level resources where you can grant this role: Project	`securitycenter.assetsecuritymarks.update` `securitycenter.userinterfacemetadata.get`
Security Center Assets Discovery Runner (`roles/securitycenter.assetsDiscoveryRunner`) Run asset discovery access to assets Lowest-level resources where you can grant this role: Organization	`securitycenter.assets.runDiscovery` `securitycenter.userinterfacemetadata.get`
Security Center Assets Viewer (`roles/securitycenter.assetsViewer`) Read access to assets Lowest-level resources where you can grant this role: Project	`cloudasset.assets.exportIamPolicy` `cloudasset.assets.exportOSInventories` `cloudasset.assets.exportResource` `cloudasset.assets.queryAccessPolicy` `cloudasset.assets.queryIamPolicy` `cloudasset.assets.queryOSInventories` `cloudasset.assets.queryResource` `cloudasset.assets.searchAllIamPolicies` `cloudasset.assets.searchAllResources` `cloudasset.assets.searchEnrichmentResourceOwners` `cloudasset.othercloudconnections.get` `cloudasset.othercloudconnections.list` `cloudasset.othercloudconnections.verify` `resourcemanager.folders.get` `resourcemanager.organizations.get` `resourcemanager.projects.get` `securitycenter.assets.group` `securitycenter.assets.list` `securitycenter.assets.listAssetPropertyNames` `securitycenter.userinterfacemetadata.get`
Security Center Attack Paths Reader (`roles/securitycenter.attackPathsViewer`) Read access to security center attack paths	`securitycenter.attackpaths.list` `securitycenter.exposurepathexplan.get`
Security Center BigQuery Exports Editor (`roles/securitycenter.bigQueryExportsEditor`) Read-Write access to security center BigQuery Exports	`resourcemanager.folders.get` `resourcemanager.folders.list` `resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list` `securitycenter.bigQueryExports.*` `securitycenter.bigQueryExports.create` `securitycenter.bigQueryExports.delete` `securitycenter.bigQueryExports.get` `securitycenter.bigQueryExports.list` `securitycenter.bigQueryExports.update` `securitycenter.findings.export`
Security Center BigQuery Exports Viewer (`roles/securitycenter.bigQueryExportsViewer`) Read access to security center BigQuery Exports	`resourcemanager.folders.get` `resourcemanager.folders.list` `resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list` `securitycenter.bigQueryExports.get` `securitycenter.bigQueryExports.list`
Security Center Compliance Reports Viewer ^Beta (`roles/securitycenter.complianceReportsViewer`) Read access to security center compliance reports	`securitycenter.complianceReports.aggregate`
Security Center Compliance Snapshots Viewer ^Beta (`roles/securitycenter.complianceSnapshotsViewer`) Read access to security center compliance snapshots	`securitycenter.complianceReports.aggregate` `securitycenter.compliancesnapshots.list`
Security Center External Systems Editor (`roles/securitycenter.externalSystemsEditor`) Write access to security center external systems	`securitycenter.findingexternalsystems.update`
Security Center Finding Security Marks Writer (`roles/securitycenter.findingSecurityMarksWriter`) Write access to finding security marks Lowest-level resources where you can grant this role: Project	`securitycenter.findingsecuritymarks.update` `securitycenter.userinterfacemetadata.get`
Security Center Findings Bulk Mute Editor (`roles/securitycenter.findingsBulkMuteEditor`) Ability to mute findings in bulk	`securitycenter.findings.bulkMuteUpdate`
Security Center Findings Editor (`roles/securitycenter.findingsEditor`) Read-write access to findings Lowest-level resources where you can grant this role: Project	`resourcemanager.folders.get` `resourcemanager.organizations.get` `resourcemanager.projects.get` `securitycenter.complianceReports.aggregate` `securitycenter.compliancesnapshots.list` `securitycenter.findingexplanations.get` `securitycenter.findings.bulkMuteUpdate` `securitycenter.findings.group` `securitycenter.findings.list` `securitycenter.findings.listFindingPropertyNames` `securitycenter.findings.setMute` `securitycenter.findings.setState` `securitycenter.findings.update` `securitycenter.graphs.` `securitycenter.graphs.get` `securitycenter.graphs.query` `securitycenter.issues.` `securitycenter.issues.get` `securitycenter.issues.group` `securitycenter.issues.list` `securitycenter.issues.listFilterValues` `securitycenter.issues.mute` `securitycenter.sources.get` `securitycenter.sources.list` `securitycenter.userinterfacemetadata.get` `securitycenter.vulnerabilitysnapshots.list`
Security Center Findings Mute Setter (`roles/securitycenter.findingsMuteSetter`) Set mute access to findings	`securitycenter.findings.setMute`
Security Center Findings State Setter (`roles/securitycenter.findingsStateSetter`) Set state access to findings Lowest-level resources where you can grant this role: Project	`securitycenter.findings.setState` `securitycenter.userinterfacemetadata.get`
Security Center Findings Viewer (`roles/securitycenter.findingsViewer`) Read access to findings Lowest-level resources where you can grant this role: Project	`resourcemanager.folders.get` `resourcemanager.organizations.get` `resourcemanager.projects.get` `securitycenter.complianceReports.aggregate` `securitycenter.compliancesnapshots.list` `securitycenter.findingexplanations.get` `securitycenter.findings.group` `securitycenter.findings.list` `securitycenter.findings.listFindingPropertyNames` `securitycenter.graphs.*` `securitycenter.graphs.get` `securitycenter.graphs.query` `securitycenter.issues.get` `securitycenter.issues.group` `securitycenter.issues.list` `securitycenter.issues.listFilterValues` `securitycenter.sources.get` `securitycenter.sources.list` `securitycenter.userinterfacemetadata.get` `securitycenter.vulnerabilitysnapshots.list`
Security Center Findings Workflow State Setter ^Beta (`roles/securitycenter.findingsWorkflowStateSetter`) Set workflow state access to findings Lowest-level resources where you can grant this role: Project	`securitycenter.findings.setWorkflowState` `securitycenter.userinterfacemetadata.get`
Security Center Issues Editor (`roles/securitycenter.issuesEditor`) Write access to security center issues	`securitycenter.graphs.` `securitycenter.graphs.get` `securitycenter.graphs.query` `securitycenter.issues.` `securitycenter.issues.get` `securitycenter.issues.group` `securitycenter.issues.list` `securitycenter.issues.listFilterValues` `securitycenter.issues.mute`
Security Center Issues Viewer (`roles/securitycenter.issuesViewer`) Read access to security center issues	`securitycenter.graphs.*` `securitycenter.graphs.get` `securitycenter.graphs.query` `securitycenter.issues.get` `securitycenter.issues.group` `securitycenter.issues.list` `securitycenter.issues.listFilterValues`
Security Center Mute Configurations Editor (`roles/securitycenter.muteConfigsEditor`) Read-Write access to security center mute configurations	`securitycenter.muteconfigs.*` `securitycenter.muteconfigs.create` `securitycenter.muteconfigs.delete` `securitycenter.muteconfigs.get` `securitycenter.muteconfigs.list` `securitycenter.muteconfigs.update`
Security Center Mute Configurations Viewer (`roles/securitycenter.muteConfigsViewer`) Read access to security center mute configurations	`securitycenter.muteconfigs.get` `securitycenter.muteconfigs.list`
Security Center Notification Configurations Editor (`roles/securitycenter.notificationConfigEditor`) Write access to notification configurations Lowest-level resources where you can grant this role: Organization	`securitycenter.notificationconfig.*` `securitycenter.notificationconfig.create` `securitycenter.notificationconfig.delete` `securitycenter.notificationconfig.get` `securitycenter.notificationconfig.list` `securitycenter.notificationconfig.update` `securitycenter.userinterfacemetadata.get`
Security Center Notification Configurations Viewer (`roles/securitycenter.notificationConfigViewer`) Read access to notification configurations Lowest-level resources where you can grant this role: Organization	`securitycenter.notificationconfig.get` `securitycenter.notificationconfig.list` `securitycenter.userinterfacemetadata.get`
Security Center Resource Value Configurations Editor (`roles/securitycenter.resourceValueConfigsEditor`) Read-Write access to security center resource value configurations	`resourcemanager.tagValues.get` `securitycenter.resourcevalueconfigs.*` `securitycenter.resourcevalueconfigs.create` `securitycenter.resourcevalueconfigs.delete` `securitycenter.resourcevalueconfigs.get` `securitycenter.resourcevalueconfigs.list` `securitycenter.resourcevalueconfigs.update`
Security Center Resource Value Configurations Viewer (`roles/securitycenter.resourceValueConfigsViewer`) Read access to security center resource value configurations	`resourcemanager.tagValues.get` `securitycenter.resourcevalueconfigs.get` `securitycenter.resourcevalueconfigs.list`
Security Center Risk Reports Viewer (`roles/securitycenter.riskReportsViewer`) Read access to security center risk reports	`securitycenter.riskreports.*` `securitycenter.riskreports.get` `securitycenter.riskreports.list` `securitycenter.userinterfacemetadata.get`
Security Health Analytics Custom Modules Tester (`roles/securitycenter.securityHealthAnalyticsCustomModulesTester`) Test access to Security Health Analytics Custom Modules	`securitycenter.securityhealthanalyticscustommodules.simulate` `securitycenter.securityhealthanalyticscustommodules.test` `securitycentermanagement.securityHealthAnalyticsCustomModules.simulate` `securitycentermanagement.securityHealthAnalyticsCustomModules.test`
Security Center Settings Admin (`roles/securitycenter.settingsAdmin`) Admin(super user) access to security center settings Lowest-level resources where you can grant this role: Project	`resourcemanager.folders.get` `resourcemanager.folders.list` `resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list` `securitycenter.bigQueryExports.` `securitycenter.bigQueryExports.create` `securitycenter.bigQueryExports.delete` `securitycenter.bigQueryExports.get` `securitycenter.bigQueryExports.list` `securitycenter.bigQueryExports.update` `securitycenter.billingtier.update` `securitycenter.containerthreatdetectionsettings.` `securitycenter.containerthreatdetectionsettings.calculate` `securitycenter.containerthreatdetectionsettings.get` `securitycenter.containerthreatdetectionsettings.update` `securitycenter.effectivesecurityhealthanalyticscustommodules.` `securitycenter.effectivesecurityhealthanalyticscustommodules.get` `securitycenter.effectivesecurityhealthanalyticscustommodules.list` `securitycenter.eventthreatdetectionsettings.` `securitycenter.eventthreatdetectionsettings.calculate` `securitycenter.eventthreatdetectionsettings.get` `securitycenter.eventthreatdetectionsettings.update` `securitycenter.findings.export` `securitycenter.integratedvulnerabilityscannersettings.` `securitycenter.integratedvulnerabilityscannersettings.calculate` `securitycenter.integratedvulnerabilityscannersettings.get` `securitycenter.integratedvulnerabilityscannersettings.update` `securitycenter.muteconfigs.` `securitycenter.muteconfigs.create` `securitycenter.muteconfigs.delete` `securitycenter.muteconfigs.get` `securitycenter.muteconfigs.list` `securitycenter.muteconfigs.update` `securitycenter.notificationconfig.` `securitycenter.notificationconfig.create` `securitycenter.notificationconfig.delete` `securitycenter.notificationconfig.get` `securitycenter.notificationconfig.list` `securitycenter.notificationconfig.update` `securitycenter.organizationsettings.` `securitycenter.organizationsettings.get` `securitycenter.organizationsettings.update` `securitycenter.rapidvulnerabilitydetectionsettings.` `securitycenter.rapidvulnerabilitydetectionsettings.calculate` `securitycenter.rapidvulnerabilitydetectionsettings.get` `securitycenter.rapidvulnerabilitydetectionsettings.update` `securitycenter.securitycentersettings.` `securitycenter.securitycentersettings.get` `securitycenter.securitycentersettings.update` `securitycenter.securityhealthanalyticscustommodules.create` `securitycenter.securityhealthanalyticscustommodules.delete` `securitycenter.securityhealthanalyticscustommodules.get` `securitycenter.securityhealthanalyticscustommodules.list` `securitycenter.securityhealthanalyticscustommodules.update` `securitycenter.securityhealthanalyticssettings.` `securitycenter.securityhealthanalyticssettings.calculate` `securitycenter.securityhealthanalyticssettings.get` `securitycenter.securityhealthanalyticssettings.update` `securitycenter.subscription.get` `securitycenter.userinterfacemetadata.get` `securitycenter.virtualmachinethreatdetectionsettings.` `securitycenter.virtualmachinethreatdetectionsettings.calculate` `securitycenter.virtualmachinethreatdetectionsettings.get` `securitycenter.virtualmachinethreatdetectionsettings.update` `securitycenter.websecurityscannersettings.` `securitycenter.websecurityscannersettings.calculate` `securitycenter.websecurityscannersettings.get` `securitycenter.websecurityscannersettings.update` `securitycentermanagement.` `securitycentermanagement.billingMetadata.get` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.get` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.list` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list` `securitycentermanagement.eventThreatDetectionCustomModules.create` `securitycentermanagement.eventThreatDetectionCustomModules.delete` `securitycentermanagement.eventThreatDetectionCustomModules.get` `securitycentermanagement.eventThreatDetectionCustomModules.list` `securitycentermanagement.eventThreatDetectionCustomModules.update` `securitycentermanagement.eventThreatDetectionCustomModules.validate` `securitycentermanagement.locations.get` `securitycentermanagement.locations.list` `securitycentermanagement.operations.cancel` `securitycentermanagement.operations.delete` `securitycentermanagement.operations.get` `securitycentermanagement.operations.list` `securitycentermanagement.securityCenter.get` `securitycentermanagement.securityCenter.migrate` `securitycentermanagement.securityCenter.update` `securitycentermanagement.securityCenterServices.get` `securitycentermanagement.securityCenterServices.list` `securitycentermanagement.securityCenterServices.update` `securitycentermanagement.securityCommandCenter.activate` `securitycentermanagement.securityCommandCenter.checkActivationOperation` `securitycentermanagement.securityCommandCenter.checkEligibility` `securitycentermanagement.securityCommandCenter.checkOnboardingStatus` `securitycentermanagement.securityCommandCenter.generateServiceAccounts` `securitycentermanagement.securityCommandCenter.get` `securitycentermanagement.securityCommandCenter.update` `securitycentermanagement.securityHealthAnalyticsCustomModules.create` `securitycentermanagement.securityHealthAnalyticsCustomModules.delete` `securitycentermanagement.securityHealthAnalyticsCustomModules.get` `securitycentermanagement.securityHealthAnalyticsCustomModules.list` `securitycentermanagement.securityHealthAnalyticsCustomModules.simulate` `securitycentermanagement.securityHealthAnalyticsCustomModules.test` `securitycentermanagement.securityHealthAnalyticsCustomModules.update`
Security Center Settings Editor (`roles/securitycenter.settingsEditor`) Read-Write access to security center settings Lowest-level resources where you can grant this role: Project	`resourcemanager.folders.get` `resourcemanager.folders.list` `resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list` `securitycenter.bigQueryExports.` `securitycenter.bigQueryExports.create` `securitycenter.bigQueryExports.delete` `securitycenter.bigQueryExports.get` `securitycenter.bigQueryExports.list` `securitycenter.bigQueryExports.update` `securitycenter.billingtier.update` `securitycenter.containerthreatdetectionsettings.` `securitycenter.containerthreatdetectionsettings.calculate` `securitycenter.containerthreatdetectionsettings.get` `securitycenter.containerthreatdetectionsettings.update` `securitycenter.effectivesecurityhealthanalyticscustommodules.` `securitycenter.effectivesecurityhealthanalyticscustommodules.get` `securitycenter.effectivesecurityhealthanalyticscustommodules.list` `securitycenter.eventthreatdetectionsettings.` `securitycenter.eventthreatdetectionsettings.calculate` `securitycenter.eventthreatdetectionsettings.get` `securitycenter.eventthreatdetectionsettings.update` `securitycenter.findings.export` `securitycenter.integratedvulnerabilityscannersettings.` `securitycenter.integratedvulnerabilityscannersettings.calculate` `securitycenter.integratedvulnerabilityscannersettings.get` `securitycenter.integratedvulnerabilityscannersettings.update` `securitycenter.muteconfigs.` `securitycenter.muteconfigs.create` `securitycenter.muteconfigs.delete` `securitycenter.muteconfigs.get` `securitycenter.muteconfigs.list` `securitycenter.muteconfigs.update` `securitycenter.notificationconfig.` `securitycenter.notificationconfig.create` `securitycenter.notificationconfig.delete` `securitycenter.notificationconfig.get` `securitycenter.notificationconfig.list` `securitycenter.notificationconfig.update` `securitycenter.organizationsettings.` `securitycenter.organizationsettings.get` `securitycenter.organizationsettings.update` `securitycenter.rapidvulnerabilitydetectionsettings.` `securitycenter.rapidvulnerabilitydetectionsettings.calculate` `securitycenter.rapidvulnerabilitydetectionsettings.get` `securitycenter.rapidvulnerabilitydetectionsettings.update` `securitycenter.securitycentersettings.` `securitycenter.securitycentersettings.get` `securitycenter.securitycentersettings.update` `securitycenter.securityhealthanalyticscustommodules.create` `securitycenter.securityhealthanalyticscustommodules.delete` `securitycenter.securityhealthanalyticscustommodules.get` `securitycenter.securityhealthanalyticscustommodules.list` `securitycenter.securityhealthanalyticscustommodules.update` `securitycenter.securityhealthanalyticssettings.` `securitycenter.securityhealthanalyticssettings.calculate` `securitycenter.securityhealthanalyticssettings.get` `securitycenter.securityhealthanalyticssettings.update` `securitycenter.subscription.get` `securitycenter.userinterfacemetadata.get` `securitycenter.virtualmachinethreatdetectionsettings.` `securitycenter.virtualmachinethreatdetectionsettings.calculate` `securitycenter.virtualmachinethreatdetectionsettings.get` `securitycenter.virtualmachinethreatdetectionsettings.update` `securitycenter.websecurityscannersettings.` `securitycenter.websecurityscannersettings.calculate` `securitycenter.websecurityscannersettings.get` `securitycenter.websecurityscannersettings.update` `securitycentermanagement.` `securitycentermanagement.billingMetadata.get` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.get` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.list` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list` `securitycentermanagement.eventThreatDetectionCustomModules.create` `securitycentermanagement.eventThreatDetectionCustomModules.delete` `securitycentermanagement.eventThreatDetectionCustomModules.get` `securitycentermanagement.eventThreatDetectionCustomModules.list` `securitycentermanagement.eventThreatDetectionCustomModules.update` `securitycentermanagement.eventThreatDetectionCustomModules.validate` `securitycentermanagement.locations.get` `securitycentermanagement.locations.list` `securitycentermanagement.operations.cancel` `securitycentermanagement.operations.delete` `securitycentermanagement.operations.get` `securitycentermanagement.operations.list` `securitycentermanagement.securityCenter.get` `securitycentermanagement.securityCenter.migrate` `securitycentermanagement.securityCenter.update` `securitycentermanagement.securityCenterServices.get` `securitycentermanagement.securityCenterServices.list` `securitycentermanagement.securityCenterServices.update` `securitycentermanagement.securityCommandCenter.activate` `securitycentermanagement.securityCommandCenter.checkActivationOperation` `securitycentermanagement.securityCommandCenter.checkEligibility` `securitycentermanagement.securityCommandCenter.checkOnboardingStatus` `securitycentermanagement.securityCommandCenter.generateServiceAccounts` `securitycentermanagement.securityCommandCenter.get` `securitycentermanagement.securityCommandCenter.update` `securitycentermanagement.securityHealthAnalyticsCustomModules.create` `securitycentermanagement.securityHealthAnalyticsCustomModules.delete` `securitycentermanagement.securityHealthAnalyticsCustomModules.get` `securitycentermanagement.securityHealthAnalyticsCustomModules.list` `securitycentermanagement.securityHealthAnalyticsCustomModules.simulate` `securitycentermanagement.securityHealthAnalyticsCustomModules.test` `securitycentermanagement.securityHealthAnalyticsCustomModules.update`
Security Center Settings Viewer (`roles/securitycenter.settingsViewer`) Read access to security center settings Lowest-level resources where you can grant this role: Project	`resourcemanager.folders.get` `resourcemanager.folders.list` `resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list` `securitycenter.bigQueryExports.get` `securitycenter.bigQueryExports.list` `securitycenter.containerthreatdetectionsettings.calculate` `securitycenter.containerthreatdetectionsettings.get` `securitycenter.effectivesecurityhealthanalyticscustommodules.` `securitycenter.effectivesecurityhealthanalyticscustommodules.get` `securitycenter.effectivesecurityhealthanalyticscustommodules.list` `securitycenter.eventthreatdetectionsettings.calculate` `securitycenter.eventthreatdetectionsettings.get` `securitycenter.integratedvulnerabilityscannersettings.calculate` `securitycenter.integratedvulnerabilityscannersettings.get` `securitycenter.muteconfigs.get` `securitycenter.muteconfigs.list` `securitycenter.notificationconfig.get` `securitycenter.notificationconfig.list` `securitycenter.organizationsettings.get` `securitycenter.rapidvulnerabilitydetectionsettings.calculate` `securitycenter.rapidvulnerabilitydetectionsettings.get` `securitycenter.securitycentersettings.get` `securitycenter.securityhealthanalyticscustommodules.get` `securitycenter.securityhealthanalyticscustommodules.list` `securitycenter.securityhealthanalyticssettings.calculate` `securitycenter.securityhealthanalyticssettings.get` `securitycenter.subscription.get` `securitycenter.userinterfacemetadata.get` `securitycenter.virtualmachinethreatdetectionsettings.calculate` `securitycenter.virtualmachinethreatdetectionsettings.get` `securitycenter.websecurityscannersettings.calculate` `securitycenter.websecurityscannersettings.get` `securitycentermanagement.billingMetadata.get` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.get` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.list` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list` `securitycentermanagement.eventThreatDetectionCustomModules.get` `securitycentermanagement.eventThreatDetectionCustomModules.list` `securitycentermanagement.eventThreatDetectionCustomModules.validate` `securitycentermanagement.locations.` `securitycentermanagement.locations.get` `securitycentermanagement.locations.list` `securitycentermanagement.operations.get` `securitycentermanagement.operations.list` `securitycentermanagement.securityCenter.get` `securitycentermanagement.securityCenterServices.get` `securitycentermanagement.securityCenterServices.list` `securitycentermanagement.securityCommandCenter.checkActivationOperation` `securitycentermanagement.securityCommandCenter.checkOnboardingStatus` `securitycentermanagement.securityCommandCenter.get` `securitycentermanagement.securityHealthAnalyticsCustomModules.get` `securitycentermanagement.securityHealthAnalyticsCustomModules.list` `securitycentermanagement.securityHealthAnalyticsCustomModules.simulate` `securitycentermanagement.securityHealthAnalyticsCustomModules.test`
Security Center Simulations Reader (`roles/securitycenter.simulationsViewer`) Read access to security center simulations	`securitycenter.simulations.get`
Security Center Sources Admin (`roles/securitycenter.sourcesAdmin`) Admin access to sources Lowest-level resources where you can grant this role: Organization	`resourcemanager.organizations.get` `securitycenter.sources.*` `securitycenter.sources.get` `securitycenter.sources.getIamPolicy` `securitycenter.sources.list` `securitycenter.sources.setIamPolicy` `securitycenter.sources.update` `securitycenter.userinterfacemetadata.get`
Security Center Sources Editor (`roles/securitycenter.sourcesEditor`) Read-write access to sources Lowest-level resources where you can grant this role: Organization	`resourcemanager.organizations.get` `securitycenter.sources.get` `securitycenter.sources.list` `securitycenter.sources.update` `securitycenter.userinterfacemetadata.get`
Security Center Sources Viewer (`roles/securitycenter.sourcesViewer`) Read access to sources Lowest-level resources where you can grant this role: Project	`resourcemanager.organizations.get` `securitycenter.sources.get` `securitycenter.sources.list` `securitycenter.userinterfacemetadata.get`
Security Center Valued Resources Reader (`roles/securitycenter.valuedResourcesViewer`) Read access to security center valued resources	`securitycenter.valuedresources.list`

Security Center Admin

(roles/securitycenter.admin)

Admin(super user) access to security center

Lowest-level resources where you can grant this role:

Project

aiplatform.artifacts.get

aiplatform.artifacts.list

aiplatform.batchPredictionJobs.get

aiplatform.batchPredictionJobs.list

aiplatform.customJobs.get

aiplatform.customJobs.list

aiplatform.datasets.get

aiplatform.datasets.list

aiplatform.endpoints.get

aiplatform.endpoints.list

aiplatform.executions.get

aiplatform.executions.list

aiplatform.models.get

aiplatform.models.list

aiplatform.tuningJobs.get

aiplatform.tuningJobs.list

appengine.applications.get

artifactregistry.attachments.get

artifactregistry.attachments.list

artifactregistry.dockerimages.*

artifactregistry.dockerimages.get
artifactregistry.dockerimages.list

artifactregistry.files.download

artifactregistry.files.get

artifactregistry.files.list

artifactregistry.locations.*

artifactregistry.locations.get
artifactregistry.locations.list

artifactregistry.mavenartifacts.*

artifactregistry.mavenartifacts.get
artifactregistry.mavenartifacts.list

artifactregistry.npmpackages.*

artifactregistry.npmpackages.get
artifactregistry.npmpackages.list

artifactregistry.packages.get

artifactregistry.packages.list

artifactregistry.projectsettings.get

artifactregistry.pythonpackages.*

artifactregistry.pythonpackages.get
artifactregistry.pythonpackages.list

artifactregistry.repositories.create

artifactregistry.repositories.downloadArtifacts

artifactregistry.repositories.exportArtifacts

artifactregistry.repositories.get

artifactregistry.repositories.list

artifactregistry.repositories.listEffectiveTags

artifactregistry.repositories.listTagBindings

artifactregistry.repositories.readViaVirtualRepository

artifactregistry.rules.get

artifactregistry.rules.list

artifactregistry.tags.get

artifactregistry.tags.list

artifactregistry.versions.get

artifactregistry.versions.list

assuredoss.*

assuredoss.config.get
assuredoss.customers.create
assuredoss.locations.get
assuredoss.locations.list
assuredoss.metadata.get
assuredoss.metadata.list
assuredoss.operations.cancel
assuredoss.operations.delete
assuredoss.operations.get
assuredoss.operations.list

auditmanager.auditReports.*

auditmanager.auditReports.generate
auditmanager.auditReports.get
auditmanager.auditReports.list

auditmanager.auditScopeReports.generate

auditmanager.billingSettings.get

auditmanager.controlReports.*

auditmanager.controlReports.get
auditmanager.controlReports.list

auditmanager.controls.list

auditmanager.findings.list

auditmanager.locations.*

auditmanager.locations.enrollResource
auditmanager.locations.get
auditmanager.locations.list

auditmanager.operations.*

auditmanager.operations.get
auditmanager.operations.list

auditmanager.resourceEnrollmentStatuses.*

auditmanager.resourceEnrollmentStatuses.get
auditmanager.resourceEnrollmentStatuses.list

cloudasset.assets.exportAiplatformBatchPredictionJobs

cloudasset.assets.exportAiplatformCustomJobs

cloudasset.assets.exportAiplatformDataLabelingJobs

cloudasset.assets.exportAiplatformDatasets

cloudasset.assets.exportAiplatformEndpoints

cloudasset.assets.exportAiplatformHyperparameterTuningJobs

cloudasset.assets.exportAiplatformMetadataStores

cloudasset.assets.exportAiplatformModelDeploymentMonitoringJobs

cloudasset.assets.exportAiplatformModels

cloudasset.assets.exportAiplatformPipelineJobs

cloudasset.assets.exportAiplatformSpecialistPools

cloudasset.assets.exportAiplatformTrainingPipelines

cloudasset.assets.exportIamPolicy

cloudasset.assets.exportOSInventories

cloudasset.assets.exportResource

cloudasset.assets.queryAccessPolicy

cloudasset.assets.queryIamPolicy

cloudasset.assets.queryOSInventories

cloudasset.assets.queryResource

cloudasset.assets.searchAllIamPolicies

cloudasset.assets.searchAllResources

cloudasset.assets.searchEnrichmentResourceOwners

cloudasset.othercloudconnections.get

cloudasset.othercloudconnections.list

cloudasset.othercloudconnections.verify

cloudnotifications.activities.list

cloudsecuritycompliance.*

cloudsecuritycompliance.auditReports.generate
cloudsecuritycompliance.auditReports.get
cloudsecuritycompliance.auditReports.list
cloudsecuritycompliance.auditScopeReports.generate
cloudsecuritycompliance.billingSettings.get
cloudsecuritycompliance.cloudControlDeployments.create
cloudsecuritycompliance.cloudControlDeployments.delete
cloudsecuritycompliance.cloudControlDeployments.get
cloudsecuritycompliance.cloudControlDeployments.list
cloudsecuritycompliance.cloudControlDeployments.update
cloudsecuritycompliance.cloudControlPredictions.create
cloudsecuritycompliance.cloudControlPredictions.get
cloudsecuritycompliance.cloudControlPredictions.list
cloudsecuritycompliance.cloudControls.create
cloudsecuritycompliance.cloudControls.delete
cloudsecuritycompliance.cloudControls.get
cloudsecuritycompliance.cloudControls.list
cloudsecuritycompliance.cloudControls.update
cloudsecuritycompliance.cmEnrollments.get
cloudsecuritycompliance.cmEnrollments.update
cloudsecuritycompliance.controlComplianceSummaries.list
cloudsecuritycompliance.controlReports.get
cloudsecuritycompliance.controls.get
cloudsecuritycompliance.controls.list
cloudsecuritycompliance.findingSummaries.list
cloudsecuritycompliance.findings.list
cloudsecuritycompliance.frameworkAudits.create
cloudsecuritycompliance.frameworkAudits.get
cloudsecuritycompliance.frameworkAudits.list
cloudsecuritycompliance.frameworkComplianceReports.aggregate
cloudsecuritycompliance.frameworkComplianceReports.get
cloudsecuritycompliance.frameworkComplianceSummaries.list
cloudsecuritycompliance.frameworkDeployments.create
cloudsecuritycompliance.frameworkDeployments.delete
cloudsecuritycompliance.frameworkDeployments.get
cloudsecuritycompliance.frameworkDeployments.list
cloudsecuritycompliance.frameworkDeployments.update
cloudsecuritycompliance.frameworks.create
cloudsecuritycompliance.frameworks.delete
cloudsecuritycompliance.frameworks.get
cloudsecuritycompliance.frameworks.list
cloudsecuritycompliance.frameworks.update
cloudsecuritycompliance.locations.enrollResource
cloudsecuritycompliance.locations.get
cloudsecuritycompliance.locations.list
cloudsecuritycompliance.operations.cancel
cloudsecuritycompliance.operations.delete
cloudsecuritycompliance.operations.get
cloudsecuritycompliance.operations.list
cloudsecuritycompliance.resourceEnrollmentStatuses.get
cloudsecuritycompliance.resourceEnrollmentStatuses.list

cloudsecurityscanner.*

cloudsecurityscanner.crawledurls.list
cloudsecurityscanner.results.get
cloudsecurityscanner.results.list
cloudsecurityscanner.scanruns.get
cloudsecurityscanner.scanruns.getSummary
cloudsecurityscanner.scanruns.list
cloudsecurityscanner.scanruns.stop
cloudsecurityscanner.scans.create
cloudsecurityscanner.scans.delete
cloudsecurityscanner.scans.get
cloudsecurityscanner.scans.list
cloudsecurityscanner.scans.run
cloudsecurityscanner.scans.update

compute.addresses.list

dlp.*

dlp.analyzeRiskTemplates.create
dlp.analyzeRiskTemplates.delete
dlp.analyzeRiskTemplates.get
dlp.analyzeRiskTemplates.list
dlp.analyzeRiskTemplates.update
dlp.charts.get
dlp.columnDataProfiles.get
dlp.columnDataProfiles.list
dlp.connections.create
dlp.connections.delete
dlp.connections.get
dlp.connections.list
dlp.connections.search
dlp.connections.update
dlp.deidentifyTemplates.create
dlp.deidentifyTemplates.delete
dlp.deidentifyTemplates.get
dlp.deidentifyTemplates.list
dlp.deidentifyTemplates.update
dlp.estimates.cancel
dlp.estimates.create
dlp.estimates.delete
dlp.estimates.get
dlp.estimates.list
dlp.fileStoreProfiles.delete
dlp.fileStoreProfiles.get
dlp.fileStoreProfiles.list
dlp.inspectFindings.list
dlp.inspectTemplates.create
dlp.inspectTemplates.delete
dlp.inspectTemplates.get
dlp.inspectTemplates.list
dlp.inspectTemplates.update
dlp.jobTriggers.create
dlp.jobTriggers.delete
dlp.jobTriggers.get
dlp.jobTriggers.hybridInspect
dlp.jobTriggers.list
dlp.jobTriggers.update
dlp.jobs.cancel
dlp.jobs.create
dlp.jobs.delete
dlp.jobs.get
dlp.jobs.hybridInspect
dlp.jobs.list
dlp.kms.encrypt
dlp.locations.get
dlp.locations.list
dlp.projectDataProfiles.get
dlp.projectDataProfiles.list
dlp.storedInfoTypes.create
dlp.storedInfoTypes.delete
dlp.storedInfoTypes.get
dlp.storedInfoTypes.list
dlp.storedInfoTypes.update
dlp.subscriptions.cancel
dlp.subscriptions.create
dlp.subscriptions.get
dlp.subscriptions.list
dlp.subscriptions.update
dlp.tableDataProfiles.delete
dlp.tableDataProfiles.get
dlp.tableDataProfiles.list

dspm.*

dspm.locations.computeAggregation
dspm.locations.fetchDataGovernanceAnalytics
dspm.locations.fetchDspmGovernedProjects
dspm.locations.fetchGovernedResourceMetrics
dspm.locations.fetchLineageConnections
dspm.locations.get
dspm.locations.list
dspm.operations.cancel
dspm.operations.delete
dspm.operations.get
dspm.operations.list

iam.serviceAccountKeys.create

iam.serviceAccounts.create

iam.serviceAccounts.get

modelarmor.floorSettings.*

modelarmor.floorSettings.computeEffectiveFloorSetting
modelarmor.floorSettings.get
modelarmor.floorSettings.update

modelarmor.locations.*

modelarmor.locations.get
modelarmor.locations.list

modelarmor.templates.*

modelarmor.templates.create
modelarmor.templates.delete
modelarmor.templates.get
modelarmor.templates.list
modelarmor.templates.update
modelarmor.templates.useToSanitizeInput
modelarmor.templates.useToSanitizeModelResponse
modelarmor.templates.useToSanitizeOutput
modelarmor.templates.useToSanitizeUserPrompt

monitoring.alertPolicies.get

monitoring.alertPolicies.list

monitoring.alertPolicies.listEffectiveTags

monitoring.alertPolicies.listTagBindings

monitoring.alerts.*

monitoring.alerts.get
monitoring.alerts.list

monitoring.dashboards.get

monitoring.dashboards.list

monitoring.dashboards.listEffectiveTags

monitoring.dashboards.listTagBindings

monitoring.groups.get

monitoring.groups.list

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

monitoring.monitoredResourceDescriptors.get
monitoring.monitoredResourceDescriptors.list

monitoring.notificationChannelDescriptors.*

monitoring.notificationChannelDescriptors.get
monitoring.notificationChannelDescriptors.list

monitoring.notificationChannels.get

monitoring.notificationChannels.list

monitoring.services.get

monitoring.services.list

monitoring.slos.get

monitoring.slos.list

monitoring.snoozes.get

monitoring.snoozes.list

monitoring.timeSeries.list

monitoring.uptimeCheckConfigs.get

monitoring.uptimeCheckConfigs.list

opsconfigmonitoring.resourceMetadata.list

pubsub.messageTransforms.validate

pubsub.schemas.get

pubsub.schemas.list

pubsub.schemas.listRevisions

pubsub.schemas.validate

pubsub.snapshots.get

pubsub.snapshots.list

pubsub.snapshots.listEffectiveTags

pubsub.snapshots.listTagBindings

pubsub.subscriptions.create

pubsub.subscriptions.get

pubsub.subscriptions.list

pubsub.subscriptions.listEffectiveTags

pubsub.subscriptions.listTagBindings

pubsub.subscriptions.update

pubsub.topics.get

pubsub.topics.list

pubsub.topics.listEffectiveTags

pubsub.topics.listTagBindings

resourcemanager.folders.get

resourcemanager.folders.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

resourcemanager.tagValues.get

securitycenter.*

securitycenter.assets.group
securitycenter.assets.list
securitycenter.assets.listAssetPropertyNames
securitycenter.assets.runDiscovery
securitycenter.assetsecuritymarks.update
securitycenter.attackpaths.list
securitycenter.bigQueryExports.create
securitycenter.bigQueryExports.delete
securitycenter.bigQueryExports.get
securitycenter.bigQueryExports.list
securitycenter.bigQueryExports.update
securitycenter.billingtier.update
securitycenter.complianceReports.aggregate
securitycenter.compliancesnapshots.list
securitycenter.containerthreatdetectionsettings.calculate
securitycenter.containerthreatdetectionsettings.get
securitycenter.containerthreatdetectionsettings.update
securitycenter.effectivesecurityhealthanalyticscustommodules.get
securitycenter.effectivesecurityhealthanalyticscustommodules.list
securitycenter.eventthreatdetectionsettings.calculate
securitycenter.eventthreatdetectionsettings.get
securitycenter.eventthreatdetectionsettings.update
securitycenter.exposurepathexplan.get
securitycenter.findingexplanations.get
securitycenter.findingexternalsystems.update
securitycenter.findings.bulkMuteUpdate
securitycenter.findings.export
securitycenter.findings.group
securitycenter.findings.list
securitycenter.findings.listFindingPropertyNames
securitycenter.findings.setMute
securitycenter.findings.setState
securitycenter.findings.setWorkflowState
securitycenter.findings.update
securitycenter.findingsecuritymarks.update
securitycenter.graphs.get
securitycenter.graphs.query
securitycenter.integratedvulnerabilityscannersettings.calculate
securitycenter.integratedvulnerabilityscannersettings.get
securitycenter.integratedvulnerabilityscannersettings.update
securitycenter.issues.get
securitycenter.issues.group
securitycenter.issues.list
securitycenter.issues.listFilterValues
securitycenter.issues.mute
securitycenter.muteconfigs.create
securitycenter.muteconfigs.delete
securitycenter.muteconfigs.get
securitycenter.muteconfigs.list
securitycenter.muteconfigs.update
securitycenter.notificationconfig.create
securitycenter.notificationconfig.delete
securitycenter.notificationconfig.get
securitycenter.notificationconfig.list
securitycenter.notificationconfig.update
securitycenter.organizationsettings.get
securitycenter.organizationsettings.update
securitycenter.rapidvulnerabilitydetectionsettings.calculate
securitycenter.rapidvulnerabilitydetectionsettings.get
securitycenter.rapidvulnerabilitydetectionsettings.update
securitycenter.resourcevalueconfigs.create
securitycenter.resourcevalueconfigs.delete
securitycenter.resourcevalueconfigs.get
securitycenter.resourcevalueconfigs.list
securitycenter.resourcevalueconfigs.update
securitycenter.riskreports.get
securitycenter.riskreports.list
securitycenter.securitycentersettings.get
securitycenter.securitycentersettings.update
securitycenter.securityhealthanalyticscustommodules.create
securitycenter.securityhealthanalyticscustommodules.delete
securitycenter.securityhealthanalyticscustommodules.get
securitycenter.securityhealthanalyticscustommodules.list
securitycenter.securityhealthanalyticscustommodules.simulate
securitycenter.securityhealthanalyticscustommodules.test
securitycenter.securityhealthanalyticscustommodules.update
securitycenter.securityhealthanalyticssettings.calculate
securitycenter.securityhealthanalyticssettings.get
securitycenter.securityhealthanalyticssettings.update
securitycenter.simulations.get
securitycenter.sources.get
securitycenter.sources.getIamPolicy
securitycenter.sources.list
securitycenter.sources.setIamPolicy
securitycenter.sources.update
securitycenter.subscription.get
securitycenter.userinterfacemetadata.get
securitycenter.valuedresources.list
securitycenter.virtualmachinethreatdetectionsettings.calculate
securitycenter.virtualmachinethreatdetectionsettings.get
securitycenter.virtualmachinethreatdetectionsettings.update
securitycenter.vulnerabilitysnapshots.list
securitycenter.websecurityscannersettings.calculate
securitycenter.websecurityscannersettings.get
securitycenter.websecurityscannersettings.update

securitycentermanagement.*

securitycentermanagement.billingMetadata.get
securitycentermanagement.effectiveEventThreatDetectionCustomModules.get
securitycentermanagement.effectiveEventThreatDetectionCustomModules.list
securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get
securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list
securitycentermanagement.eventThreatDetectionCustomModules.create
securitycentermanagement.eventThreatDetectionCustomModules.delete
securitycentermanagement.eventThreatDetectionCustomModules.get
securitycentermanagement.eventThreatDetectionCustomModules.list
securitycentermanagement.eventThreatDetectionCustomModules.update
securitycentermanagement.eventThreatDetectionCustomModules.validate
securitycentermanagement.locations.get
securitycentermanagement.locations.list
securitycentermanagement.operations.cancel
securitycentermanagement.operations.delete
securitycentermanagement.operations.get
securitycentermanagement.operations.list
securitycentermanagement.securityCenter.get
securitycentermanagement.securityCenter.migrate
securitycentermanagement.securityCenter.update
securitycentermanagement.securityCenterServices.get
securitycentermanagement.securityCenterServices.list
securitycentermanagement.securityCenterServices.update
securitycentermanagement.securityCommandCenter.activate
securitycentermanagement.securityCommandCenter.checkActivationOperation
securitycentermanagement.securityCommandCenter.checkEligibility
securitycentermanagement.securityCommandCenter.checkOnboardingStatus
securitycentermanagement.securityCommandCenter.generateServiceAccounts
securitycentermanagement.securityCommandCenter.get
securitycentermanagement.securityCommandCenter.update
securitycentermanagement.securityHealthAnalyticsCustomModules.create
securitycentermanagement.securityHealthAnalyticsCustomModules.delete
securitycentermanagement.securityHealthAnalyticsCustomModules.get
securitycentermanagement.securityHealthAnalyticsCustomModules.list
securitycentermanagement.securityHealthAnalyticsCustomModules.simulate
securitycentermanagement.securityHealthAnalyticsCustomModules.test
securitycentermanagement.securityHealthAnalyticsCustomModules.update

securityposture.operations.get

securityposture.postureDeployments.get

securityposture.postureDeployments.list

securityposture.postureTemplates.*

securityposture.postureTemplates.get
securityposture.postureTemplates.list

securityposture.postures.get

securityposture.postures.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.enable

serviceusage.services.get

serviceusage.services.list

serviceusage.services.use

serviceusage.values.test

stackdriver.projects.get

stackdriver.resourceMetadata.list

Security Center Admin Editor

(roles/securitycenter.adminEditor)

Admin Read-write access to security center

Lowest-level resources where you can grant this role:

Project

aiplatform.artifacts.get

aiplatform.artifacts.list

aiplatform.batchPredictionJobs.get

aiplatform.batchPredictionJobs.list

aiplatform.customJobs.get

aiplatform.customJobs.list

aiplatform.datasets.get

aiplatform.datasets.list

aiplatform.endpoints.get

aiplatform.endpoints.list

aiplatform.executions.get

aiplatform.executions.list

aiplatform.models.get

aiplatform.models.list

aiplatform.tuningJobs.get

aiplatform.tuningJobs.list

appengine.applications.get

artifactregistry.attachments.get

artifactregistry.attachments.list

artifactregistry.dockerimages.*

artifactregistry.dockerimages.get
artifactregistry.dockerimages.list

artifactregistry.files.download

artifactregistry.files.get

artifactregistry.files.list

artifactregistry.locations.*

artifactregistry.locations.get
artifactregistry.locations.list

artifactregistry.mavenartifacts.*

artifactregistry.mavenartifacts.get
artifactregistry.mavenartifacts.list

artifactregistry.npmpackages.*

artifactregistry.npmpackages.get
artifactregistry.npmpackages.list

artifactregistry.packages.get

artifactregistry.packages.list

artifactregistry.projectsettings.get

artifactregistry.pythonpackages.*

artifactregistry.pythonpackages.get
artifactregistry.pythonpackages.list

artifactregistry.repositories.downloadArtifacts

artifactregistry.repositories.exportArtifacts

artifactregistry.repositories.get

artifactregistry.repositories.list

artifactregistry.repositories.listEffectiveTags

artifactregistry.repositories.listTagBindings

artifactregistry.repositories.readViaVirtualRepository

artifactregistry.rules.get

artifactregistry.rules.list

artifactregistry.tags.get

artifactregistry.tags.list

artifactregistry.versions.get

artifactregistry.versions.list

assuredoss.config.get

assuredoss.locations.*

assuredoss.locations.get
assuredoss.locations.list

assuredoss.metadata.*

assuredoss.metadata.get
assuredoss.metadata.list

assuredoss.operations.get

assuredoss.operations.list

auditmanager.auditReports.get

auditmanager.auditReports.list

auditmanager.billingSettings.get

auditmanager.controlReports.*

auditmanager.controlReports.get
auditmanager.controlReports.list

auditmanager.controls.list

auditmanager.findings.list

auditmanager.locations.get

auditmanager.locations.list

auditmanager.operations.*

auditmanager.operations.get
auditmanager.operations.list

auditmanager.resourceEnrollmentStatuses.*

auditmanager.resourceEnrollmentStatuses.get
auditmanager.resourceEnrollmentStatuses.list

cloudasset.assets.exportAiplatformBatchPredictionJobs

cloudasset.assets.exportAiplatformCustomJobs

cloudasset.assets.exportAiplatformDataLabelingJobs

cloudasset.assets.exportAiplatformDatasets

cloudasset.assets.exportAiplatformEndpoints

cloudasset.assets.exportAiplatformHyperparameterTuningJobs

cloudasset.assets.exportAiplatformMetadataStores

cloudasset.assets.exportAiplatformModelDeploymentMonitoringJobs

cloudasset.assets.exportAiplatformModels

cloudasset.assets.exportAiplatformPipelineJobs

cloudasset.assets.exportAiplatformSpecialistPools

cloudasset.assets.exportAiplatformTrainingPipelines

cloudasset.assets.exportIamPolicy

cloudasset.assets.exportOSInventories

cloudasset.assets.exportResource

cloudasset.assets.queryAccessPolicy

cloudasset.assets.queryIamPolicy

cloudasset.assets.queryOSInventories

cloudasset.assets.queryResource

cloudasset.assets.searchAllIamPolicies

cloudasset.assets.searchAllResources

cloudasset.assets.searchEnrichmentResourceOwners

cloudasset.othercloudconnections.get

cloudasset.othercloudconnections.list

cloudasset.othercloudconnections.verify

cloudnotifications.activities.list

cloudsecuritycompliance.auditReports.get

cloudsecuritycompliance.auditReports.list

cloudsecuritycompliance.billingSettings.get

cloudsecuritycompliance.cloudControlDeployments.get

cloudsecuritycompliance.cloudControlDeployments.list

cloudsecuritycompliance.cloudControlPredictions.get

cloudsecuritycompliance.cloudControlPredictions.list

cloudsecuritycompliance.cloudControls.get

cloudsecuritycompliance.cloudControls.list

cloudsecuritycompliance.cmEnrollments.get

cloudsecuritycompliance.controlComplianceSummaries.list

cloudsecuritycompliance.controlReports.get

cloudsecuritycompliance.controls.*

cloudsecuritycompliance.controls.get
cloudsecuritycompliance.controls.list

cloudsecuritycompliance.findingSummaries.list

cloudsecuritycompliance.findings.list

cloudsecuritycompliance.frameworkAudits.get

cloudsecuritycompliance.frameworkAudits.list

cloudsecuritycompliance.frameworkComplianceReports.*

cloudsecuritycompliance.frameworkComplianceReports.aggregate
cloudsecuritycompliance.frameworkComplianceReports.get

cloudsecuritycompliance.frameworkComplianceSummaries.list

cloudsecuritycompliance.frameworkDeployments.get

cloudsecuritycompliance.frameworkDeployments.list

cloudsecuritycompliance.frameworks.get

cloudsecuritycompliance.frameworks.list

cloudsecuritycompliance.locations.get

cloudsecuritycompliance.locations.list

cloudsecuritycompliance.operations.get

cloudsecuritycompliance.operations.list

cloudsecuritycompliance.resourceEnrollmentStatuses.*

cloudsecuritycompliance.resourceEnrollmentStatuses.get
cloudsecuritycompliance.resourceEnrollmentStatuses.list

cloudsecurityscanner.*

cloudsecurityscanner.crawledurls.list
cloudsecurityscanner.results.get
cloudsecurityscanner.results.list
cloudsecurityscanner.scanruns.get
cloudsecurityscanner.scanruns.getSummary
cloudsecurityscanner.scanruns.list
cloudsecurityscanner.scanruns.stop
cloudsecurityscanner.scans.create
cloudsecurityscanner.scans.delete
cloudsecurityscanner.scans.get
cloudsecurityscanner.scans.list
cloudsecurityscanner.scans.run
cloudsecurityscanner.scans.update

compute.addresses.list

dlp.charts.get

dlp.columnDataProfiles.*

dlp.columnDataProfiles.get
dlp.columnDataProfiles.list

dlp.fileStoreProfiles.get

dlp.fileStoreProfiles.list

dlp.projectDataProfiles.*

dlp.projectDataProfiles.get
dlp.projectDataProfiles.list

dlp.tableDataProfiles.get

dlp.tableDataProfiles.list

dspm.locations.*

dspm.locations.computeAggregation
dspm.locations.fetchDataGovernanceAnalytics
dspm.locations.fetchDspmGovernedProjects
dspm.locations.fetchGovernedResourceMetrics
dspm.locations.fetchLineageConnections
dspm.locations.get
dspm.locations.list

dspm.operations.get

dspm.operations.list

monitoring.alertPolicies.get

monitoring.alertPolicies.list

monitoring.alertPolicies.listEffectiveTags

monitoring.alertPolicies.listTagBindings

monitoring.alerts.*

monitoring.alerts.get
monitoring.alerts.list

monitoring.dashboards.get

monitoring.dashboards.list

monitoring.dashboards.listEffectiveTags

monitoring.dashboards.listTagBindings

monitoring.groups.get

monitoring.groups.list

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

monitoring.monitoredResourceDescriptors.get
monitoring.monitoredResourceDescriptors.list

monitoring.notificationChannelDescriptors.*

monitoring.notificationChannelDescriptors.get
monitoring.notificationChannelDescriptors.list

monitoring.notificationChannels.get

monitoring.notificationChannels.list

monitoring.services.get

monitoring.services.list

monitoring.slos.get

monitoring.slos.list

monitoring.snoozes.get

monitoring.snoozes.list

monitoring.timeSeries.list

monitoring.uptimeCheckConfigs.get

monitoring.uptimeCheckConfigs.list

opsconfigmonitoring.resourceMetadata.list

pubsub.messageTransforms.validate

pubsub.schemas.get

pubsub.schemas.list

pubsub.schemas.listRevisions

pubsub.schemas.validate

pubsub.snapshots.get

pubsub.snapshots.list

pubsub.snapshots.listEffectiveTags

pubsub.snapshots.listTagBindings

pubsub.subscriptions.get

pubsub.subscriptions.list

pubsub.subscriptions.listEffectiveTags

pubsub.subscriptions.listTagBindings

pubsub.topics.get

pubsub.topics.list

pubsub.topics.listEffectiveTags

pubsub.topics.listTagBindings

resourcemanager.folders.get

resourcemanager.folders.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

resourcemanager.tagValues.get

securitycenter.assets.*

securitycenter.assets.group
securitycenter.assets.list
securitycenter.assets.listAssetPropertyNames
securitycenter.assets.runDiscovery

securitycenter.assetsecuritymarks.update

securitycenter.attackpaths.list

securitycenter.bigQueryExports.*

securitycenter.bigQueryExports.create
securitycenter.bigQueryExports.delete
securitycenter.bigQueryExports.get
securitycenter.bigQueryExports.list
securitycenter.bigQueryExports.update

securitycenter.complianceReports.aggregate

securitycenter.compliancesnapshots.list

securitycenter.containerthreatdetectionsettings.calculate

securitycenter.containerthreatdetectionsettings.get

securitycenter.effectivesecurityhealthanalyticscustommodules.*

securitycenter.effectivesecurityhealthanalyticscustommodules.get
securitycenter.effectivesecurityhealthanalyticscustommodules.list

securitycenter.eventthreatdetectionsettings.calculate

securitycenter.eventthreatdetectionsettings.get

securitycenter.exposurepathexplan.get

securitycenter.findingexplanations.get

securitycenter.findingexternalsystems.update

securitycenter.findings.*

securitycenter.findings.bulkMuteUpdate
securitycenter.findings.export
securitycenter.findings.group
securitycenter.findings.list
securitycenter.findings.listFindingPropertyNames
securitycenter.findings.setMute
securitycenter.findings.setState
securitycenter.findings.setWorkflowState
securitycenter.findings.update

securitycenter.findingsecuritymarks.update

securitycenter.graphs.*

securitycenter.graphs.get
securitycenter.graphs.query

securitycenter.integratedvulnerabilityscannersettings.calculate

securitycenter.integratedvulnerabilityscannersettings.get

securitycenter.issues.*

securitycenter.issues.get
securitycenter.issues.group
securitycenter.issues.list
securitycenter.issues.listFilterValues
securitycenter.issues.mute

securitycenter.muteconfigs.*

securitycenter.muteconfigs.create
securitycenter.muteconfigs.delete
securitycenter.muteconfigs.get
securitycenter.muteconfigs.list
securitycenter.muteconfigs.update

securitycenter.notificationconfig.*

securitycenter.notificationconfig.create
securitycenter.notificationconfig.delete
securitycenter.notificationconfig.get
securitycenter.notificationconfig.list
securitycenter.notificationconfig.update

securitycenter.organizationsettings.get

securitycenter.rapidvulnerabilitydetectionsettings.calculate

securitycenter.rapidvulnerabilitydetectionsettings.get

securitycenter.resourcevalueconfigs.*

securitycenter.resourcevalueconfigs.create
securitycenter.resourcevalueconfigs.delete
securitycenter.resourcevalueconfigs.get
securitycenter.resourcevalueconfigs.list
securitycenter.resourcevalueconfigs.update

securitycenter.securitycentersettings.get

securitycenter.securityhealthanalyticscustommodules.get

securitycenter.securityhealthanalyticscustommodules.list

securitycenter.securityhealthanalyticscustommodules.simulate

securitycenter.securityhealthanalyticscustommodules.test

securitycenter.securityhealthanalyticssettings.calculate

securitycenter.securityhealthanalyticssettings.get

securitycenter.simulations.get

securitycenter.sources.get

securitycenter.sources.list

securitycenter.sources.update

securitycenter.subscription.get

securitycenter.userinterfacemetadata.get

securitycenter.valuedresources.list

securitycenter.virtualmachinethreatdetectionsettings.calculate

securitycenter.virtualmachinethreatdetectionsettings.get

securitycenter.vulnerabilitysnapshots.list

securitycenter.websecurityscannersettings.calculate

securitycenter.websecurityscannersettings.get

securitycentermanagement.billingMetadata.get

securitycentermanagement.effectiveEventThreatDetectionCustomModules.*

securitycentermanagement.effectiveEventThreatDetectionCustomModules.get
securitycentermanagement.effectiveEventThreatDetectionCustomModules.list

securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.*

securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get
securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list

securitycentermanagement.eventThreatDetectionCustomModules.get

securitycentermanagement.eventThreatDetectionCustomModules.list

securitycentermanagement.eventThreatDetectionCustomModules.validate

securitycentermanagement.locations.*

securitycentermanagement.locations.get
securitycentermanagement.locations.list

securitycentermanagement.operations.get

securitycentermanagement.operations.list

securitycentermanagement.securityCenter.get

securitycentermanagement.securityCenterServices.get

securitycentermanagement.securityCenterServices.list

securitycentermanagement.securityCommandCenter.checkActivationOperation

securitycentermanagement.securityCommandCenter.checkOnboardingStatus

securitycentermanagement.securityCommandCenter.generateServiceAccounts

securitycentermanagement.securityCommandCenter.get

securitycentermanagement.securityCommandCenter.update

securitycentermanagement.securityHealthAnalyticsCustomModules.get

securitycentermanagement.securityHealthAnalyticsCustomModules.list

securitycentermanagement.securityHealthAnalyticsCustomModules.simulate

securitycentermanagement.securityHealthAnalyticsCustomModules.test

securityposture.operations.get

securityposture.postureDeployments.get

securityposture.postureDeployments.list

securityposture.postureTemplates.*

securityposture.postureTemplates.get
securityposture.postureTemplates.list

securityposture.postures.get

securityposture.postures.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

stackdriver.projects.get

stackdriver.resourceMetadata.list

Security Center Admin Viewer

(roles/securitycenter.adminViewer)

Admin Read access to security center

Lowest-level resources where you can grant this role:

Project

aiplatform.artifacts.get

aiplatform.artifacts.list

aiplatform.batchPredictionJobs.get

aiplatform.batchPredictionJobs.list

aiplatform.customJobs.get

aiplatform.customJobs.list

aiplatform.datasets.get

aiplatform.datasets.list

aiplatform.endpoints.get

aiplatform.endpoints.list

aiplatform.executions.get

aiplatform.executions.list

aiplatform.models.get

aiplatform.models.list

aiplatform.tuningJobs.get

aiplatform.tuningJobs.list

artifactregistry.attachments.get

artifactregistry.attachments.list

artifactregistry.dockerimages.*

artifactregistry.dockerimages.get
artifactregistry.dockerimages.list

artifactregistry.files.download

artifactregistry.files.get

artifactregistry.files.list

artifactregistry.locations.*

artifactregistry.locations.get
artifactregistry.locations.list

artifactregistry.mavenartifacts.*

artifactregistry.mavenartifacts.get
artifactregistry.mavenartifacts.list

artifactregistry.npmpackages.*

artifactregistry.npmpackages.get
artifactregistry.npmpackages.list

artifactregistry.packages.get

artifactregistry.packages.list

artifactregistry.projectsettings.get

artifactregistry.pythonpackages.*

artifactregistry.pythonpackages.get
artifactregistry.pythonpackages.list

artifactregistry.repositories.downloadArtifacts

artifactregistry.repositories.exportArtifacts

artifactregistry.repositories.get

artifactregistry.repositories.list

artifactregistry.repositories.listEffectiveTags

artifactregistry.repositories.listTagBindings

artifactregistry.repositories.readViaVirtualRepository

artifactregistry.rules.get

artifactregistry.rules.list

artifactregistry.tags.get

artifactregistry.tags.list

artifactregistry.versions.get

artifactregistry.versions.list

assuredoss.config.get

assuredoss.locations.*

assuredoss.locations.get
assuredoss.locations.list

assuredoss.metadata.*

assuredoss.metadata.get
assuredoss.metadata.list

assuredoss.operations.get

assuredoss.operations.list

auditmanager.auditReports.get

auditmanager.auditReports.list

auditmanager.billingSettings.get

auditmanager.controlReports.*

auditmanager.controlReports.get
auditmanager.controlReports.list

auditmanager.controls.list

auditmanager.findings.list

auditmanager.locations.get

auditmanager.locations.list

auditmanager.operations.*

auditmanager.operations.get
auditmanager.operations.list

auditmanager.resourceEnrollmentStatuses.*

auditmanager.resourceEnrollmentStatuses.get
auditmanager.resourceEnrollmentStatuses.list

cloudasset.assets.exportAiplatformBatchPredictionJobs

cloudasset.assets.exportAiplatformCustomJobs

cloudasset.assets.exportAiplatformDataLabelingJobs

cloudasset.assets.exportAiplatformDatasets

cloudasset.assets.exportAiplatformEndpoints

cloudasset.assets.exportAiplatformHyperparameterTuningJobs

cloudasset.assets.exportAiplatformMetadataStores

cloudasset.assets.exportAiplatformModelDeploymentMonitoringJobs

cloudasset.assets.exportAiplatformModels

cloudasset.assets.exportAiplatformPipelineJobs

cloudasset.assets.exportAiplatformSpecialistPools

cloudasset.assets.exportAiplatformTrainingPipelines

cloudasset.assets.exportIamPolicy

cloudasset.assets.exportOSInventories

cloudasset.assets.exportResource

cloudasset.assets.queryAccessPolicy

cloudasset.assets.queryIamPolicy

cloudasset.assets.queryOSInventories

cloudasset.assets.queryResource

cloudasset.assets.searchAllIamPolicies

cloudasset.assets.searchAllResources

cloudasset.assets.searchEnrichmentResourceOwners

cloudasset.othercloudconnections.get

cloudasset.othercloudconnections.list

cloudasset.othercloudconnections.verify

cloudnotifications.activities.list

cloudsecuritycompliance.auditReports.get

cloudsecuritycompliance.auditReports.list

cloudsecuritycompliance.billingSettings.get

cloudsecuritycompliance.cloudControlDeployments.get

cloudsecuritycompliance.cloudControlDeployments.list

cloudsecuritycompliance.cloudControlPredictions.get

cloudsecuritycompliance.cloudControlPredictions.list

cloudsecuritycompliance.cloudControls.get

cloudsecuritycompliance.cloudControls.list

cloudsecuritycompliance.cmEnrollments.get

cloudsecuritycompliance.controlComplianceSummaries.list

cloudsecuritycompliance.controlReports.get

cloudsecuritycompliance.controls.*

cloudsecuritycompliance.controls.get
cloudsecuritycompliance.controls.list

cloudsecuritycompliance.findingSummaries.list

cloudsecuritycompliance.findings.list

cloudsecuritycompliance.frameworkAudits.get

cloudsecuritycompliance.frameworkAudits.list

cloudsecuritycompliance.frameworkComplianceReports.*

cloudsecuritycompliance.frameworkComplianceReports.aggregate
cloudsecuritycompliance.frameworkComplianceReports.get

cloudsecuritycompliance.frameworkComplianceSummaries.list

cloudsecuritycompliance.frameworkDeployments.get

cloudsecuritycompliance.frameworkDeployments.list

cloudsecuritycompliance.frameworks.get

cloudsecuritycompliance.frameworks.list

cloudsecuritycompliance.locations.get

cloudsecuritycompliance.locations.list

cloudsecuritycompliance.operations.get

cloudsecuritycompliance.operations.list

cloudsecuritycompliance.resourceEnrollmentStatuses.*

cloudsecuritycompliance.resourceEnrollmentStatuses.get
cloudsecuritycompliance.resourceEnrollmentStatuses.list

cloudsecurityscanner.crawledurls.list

cloudsecurityscanner.results.*

cloudsecurityscanner.results.get
cloudsecurityscanner.results.list

cloudsecurityscanner.scanruns.get

cloudsecurityscanner.scanruns.getSummary

cloudsecurityscanner.scanruns.list

cloudsecurityscanner.scans.get

cloudsecurityscanner.scans.list

dlp.charts.get

dlp.columnDataProfiles.*

dlp.columnDataProfiles.get
dlp.columnDataProfiles.list

dlp.fileStoreProfiles.get

dlp.fileStoreProfiles.list

dlp.projectDataProfiles.*

dlp.projectDataProfiles.get
dlp.projectDataProfiles.list

dlp.tableDataProfiles.get

dlp.tableDataProfiles.list

dspm.locations.*

dspm.locations.computeAggregation
dspm.locations.fetchDataGovernanceAnalytics
dspm.locations.fetchDspmGovernedProjects
dspm.locations.fetchGovernedResourceMetrics
dspm.locations.fetchLineageConnections
dspm.locations.get
dspm.locations.list

dspm.operations.get

dspm.operations.list

monitoring.alertPolicies.get

monitoring.alertPolicies.list

monitoring.alertPolicies.listEffectiveTags

monitoring.alertPolicies.listTagBindings

monitoring.alerts.*

monitoring.alerts.get
monitoring.alerts.list

monitoring.dashboards.get

monitoring.dashboards.list

monitoring.dashboards.listEffectiveTags

monitoring.dashboards.listTagBindings

monitoring.groups.get

monitoring.groups.list

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

monitoring.monitoredResourceDescriptors.get
monitoring.monitoredResourceDescriptors.list

monitoring.notificationChannelDescriptors.*

monitoring.notificationChannelDescriptors.get
monitoring.notificationChannelDescriptors.list

monitoring.notificationChannels.get

monitoring.notificationChannels.list

monitoring.services.get

monitoring.services.list

monitoring.slos.get

monitoring.slos.list

monitoring.snoozes.get

monitoring.snoozes.list

monitoring.timeSeries.list

monitoring.uptimeCheckConfigs.get

monitoring.uptimeCheckConfigs.list

opsconfigmonitoring.resourceMetadata.list

pubsub.messageTransforms.validate

pubsub.schemas.get

pubsub.schemas.list

pubsub.schemas.listRevisions

pubsub.schemas.validate

pubsub.snapshots.get

pubsub.snapshots.list

pubsub.snapshots.listEffectiveTags

pubsub.snapshots.listTagBindings

pubsub.subscriptions.get

pubsub.subscriptions.list

pubsub.subscriptions.listEffectiveTags

pubsub.subscriptions.listTagBindings

pubsub.topics.get

pubsub.topics.list

pubsub.topics.listEffectiveTags

pubsub.topics.listTagBindings

resourcemanager.folders.get

resourcemanager.folders.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

resourcemanager.tagValues.get

securitycenter.assets.group

securitycenter.assets.list

securitycenter.assets.listAssetPropertyNames

securitycenter.attackpaths.list

securitycenter.bigQueryExports.get

securitycenter.bigQueryExports.list

securitycenter.complianceReports.aggregate

securitycenter.compliancesnapshots.list

securitycenter.containerthreatdetectionsettings.calculate

securitycenter.containerthreatdetectionsettings.get

securitycenter.effectivesecurityhealthanalyticscustommodules.*

securitycenter.effectivesecurityhealthanalyticscustommodules.get
securitycenter.effectivesecurityhealthanalyticscustommodules.list

securitycenter.eventthreatdetectionsettings.calculate

securitycenter.eventthreatdetectionsettings.get

securitycenter.exposurepathexplan.get

securitycenter.findingexplanations.get

securitycenter.findings.group

securitycenter.findings.list

securitycenter.findings.listFindingPropertyNames

securitycenter.graphs.*

securitycenter.graphs.get
securitycenter.graphs.query

securitycenter.integratedvulnerabilityscannersettings.calculate

securitycenter.integratedvulnerabilityscannersettings.get

securitycenter.issues.get

securitycenter.issues.group

securitycenter.issues.list

securitycenter.issues.listFilterValues

securitycenter.muteconfigs.get

securitycenter.muteconfigs.list

securitycenter.notificationconfig.get

securitycenter.notificationconfig.list

securitycenter.organizationsettings.get

securitycenter.rapidvulnerabilitydetectionsettings.calculate

securitycenter.rapidvulnerabilitydetectionsettings.get

securitycenter.resourcevalueconfigs.get

securitycenter.resourcevalueconfigs.list

securitycenter.securitycentersettings.get

securitycenter.securityhealthanalyticscustommodules.get

securitycenter.securityhealthanalyticscustommodules.list

securitycenter.securityhealthanalyticscustommodules.simulate

securitycenter.securityhealthanalyticscustommodules.test

securitycenter.securityhealthanalyticssettings.calculate

securitycenter.securityhealthanalyticssettings.get

securitycenter.simulations.get

securitycenter.sources.get

securitycenter.sources.list

securitycenter.subscription.get

securitycenter.userinterfacemetadata.get

securitycenter.valuedresources.list

securitycenter.virtualmachinethreatdetectionsettings.calculate

securitycenter.virtualmachinethreatdetectionsettings.get

securitycenter.vulnerabilitysnapshots.list

securitycenter.websecurityscannersettings.calculate

securitycenter.websecurityscannersettings.get

securitycentermanagement.billingMetadata.get

securitycentermanagement.effectiveEventThreatDetectionCustomModules.*

securitycentermanagement.effectiveEventThreatDetectionCustomModules.get
securitycentermanagement.effectiveEventThreatDetectionCustomModules.list

securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.*

securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get
securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list

securitycentermanagement.eventThreatDetectionCustomModules.get

securitycentermanagement.eventThreatDetectionCustomModules.list

securitycentermanagement.eventThreatDetectionCustomModules.validate

securitycentermanagement.locations.*

securitycentermanagement.locations.get
securitycentermanagement.locations.list

securitycentermanagement.operations.get

securitycentermanagement.operations.list

securitycentermanagement.securityCenter.get

securitycentermanagement.securityCenterServices.get

securitycentermanagement.securityCenterServices.list

securitycentermanagement.securityCommandCenter.checkActivationOperation

securitycentermanagement.securityCommandCenter.checkOnboardingStatus

securitycentermanagement.securityCommandCenter.get

securitycentermanagement.securityHealthAnalyticsCustomModules.get

securitycentermanagement.securityHealthAnalyticsCustomModules.list

securitycentermanagement.securityHealthAnalyticsCustomModules.simulate

securitycentermanagement.securityHealthAnalyticsCustomModules.test

securityposture.operations.get

securityposture.postureDeployments.get

securityposture.postureDeployments.list

securityposture.postureTemplates.*

securityposture.postureTemplates.get
securityposture.postureTemplates.list

securityposture.postures.get

securityposture.postures.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

stackdriver.projects.get

stackdriver.resourceMetadata.list

Security Center Asset Security Marks Writer

(roles/securitycenter.assetSecurityMarksWriter)

Write access to asset security marks

Lowest-level resources where you can grant this role:

Project

securitycenter.assetsecuritymarks.update

securitycenter.userinterfacemetadata.get

Security Center Assets Discovery Runner

(roles/securitycenter.assetsDiscoveryRunner)

Run asset discovery access to assets

Lowest-level resources where you can grant this role:

Organization

securitycenter.assets.runDiscovery

securitycenter.userinterfacemetadata.get

Security Center Assets Viewer

(roles/securitycenter.assetsViewer)

Read access to assets

Lowest-level resources where you can grant this role:

Project

cloudasset.assets.exportIamPolicy

cloudasset.assets.exportOSInventories

cloudasset.assets.exportResource

cloudasset.assets.queryAccessPolicy

cloudasset.assets.queryIamPolicy

cloudasset.assets.queryOSInventories

cloudasset.assets.queryResource

cloudasset.assets.searchAllIamPolicies

cloudasset.assets.searchAllResources

cloudasset.assets.searchEnrichmentResourceOwners

cloudasset.othercloudconnections.get

cloudasset.othercloudconnections.list

cloudasset.othercloudconnections.verify

resourcemanager.folders.get

resourcemanager.organizations.get

resourcemanager.projects.get

securitycenter.assets.group

securitycenter.assets.list

securitycenter.assets.listAssetPropertyNames

securitycenter.userinterfacemetadata.get

Security Center Attack Paths Reader

(roles/securitycenter.attackPathsViewer)

Read access to security center attack paths

securitycenter.attackpaths.list

securitycenter.exposurepathexplan.get

Security Center BigQuery Exports Editor

(roles/securitycenter.bigQueryExportsEditor)

Read-Write access to security center BigQuery Exports

resourcemanager.folders.get

resourcemanager.folders.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

securitycenter.bigQueryExports.*

securitycenter.bigQueryExports.create
securitycenter.bigQueryExports.delete
securitycenter.bigQueryExports.get
securitycenter.bigQueryExports.list
securitycenter.bigQueryExports.update

securitycenter.findings.export

Security Center BigQuery Exports Viewer

(roles/securitycenter.bigQueryExportsViewer)

Read access to security center BigQuery Exports

resourcemanager.folders.get

resourcemanager.folders.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

securitycenter.bigQueryExports.get

securitycenter.bigQueryExports.list

Security Center Compliance Reports Viewer ^Beta

(roles/securitycenter.complianceReportsViewer)

Read access to security center compliance reports

securitycenter.complianceReports.aggregate

Security Center Compliance Snapshots Viewer ^Beta

(roles/securitycenter.complianceSnapshotsViewer)

Read access to security center compliance snapshots

securitycenter.complianceReports.aggregate

securitycenter.compliancesnapshots.list

Security Center External Systems Editor

(roles/securitycenter.externalSystemsEditor)

Write access to security center external systems

securitycenter.findingexternalsystems.update

Security Center Finding Security Marks Writer

(roles/securitycenter.findingSecurityMarksWriter)

Write access to finding security marks

Lowest-level resources where you can grant this role:

Project

securitycenter.findingsecuritymarks.update

securitycenter.userinterfacemetadata.get

Security Center Findings Bulk Mute Editor

(roles/securitycenter.findingsBulkMuteEditor)

Ability to mute findings in bulk

securitycenter.findings.bulkMuteUpdate

Security Center Findings Editor

(roles/securitycenter.findingsEditor)

Read-write access to findings

Lowest-level resources where you can grant this role:

Project

resourcemanager.folders.get

resourcemanager.organizations.get

resourcemanager.projects.get

securitycenter.complianceReports.aggregate

securitycenter.compliancesnapshots.list

securitycenter.findingexplanations.get

securitycenter.findings.bulkMuteUpdate

securitycenter.findings.group

securitycenter.findings.list

securitycenter.findings.listFindingPropertyNames

securitycenter.findings.setMute

securitycenter.findings.setState

securitycenter.findings.update

securitycenter.graphs.*

securitycenter.graphs.get
securitycenter.graphs.query

securitycenter.issues.*

securitycenter.issues.get
securitycenter.issues.group
securitycenter.issues.list
securitycenter.issues.listFilterValues
securitycenter.issues.mute

securitycenter.sources.get

securitycenter.sources.list

securitycenter.userinterfacemetadata.get

securitycenter.vulnerabilitysnapshots.list

Security Center Findings Mute Setter

(roles/securitycenter.findingsMuteSetter)

Set mute access to findings

securitycenter.findings.setMute

Security Center Findings State Setter

(roles/securitycenter.findingsStateSetter)

Set state access to findings

Lowest-level resources where you can grant this role:

Project

securitycenter.findings.setState

securitycenter.userinterfacemetadata.get

Security Center Findings Viewer

(roles/securitycenter.findingsViewer)

Read access to findings

Lowest-level resources where you can grant this role:

Project

resourcemanager.folders.get

resourcemanager.organizations.get

resourcemanager.projects.get

securitycenter.complianceReports.aggregate

securitycenter.compliancesnapshots.list

securitycenter.findingexplanations.get

securitycenter.findings.group

securitycenter.findings.list

securitycenter.findings.listFindingPropertyNames

securitycenter.graphs.*

securitycenter.graphs.get
securitycenter.graphs.query

securitycenter.issues.get

securitycenter.issues.group

securitycenter.issues.list

securitycenter.issues.listFilterValues

securitycenter.sources.get

securitycenter.sources.list

securitycenter.userinterfacemetadata.get

securitycenter.vulnerabilitysnapshots.list

Security Center Findings Workflow State Setter ^Beta

(roles/securitycenter.findingsWorkflowStateSetter)

Set workflow state access to findings

Lowest-level resources where you can grant this role:

Project

securitycenter.findings.setWorkflowState

securitycenter.userinterfacemetadata.get

Security Center Issues Editor

(roles/securitycenter.issuesEditor)

Write access to security center issues

securitycenter.graphs.*

securitycenter.graphs.get
securitycenter.graphs.query

securitycenter.issues.*

securitycenter.issues.get
securitycenter.issues.group
securitycenter.issues.list
securitycenter.issues.listFilterValues
securitycenter.issues.mute

Security Center Issues Viewer

(roles/securitycenter.issuesViewer)

Read access to security center issues

securitycenter.graphs.*

securitycenter.graphs.get
securitycenter.graphs.query

securitycenter.issues.get

securitycenter.issues.group

securitycenter.issues.list

securitycenter.issues.listFilterValues

Security Center Mute Configurations Editor

(roles/securitycenter.muteConfigsEditor)

Read-Write access to security center mute configurations

securitycenter.muteconfigs.*

securitycenter.muteconfigs.create
securitycenter.muteconfigs.delete
securitycenter.muteconfigs.get
securitycenter.muteconfigs.list
securitycenter.muteconfigs.update

Security Center Mute Configurations Viewer

(roles/securitycenter.muteConfigsViewer)

Read access to security center mute configurations

securitycenter.muteconfigs.get

securitycenter.muteconfigs.list

Security Center Notification Configurations Editor

(roles/securitycenter.notificationConfigEditor)

Write access to notification configurations

Lowest-level resources where you can grant this role:

Organization

securitycenter.notificationconfig.*

securitycenter.notificationconfig.create
securitycenter.notificationconfig.delete
securitycenter.notificationconfig.get
securitycenter.notificationconfig.list
securitycenter.notificationconfig.update

securitycenter.userinterfacemetadata.get

Security Center Notification Configurations Viewer

(roles/securitycenter.notificationConfigViewer)

Read access to notification configurations

Lowest-level resources where you can grant this role:

Organization

securitycenter.notificationconfig.get

securitycenter.notificationconfig.list

securitycenter.userinterfacemetadata.get

Security Center Resource Value Configurations Editor

(roles/securitycenter.resourceValueConfigsEditor)

Read-Write access to security center resource value configurations

resourcemanager.tagValues.get

securitycenter.resourcevalueconfigs.*

securitycenter.resourcevalueconfigs.create
securitycenter.resourcevalueconfigs.delete
securitycenter.resourcevalueconfigs.get
securitycenter.resourcevalueconfigs.list
securitycenter.resourcevalueconfigs.update

Security Center Resource Value Configurations Viewer

(roles/securitycenter.resourceValueConfigsViewer)

Read access to security center resource value configurations

resourcemanager.tagValues.get

securitycenter.resourcevalueconfigs.get

securitycenter.resourcevalueconfigs.list

Security Center Risk Reports Viewer

(roles/securitycenter.riskReportsViewer)

Read access to security center risk reports

securitycenter.riskreports.*

securitycenter.riskreports.get
securitycenter.riskreports.list

securitycenter.userinterfacemetadata.get

Security Health Analytics Custom Modules Tester

(roles/securitycenter.securityHealthAnalyticsCustomModulesTester)

Test access to Security Health Analytics Custom Modules

securitycenter.securityhealthanalyticscustommodules.simulate

securitycenter.securityhealthanalyticscustommodules.test

securitycentermanagement.securityHealthAnalyticsCustomModules.simulate

securitycentermanagement.securityHealthAnalyticsCustomModules.test

Security Center Settings Admin

(roles/securitycenter.settingsAdmin)

Admin(super user) access to security center settings

Lowest-level resources where you can grant this role:

Project

resourcemanager.folders.get

resourcemanager.folders.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

securitycenter.bigQueryExports.*

securitycenter.bigQueryExports.create
securitycenter.bigQueryExports.delete
securitycenter.bigQueryExports.get
securitycenter.bigQueryExports.list
securitycenter.bigQueryExports.update

securitycenter.billingtier.update

securitycenter.containerthreatdetectionsettings.*

securitycenter.containerthreatdetectionsettings.calculate
securitycenter.containerthreatdetectionsettings.get
securitycenter.containerthreatdetectionsettings.update

securitycenter.effectivesecurityhealthanalyticscustommodules.*

securitycenter.effectivesecurityhealthanalyticscustommodules.get
securitycenter.effectivesecurityhealthanalyticscustommodules.list

securitycenter.eventthreatdetectionsettings.*

securitycenter.eventthreatdetectionsettings.calculate
securitycenter.eventthreatdetectionsettings.get
securitycenter.eventthreatdetectionsettings.update

securitycenter.findings.export

securitycenter.integratedvulnerabilityscannersettings.*

securitycenter.integratedvulnerabilityscannersettings.calculate
securitycenter.integratedvulnerabilityscannersettings.get
securitycenter.integratedvulnerabilityscannersettings.update

securitycenter.muteconfigs.*

securitycenter.muteconfigs.create
securitycenter.muteconfigs.delete
securitycenter.muteconfigs.get
securitycenter.muteconfigs.list
securitycenter.muteconfigs.update

securitycenter.notificationconfig.*

securitycenter.notificationconfig.create
securitycenter.notificationconfig.delete
securitycenter.notificationconfig.get
securitycenter.notificationconfig.list
securitycenter.notificationconfig.update

securitycenter.organizationsettings.*

securitycenter.organizationsettings.get
securitycenter.organizationsettings.update

securitycenter.rapidvulnerabilitydetectionsettings.*

securitycenter.rapidvulnerabilitydetectionsettings.calculate
securitycenter.rapidvulnerabilitydetectionsettings.get
securitycenter.rapidvulnerabilitydetectionsettings.update

securitycenter.securitycentersettings.*

securitycenter.securitycentersettings.get
securitycenter.securitycentersettings.update

securitycenter.securityhealthanalyticscustommodules.create

securitycenter.securityhealthanalyticscustommodules.delete

securitycenter.securityhealthanalyticscustommodules.get

securitycenter.securityhealthanalyticscustommodules.list

securitycenter.securityhealthanalyticscustommodules.update

securitycenter.securityhealthanalyticssettings.*

securitycenter.securityhealthanalyticssettings.calculate
securitycenter.securityhealthanalyticssettings.get
securitycenter.securityhealthanalyticssettings.update

securitycenter.subscription.get

securitycenter.userinterfacemetadata.get

securitycenter.virtualmachinethreatdetectionsettings.*

securitycenter.virtualmachinethreatdetectionsettings.calculate
securitycenter.virtualmachinethreatdetectionsettings.get
securitycenter.virtualmachinethreatdetectionsettings.update

securitycenter.websecurityscannersettings.*

securitycenter.websecurityscannersettings.calculate
securitycenter.websecurityscannersettings.get
securitycenter.websecurityscannersettings.update

securitycentermanagement.*

securitycentermanagement.billingMetadata.get
securitycentermanagement.effectiveEventThreatDetectionCustomModules.get
securitycentermanagement.effectiveEventThreatDetectionCustomModules.list
securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get
securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list
securitycentermanagement.eventThreatDetectionCustomModules.create
securitycentermanagement.eventThreatDetectionCustomModules.delete
securitycentermanagement.eventThreatDetectionCustomModules.get
securitycentermanagement.eventThreatDetectionCustomModules.list
securitycentermanagement.eventThreatDetectionCustomModules.update
securitycentermanagement.eventThreatDetectionCustomModules.validate
securitycentermanagement.locations.get
securitycentermanagement.locations.list
securitycentermanagement.operations.cancel
securitycentermanagement.operations.delete
securitycentermanagement.operations.get
securitycentermanagement.operations.list
securitycentermanagement.securityCenter.get
securitycentermanagement.securityCenter.migrate
securitycentermanagement.securityCenter.update
securitycentermanagement.securityCenterServices.get
securitycentermanagement.securityCenterServices.list
securitycentermanagement.securityCenterServices.update
securitycentermanagement.securityCommandCenter.activate
securitycentermanagement.securityCommandCenter.checkActivationOperation
securitycentermanagement.securityCommandCenter.checkEligibility
securitycentermanagement.securityCommandCenter.checkOnboardingStatus
securitycentermanagement.securityCommandCenter.generateServiceAccounts
securitycentermanagement.securityCommandCenter.get
securitycentermanagement.securityCommandCenter.update
securitycentermanagement.securityHealthAnalyticsCustomModules.create
securitycentermanagement.securityHealthAnalyticsCustomModules.delete
securitycentermanagement.securityHealthAnalyticsCustomModules.get
securitycentermanagement.securityHealthAnalyticsCustomModules.list
securitycentermanagement.securityHealthAnalyticsCustomModules.simulate
securitycentermanagement.securityHealthAnalyticsCustomModules.test
securitycentermanagement.securityHealthAnalyticsCustomModules.update

Security Center Settings Editor

(roles/securitycenter.settingsEditor)

Read-Write access to security center settings

Lowest-level resources where you can grant this role:

Project

resourcemanager.folders.get

resourcemanager.folders.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

securitycenter.bigQueryExports.*

securitycenter.bigQueryExports.create
securitycenter.bigQueryExports.delete
securitycenter.bigQueryExports.get
securitycenter.bigQueryExports.list
securitycenter.bigQueryExports.update

securitycenter.billingtier.update

securitycenter.containerthreatdetectionsettings.*

securitycenter.containerthreatdetectionsettings.calculate
securitycenter.containerthreatdetectionsettings.get
securitycenter.containerthreatdetectionsettings.update

securitycenter.effectivesecurityhealthanalyticscustommodules.*

securitycenter.effectivesecurityhealthanalyticscustommodules.get
securitycenter.effectivesecurityhealthanalyticscustommodules.list

securitycenter.eventthreatdetectionsettings.*

securitycenter.eventthreatdetectionsettings.calculate
securitycenter.eventthreatdetectionsettings.get
securitycenter.eventthreatdetectionsettings.update

securitycenter.findings.export

securitycenter.integratedvulnerabilityscannersettings.*

securitycenter.integratedvulnerabilityscannersettings.calculate
securitycenter.integratedvulnerabilityscannersettings.get
securitycenter.integratedvulnerabilityscannersettings.update

securitycenter.muteconfigs.*

securitycenter.muteconfigs.create
securitycenter.muteconfigs.delete
securitycenter.muteconfigs.get
securitycenter.muteconfigs.list
securitycenter.muteconfigs.update

securitycenter.notificationconfig.*

securitycenter.notificationconfig.create
securitycenter.notificationconfig.delete
securitycenter.notificationconfig.get
securitycenter.notificationconfig.list
securitycenter.notificationconfig.update

securitycenter.organizationsettings.*

securitycenter.organizationsettings.get
securitycenter.organizationsettings.update

securitycenter.rapidvulnerabilitydetectionsettings.*

securitycenter.rapidvulnerabilitydetectionsettings.calculate
securitycenter.rapidvulnerabilitydetectionsettings.get
securitycenter.rapidvulnerabilitydetectionsettings.update

securitycenter.securitycentersettings.*

securitycenter.securitycentersettings.get
securitycenter.securitycentersettings.update

securitycenter.securityhealthanalyticscustommodules.create

securitycenter.securityhealthanalyticscustommodules.delete

securitycenter.securityhealthanalyticscustommodules.get

securitycenter.securityhealthanalyticscustommodules.list

securitycenter.securityhealthanalyticscustommodules.update

securitycenter.securityhealthanalyticssettings.*

securitycenter.securityhealthanalyticssettings.calculate
securitycenter.securityhealthanalyticssettings.get
securitycenter.securityhealthanalyticssettings.update

securitycenter.subscription.get

securitycenter.userinterfacemetadata.get

securitycenter.virtualmachinethreatdetectionsettings.*

securitycenter.virtualmachinethreatdetectionsettings.calculate
securitycenter.virtualmachinethreatdetectionsettings.get
securitycenter.virtualmachinethreatdetectionsettings.update

securitycenter.websecurityscannersettings.*

securitycenter.websecurityscannersettings.calculate
securitycenter.websecurityscannersettings.get
securitycenter.websecurityscannersettings.update

securitycentermanagement.*

securitycentermanagement.billingMetadata.get
securitycentermanagement.effectiveEventThreatDetectionCustomModules.get
securitycentermanagement.effectiveEventThreatDetectionCustomModules.list
securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get
securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list
securitycentermanagement.eventThreatDetectionCustomModules.create
securitycentermanagement.eventThreatDetectionCustomModules.delete
securitycentermanagement.eventThreatDetectionCustomModules.get
securitycentermanagement.eventThreatDetectionCustomModules.list
securitycentermanagement.eventThreatDetectionCustomModules.update
securitycentermanagement.eventThreatDetectionCustomModules.validate
securitycentermanagement.locations.get
securitycentermanagement.locations.list
securitycentermanagement.operations.cancel
securitycentermanagement.operations.delete
securitycentermanagement.operations.get
securitycentermanagement.operations.list
securitycentermanagement.securityCenter.get
securitycentermanagement.securityCenter.migrate
securitycentermanagement.securityCenter.update
securitycentermanagement.securityCenterServices.get
securitycentermanagement.securityCenterServices.list
securitycentermanagement.securityCenterServices.update
securitycentermanagement.securityCommandCenter.activate
securitycentermanagement.securityCommandCenter.checkActivationOperation
securitycentermanagement.securityCommandCenter.checkEligibility
securitycentermanagement.securityCommandCenter.checkOnboardingStatus
securitycentermanagement.securityCommandCenter.generateServiceAccounts
securitycentermanagement.securityCommandCenter.get
securitycentermanagement.securityCommandCenter.update
securitycentermanagement.securityHealthAnalyticsCustomModules.create
securitycentermanagement.securityHealthAnalyticsCustomModules.delete
securitycentermanagement.securityHealthAnalyticsCustomModules.get
securitycentermanagement.securityHealthAnalyticsCustomModules.list
securitycentermanagement.securityHealthAnalyticsCustomModules.simulate
securitycentermanagement.securityHealthAnalyticsCustomModules.test
securitycentermanagement.securityHealthAnalyticsCustomModules.update

Security Center Settings Viewer

(roles/securitycenter.settingsViewer)

Read access to security center settings

Lowest-level resources where you can grant this role:

Project

resourcemanager.folders.get

resourcemanager.folders.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

securitycenter.bigQueryExports.get

securitycenter.bigQueryExports.list

securitycenter.containerthreatdetectionsettings.calculate

securitycenter.containerthreatdetectionsettings.get

securitycenter.effectivesecurityhealthanalyticscustommodules.*

securitycenter.effectivesecurityhealthanalyticscustommodules.get
securitycenter.effectivesecurityhealthanalyticscustommodules.list

securitycenter.eventthreatdetectionsettings.calculate

securitycenter.eventthreatdetectionsettings.get

securitycenter.integratedvulnerabilityscannersettings.calculate

securitycenter.integratedvulnerabilityscannersettings.get

securitycenter.muteconfigs.get

securitycenter.muteconfigs.list

securitycenter.notificationconfig.get

securitycenter.notificationconfig.list

securitycenter.organizationsettings.get

securitycenter.rapidvulnerabilitydetectionsettings.calculate

securitycenter.rapidvulnerabilitydetectionsettings.get

securitycenter.securitycentersettings.get

securitycenter.securityhealthanalyticscustommodules.get

securitycenter.securityhealthanalyticscustommodules.list

securitycenter.securityhealthanalyticssettings.calculate

securitycenter.securityhealthanalyticssettings.get

securitycenter.subscription.get

securitycenter.userinterfacemetadata.get

securitycenter.virtualmachinethreatdetectionsettings.calculate

securitycenter.virtualmachinethreatdetectionsettings.get

securitycenter.websecurityscannersettings.calculate

securitycenter.websecurityscannersettings.get

securitycentermanagement.billingMetadata.get

securitycentermanagement.effectiveEventThreatDetectionCustomModules.*

securitycentermanagement.effectiveEventThreatDetectionCustomModules.get
securitycentermanagement.effectiveEventThreatDetectionCustomModules.list

securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.*

securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get
securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list

securitycentermanagement.eventThreatDetectionCustomModules.get

securitycentermanagement.eventThreatDetectionCustomModules.list

securitycentermanagement.eventThreatDetectionCustomModules.validate

securitycentermanagement.locations.*

securitycentermanagement.locations.get
securitycentermanagement.locations.list

securitycentermanagement.operations.get

securitycentermanagement.operations.list

securitycentermanagement.securityCenter.get

securitycentermanagement.securityCenterServices.get

securitycentermanagement.securityCenterServices.list

securitycentermanagement.securityCommandCenter.checkActivationOperation

securitycentermanagement.securityCommandCenter.checkOnboardingStatus

securitycentermanagement.securityCommandCenter.get

securitycentermanagement.securityHealthAnalyticsCustomModules.get

securitycentermanagement.securityHealthAnalyticsCustomModules.list

securitycentermanagement.securityHealthAnalyticsCustomModules.simulate

securitycentermanagement.securityHealthAnalyticsCustomModules.test

Security Center Simulations Reader

(roles/securitycenter.simulationsViewer)

Read access to security center simulations

securitycenter.simulations.get

Security Center Sources Admin

(roles/securitycenter.sourcesAdmin)

Admin access to sources

Lowest-level resources where you can grant this role:

Organization

resourcemanager.organizations.get

securitycenter.sources.*

securitycenter.sources.get
securitycenter.sources.getIamPolicy
securitycenter.sources.list
securitycenter.sources.setIamPolicy
securitycenter.sources.update

securitycenter.userinterfacemetadata.get

Security Center Sources Editor

(roles/securitycenter.sourcesEditor)

Read-write access to sources

Lowest-level resources where you can grant this role:

Organization

resourcemanager.organizations.get

securitycenter.sources.get

securitycenter.sources.list

securitycenter.sources.update

securitycenter.userinterfacemetadata.get

Security Center Sources Viewer

(roles/securitycenter.sourcesViewer)

Read access to sources

Lowest-level resources where you can grant this role:

Project

resourcemanager.organizations.get

securitycenter.sources.get

securitycenter.sources.list

securitycenter.userinterfacemetadata.get

Security Center Valued Resources Reader

(roles/securitycenter.valuedResourcesViewer)

Read access to security center valued resources

securitycenter.valuedresources.list

Service agent roles

Service agent roles should only be granted to service agents.

Role Permissions

Role	Permissions
Attack Surface Management Scanner Service Agent (`roles/securitycenter.attackSurfaceManagementScannerServiceAgent`) Gives Mandiant Attack Surface Management the ability to scan Cloud Platform resources. Warning: Do not grant service agent roles to any principals except service agents.	`apigateway.apiconfigs.get` `cloudasset.assets.listResource` `dns.managedZones.list` `dns.resourceRecordSets.list` `resourcemanager.projects.get`
Security Center Automation Service Agent (`roles/securitycenter.automationServiceAgent`) Security Center automation service agent can configure GCP resources to enable security scanning. Warning: Do not grant service agent roles to any principals except service agents.	`cloudasset.feeds.` `cloudasset.feeds.create` `cloudasset.feeds.delete` `cloudasset.feeds.get` `cloudasset.feeds.list` `cloudasset.feeds.update` `resourcemanager.folders.get` `resourcemanager.folders.list` `resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.getIamPolicy` `resourcemanager.projects.list` `serviceusage.consumerpolicy.` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.consumerpolicy.update` `serviceusage.effectivepolicy.get` `serviceusage.groups.*` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.services.enable` `serviceusage.services.get` `serviceusage.values.test`
Security Center Control Service Agent (`roles/securitycenter.controlServiceAgent`) Security Center Control service agent can monitor and configure GCP resources and import security findings. Warning: Do not grant service agent roles to any principals except service agents.	`accesscontextmanager.gcpUserAccessBindings.get` `accesscontextmanager.gcpUserAccessBindings.list` `aiplatform.dataItems.list` `aiplatform.datasets.list` `aiplatform.models.list` `bigquery.datasets.get` `binaryauthorization.policy.get` `cloudasset.assets.analyzeIamPolicy` `cloudasset.assets.analyzeMove` `cloudasset.assets.analyzeOrgPolicy` `cloudasset.assets.exportAccessLevel` `cloudasset.assets.exportAccessPolicy` `cloudasset.assets.exportAiplatformBatchPredictionJobs` `cloudasset.assets.exportAiplatformCustomJobs` `cloudasset.assets.exportAiplatformDataLabelingJobs` `cloudasset.assets.exportAiplatformDatasets` `cloudasset.assets.exportAiplatformEndpoints` `cloudasset.assets.exportAiplatformHyperparameterTuningJobs` `cloudasset.assets.exportAiplatformMetadataStores` `cloudasset.assets.exportAiplatformModelDeploymentMonitoringJobs` `cloudasset.assets.exportAiplatformModels` `cloudasset.assets.exportAiplatformPipelineJobs` `cloudasset.assets.exportAiplatformSpecialistPools` `cloudasset.assets.exportAiplatformTrainingPipelines` `cloudasset.assets.exportAllAccessPolicy` `cloudasset.assets.exportAnthosConnectedCluster` `cloudasset.assets.exportAnthosedgeCluster` `cloudasset.assets.exportApigatewayApi` `cloudasset.assets.exportApigatewayApiConfig` `cloudasset.assets.exportApigatewayGateway` `cloudasset.assets.exportApikeysKeys` `cloudasset.assets.exportAppengineApplications` `cloudasset.assets.exportAppengineServices` `cloudasset.assets.exportAppengineVersions` `cloudasset.assets.exportArtifactregistryDockerImages` `cloudasset.assets.exportArtifactregistryRepositories` `cloudasset.assets.exportAssuredWorkloadsWorkloads` `cloudasset.assets.exportBeyondCorpApiGateways` `cloudasset.assets.exportBeyondCorpAppConnections` `cloudasset.assets.exportBeyondCorpAppConnectors` `cloudasset.assets.exportBeyondCorpAppGateways` `cloudasset.assets.exportBeyondCorpClientConnectorServices` `cloudasset.assets.exportBeyondCorpClientGateways` `cloudasset.assets.exportBigqueryDatasets` `cloudasset.assets.exportBigqueryModels` `cloudasset.assets.exportBigqueryTables` `cloudasset.assets.exportBigtableAppProfile` `cloudasset.assets.exportBigtableBackup` `cloudasset.assets.exportBigtableCluster` `cloudasset.assets.exportBigtableInstance` `cloudasset.assets.exportBigtableTable` `cloudasset.assets.exportCloudAssetFeeds` `cloudasset.assets.exportCloudDeployDeliveryPipelines` `cloudasset.assets.exportCloudDeployReleases` `cloudasset.assets.exportCloudDeployRollouts` `cloudasset.assets.exportCloudDeployTargets` `cloudasset.assets.exportCloudDocumentAIEvaluation` `cloudasset.assets.exportCloudDocumentAIHumanReviewConfig` `cloudasset.assets.exportCloudDocumentAILabelerPool` `cloudasset.assets.exportCloudDocumentAIProcessor` `cloudasset.assets.exportCloudDocumentAIProcessorVersion` `cloudasset.assets.exportCloudbillingBillingAccounts` `cloudasset.assets.exportCloudbillingProjectBillingInfos` `cloudasset.assets.exportCloudfunctionsFunctions` `cloudasset.assets.exportCloudfunctionsGen2Functions` `cloudasset.assets.exportCloudkmsCryptoKeyVersions` `cloudasset.assets.exportCloudkmsCryptoKeys` `cloudasset.assets.exportCloudkmsEkmConnections` `cloudasset.assets.exportCloudkmsImportJobs` `cloudasset.assets.exportCloudkmsKeyRings` `cloudasset.assets.exportCloudmemcacheInstances` `cloudasset.assets.exportCloudresourcemanagerFolders` `cloudasset.assets.exportCloudresourcemanagerOrganizations` `cloudasset.assets.exportCloudresourcemanagerProjects` `cloudasset.assets.exportCloudresourcemanagerTagBindings` `cloudasset.assets.exportCloudresourcemanagerTagKeys` `cloudasset.assets.exportCloudresourcemanagerTagValues` `cloudasset.assets.exportComposerEnvironments` `cloudasset.assets.exportComputeAddress` `cloudasset.assets.exportComputeAutoscalers` `cloudasset.assets.exportComputeBackendBuckets` `cloudasset.assets.exportComputeBackendServices` `cloudasset.assets.exportComputeCommitments` `cloudasset.assets.exportComputeDisks` `cloudasset.assets.exportComputeExternalVpnGateways` `cloudasset.assets.exportComputeFirewallPolicies` `cloudasset.assets.exportComputeFirewalls` `cloudasset.assets.exportComputeForwardingRules` `cloudasset.assets.exportComputeGlobalAddress` `cloudasset.assets.exportComputeGlobalForwardingRules` `cloudasset.assets.exportComputeHealthChecks` `cloudasset.assets.exportComputeHttpHealthChecks` `cloudasset.assets.exportComputeHttpsHealthChecks` `cloudasset.assets.exportComputeImages` `cloudasset.assets.exportComputeInstanceGroupManagers` `cloudasset.assets.exportComputeInstanceGroups` `cloudasset.assets.exportComputeInstanceTemplates` `cloudasset.assets.exportComputeInstances` `cloudasset.assets.exportComputeInterconnect` `cloudasset.assets.exportComputeInterconnectAttachment` `cloudasset.assets.exportComputeLicenses` `cloudasset.assets.exportComputeNetworkEndpointGroups` `cloudasset.assets.exportComputeNetworks` `cloudasset.assets.exportComputeNodeGroups` `cloudasset.assets.exportComputeNodeTemplates` `cloudasset.assets.exportComputePacketMirrorings` `cloudasset.assets.exportComputeProjects` `cloudasset.assets.exportComputeRegionAutoscaler` `cloudasset.assets.exportComputeRegionBackendServices` `cloudasset.assets.exportComputeRegionDisk` `cloudasset.assets.exportComputeRegionInstanceGroup` `cloudasset.assets.exportComputeRegionInstanceGroupManager` `cloudasset.assets.exportComputeReservations` `cloudasset.assets.exportComputeResourcePolicies` `cloudasset.assets.exportComputeRouters` `cloudasset.assets.exportComputeRoutes` `cloudasset.assets.exportComputeSecurityPolicy` `cloudasset.assets.exportComputeServiceAttachments` `cloudasset.assets.exportComputeSnapshots` `cloudasset.assets.exportComputeSslCertificates` `cloudasset.assets.exportComputeSslPolicies` `cloudasset.assets.exportComputeSubnetworks` `cloudasset.assets.exportComputeTargetHttpProxies` `cloudasset.assets.exportComputeTargetHttpsProxies` `cloudasset.assets.exportComputeTargetInstances` `cloudasset.assets.exportComputeTargetPools` `cloudasset.assets.exportComputeTargetSslProxies` `cloudasset.assets.exportComputeTargetTcpProxies` `cloudasset.assets.exportComputeTargetVpnGateways` `cloudasset.assets.exportComputeUrlMaps` `cloudasset.assets.exportComputeVpnGateways` `cloudasset.assets.exportComputeVpnTunnels` `cloudasset.assets.exportConnectorsConnections` `cloudasset.assets.exportConnectorsConnectorVersions` `cloudasset.assets.exportConnectorsConnectors` `cloudasset.assets.exportConnectorsProviders` `cloudasset.assets.exportConnectorsRuntimeConfigs` `cloudasset.assets.exportContainerAppsDeployment` `cloudasset.assets.exportContainerAppsReplicaSets` `cloudasset.assets.exportContainerBatchJobs` `cloudasset.assets.exportContainerClusterrole` `cloudasset.assets.exportContainerClusterrolebinding` `cloudasset.assets.exportContainerClusters` `cloudasset.assets.exportContainerExtensionsIngresses` `cloudasset.assets.exportContainerJobs` `cloudasset.assets.exportContainerNamespace` `cloudasset.assets.exportContainerNetworkingIngresses` `cloudasset.assets.exportContainerNetworkingNetworkPolicies` `cloudasset.assets.exportContainerNode` `cloudasset.assets.exportContainerNodepool` `cloudasset.assets.exportContainerPod` `cloudasset.assets.exportContainerReplicaSets` `cloudasset.assets.exportContainerRole` `cloudasset.assets.exportContainerRolebinding` `cloudasset.assets.exportContainerServices` `cloudasset.assets.exportContainerregistryImage` `cloudasset.assets.exportDataMigrationConnectionProfiles` `cloudasset.assets.exportDataMigrationMigrationJobs` `cloudasset.assets.exportDataflowJobs` `cloudasset.assets.exportDatafusionInstance` `cloudasset.assets.exportDataplexAssets` `cloudasset.assets.exportDataplexLakes` `cloudasset.assets.exportDataplexTasks` `cloudasset.assets.exportDataplexZones` `cloudasset.assets.exportDataprocAutoscalingPolicies` `cloudasset.assets.exportDataprocBatches` `cloudasset.assets.exportDataprocClusters` `cloudasset.assets.exportDataprocJobs` `cloudasset.assets.exportDataprocSessions` `cloudasset.assets.exportDataprocWorkflowTemplates` `cloudasset.assets.exportDatastreamConnectionProfile` `cloudasset.assets.exportDatastreamPrivateConnection` `cloudasset.assets.exportDatastreamStream` `cloudasset.assets.exportDialogflowAgents` `cloudasset.assets.exportDialogflowConversationProfiles` `cloudasset.assets.exportDialogflowKnowledgeBases` `cloudasset.assets.exportDialogflowLocationSettings` `cloudasset.assets.exportDlpDeidentifyTemplates` `cloudasset.assets.exportDlpDlpJobs` `cloudasset.assets.exportDlpInspectTemplates` `cloudasset.assets.exportDlpJobTriggers` `cloudasset.assets.exportDlpStoredInfoTypes` `cloudasset.assets.exportDnsManagedZones` `cloudasset.assets.exportDnsPolicies` `cloudasset.assets.exportDomainsRegistrations` `cloudasset.assets.exportEventarcTriggers` `cloudasset.assets.exportFileBackups` `cloudasset.assets.exportFileInstances` `cloudasset.assets.exportFirebaseAppInfos` `cloudasset.assets.exportFirebaseProjects` `cloudasset.assets.exportFirestoreDatabases` `cloudasset.assets.exportGKEHubFeatures` `cloudasset.assets.exportGKEHubMemberships` `cloudasset.assets.exportGameservicesGameServerClusters` `cloudasset.assets.exportGameservicesGameServerConfigs` `cloudasset.assets.exportGameservicesGameServerDeployments` `cloudasset.assets.exportGameservicesRealms` `cloudasset.assets.exportGkeBackupBackupPlans` `cloudasset.assets.exportGkeBackupBackups` `cloudasset.assets.exportGkeBackupRestorePlans` `cloudasset.assets.exportGkeBackupRestores` `cloudasset.assets.exportGkeBackupVolumeBackups` `cloudasset.assets.exportGkeBackupVolumeRestores` `cloudasset.assets.exportHealthcareConsentStores` `cloudasset.assets.exportHealthcareDatasets` `cloudasset.assets.exportHealthcareDicomStores` `cloudasset.assets.exportHealthcareFhirStores` `cloudasset.assets.exportHealthcareHl7V2Stores` `cloudasset.assets.exportIamPolicy` `cloudasset.assets.exportIamRoles` `cloudasset.assets.exportIamServiceAccountKeys` `cloudasset.assets.exportIamServiceAccounts` `cloudasset.assets.exportIapTunnel` `cloudasset.assets.exportIapTunnelInstances` `cloudasset.assets.exportIapTunnelZones` `cloudasset.assets.exportIapWeb` `cloudasset.assets.exportIapWebServiceVersion` `cloudasset.assets.exportIapWebServices` `cloudasset.assets.exportIapWebType` `cloudasset.assets.exportIdsEndpoints` `cloudasset.assets.exportIntegrationsAuthConfigs` `cloudasset.assets.exportIntegrationsCertificates` `cloudasset.assets.exportIntegrationsExecutions` `cloudasset.assets.exportIntegrationsIntegrationVersions` `cloudasset.assets.exportIntegrationsIntegrations` `cloudasset.assets.exportIntegrationsSfdcChannels` `cloudasset.assets.exportIntegrationsSfdcInstances` `cloudasset.assets.exportIntegrationsSuspensions` `cloudasset.assets.exportLoggingLogMetrics` `cloudasset.assets.exportLoggingLogSinks` `cloudasset.assets.exportManagedidentitiesDomain` `cloudasset.assets.exportMetastoreBackups` `cloudasset.assets.exportMetastoreMetadataImports` `cloudasset.assets.exportMetastoreServices` `cloudasset.assets.exportMonitoringAlertPolicies` `cloudasset.assets.exportNetworkConnectivityHubs` `cloudasset.assets.exportNetworkConnectivitySpokes` `cloudasset.assets.exportNetworkManagementConnectivityTests` `cloudasset.assets.exportNetworkServicesEndpointPolicies` `cloudasset.assets.exportNetworkServicesGateways` `cloudasset.assets.exportNetworkServicesGrpcRoutes` `cloudasset.assets.exportNetworkServicesHttpRoutes` `cloudasset.assets.exportNetworkServicesMeshes` `cloudasset.assets.exportNetworkServicesServiceBindings` `cloudasset.assets.exportNetworkServicesTcpRoutes` `cloudasset.assets.exportNetworkServicesTlsRoutes` `cloudasset.assets.exportOSConfigOSPolicyAssignmentReports` `cloudasset.assets.exportOSConfigOSPolicyAssignments` `cloudasset.assets.exportOSConfigVulnerabilityReports` `cloudasset.assets.exportOSInventories` `cloudasset.assets.exportOrgPolicy` `cloudasset.assets.exportPatchDeployments` `cloudasset.assets.exportPubsubSnapshots` `cloudasset.assets.exportPubsubSubscriptions` `cloudasset.assets.exportPubsubTopics` `cloudasset.assets.exportRedisInstances` `cloudasset.assets.exportResource` `cloudasset.assets.exportSecretManagerSecretVersions` `cloudasset.assets.exportSecretManagerSecrets` `cloudasset.assets.exportServiceDirectoryNamespaces` `cloudasset.assets.exportServicePerimeter` `cloudasset.assets.exportServiceconsumermanagementConsumerProperty` `cloudasset.assets.exportServiceconsumermanagementConsumerQuotaLimits` `cloudasset.assets.exportServiceconsumermanagementConsumers` `cloudasset.assets.exportServiceconsumermanagementProducerOverrides` `cloudasset.assets.exportServiceconsumermanagementTenancyUnits` `cloudasset.assets.exportServiceconsumermanagementVisibility` `cloudasset.assets.exportServicemanagementServices` `cloudasset.assets.exportServiceusageAdminOverrides` `cloudasset.assets.exportServiceusageConsumerOverrides` `cloudasset.assets.exportServiceusageServices` `cloudasset.assets.exportSpannerBackups` `cloudasset.assets.exportSpannerDatabases` `cloudasset.assets.exportSpannerInstances` `cloudasset.assets.exportSpeakerIdPhrases` `cloudasset.assets.exportSpeakerIdSettings` `cloudasset.assets.exportSpeakerIdSpeakers` `cloudasset.assets.exportSpeechCustomClasses` `cloudasset.assets.exportSpeechPhraseSets` `cloudasset.assets.exportSqladminBackupRuns` `cloudasset.assets.exportSqladminInstances` `cloudasset.assets.exportStorageBuckets` `cloudasset.assets.exportTpuNodes` `cloudasset.assets.exportVpcaccessConnector` `cloudasset.assets.listAccessLevel` `cloudasset.assets.listAccessPolicy` `cloudasset.assets.listAiplatformBatchPredictionJobs` `cloudasset.assets.listAiplatformCustomJobs` `cloudasset.assets.listAiplatformDataLabelingJobs` `cloudasset.assets.listAiplatformDatasets` `cloudasset.assets.listAiplatformEndpoints` `cloudasset.assets.listAiplatformHyperparameterTuningJobs` `cloudasset.assets.listAiplatformMetadataStores` `cloudasset.assets.listAiplatformModelDeploymentMonitoringJobs` `cloudasset.assets.listAiplatformModels` `cloudasset.assets.listAiplatformPipelineJobs` `cloudasset.assets.listAiplatformSpecialistPools` `cloudasset.assets.listAiplatformTrainingPipelines` `cloudasset.assets.listAllAccessPolicy` `cloudasset.assets.listAnthosConnectedCluster` `cloudasset.assets.listAnthosedgeCluster` `cloudasset.assets.listApigatewayApi` `cloudasset.assets.listApigatewayApiConfig` `cloudasset.assets.listApigatewayGateway` `cloudasset.assets.listApikeysKeys` `cloudasset.assets.listAppengineApplications` `cloudasset.assets.listAppengineServices` `cloudasset.assets.listAppengineVersions` `cloudasset.assets.listArtifactregistryDockerImages` `cloudasset.assets.listArtifactregistryRepositories` `cloudasset.assets.listAssuredWorkloadsWorkloads` `cloudasset.assets.listBeyondCorpApiGateways` `cloudasset.assets.listBeyondCorpAppConnections` `cloudasset.assets.listBeyondCorpAppConnectors` `cloudasset.assets.listBeyondCorpAppGateways` `cloudasset.assets.listBeyondCorpClientConnectorServices` `cloudasset.assets.listBeyondCorpClientGateways` `cloudasset.assets.listBigqueryDatasets` `cloudasset.assets.listBigqueryModels` `cloudasset.assets.listBigqueryTables` `cloudasset.assets.listBigtableAppProfile` `cloudasset.assets.listBigtableBackup` `cloudasset.assets.listBigtableCluster` `cloudasset.assets.listBigtableInstance` `cloudasset.assets.listBigtableTable` `cloudasset.assets.listCloudAssetFeeds` `cloudasset.assets.listCloudDeployDeliveryPipelines` `cloudasset.assets.listCloudDeployReleases` `cloudasset.assets.listCloudDeployRollouts` `cloudasset.assets.listCloudDeployTargets` `cloudasset.assets.listCloudDocumentAIEvaluation` `cloudasset.assets.listCloudDocumentAIHumanReviewConfig` `cloudasset.assets.listCloudDocumentAILabelerPool` `cloudasset.assets.listCloudDocumentAIProcessor` `cloudasset.assets.listCloudDocumentAIProcessorVersion` `cloudasset.assets.listCloudbillingBillingAccounts` `cloudasset.assets.listCloudbillingProjectBillingInfos` `cloudasset.assets.listCloudfunctionsFunctions` `cloudasset.assets.listCloudfunctionsGen2Functions` `cloudasset.assets.listCloudkmsCryptoKeyVersions` `cloudasset.assets.listCloudkmsCryptoKeys` `cloudasset.assets.listCloudkmsEkmConnections` `cloudasset.assets.listCloudkmsImportJobs` `cloudasset.assets.listCloudkmsKeyRings` `cloudasset.assets.listCloudmemcacheInstances` `cloudasset.assets.listCloudresourcemanagerFolders` `cloudasset.assets.listCloudresourcemanagerOrganizations` `cloudasset.assets.listCloudresourcemanagerProjects` `cloudasset.assets.listCloudresourcemanagerTagBindings` `cloudasset.assets.listCloudresourcemanagerTagKeys` `cloudasset.assets.listCloudresourcemanagerTagValues` `cloudasset.assets.listComposerEnvironments` `cloudasset.assets.listComputeAddress` `cloudasset.assets.listComputeAutoscalers` `cloudasset.assets.listComputeBackendBuckets` `cloudasset.assets.listComputeBackendServices` `cloudasset.assets.listComputeCommitments` `cloudasset.assets.listComputeDisks` `cloudasset.assets.listComputeExternalVpnGateways` `cloudasset.assets.listComputeFirewallPolicies` `cloudasset.assets.listComputeFirewalls` `cloudasset.assets.listComputeForwardingRules` `cloudasset.assets.listComputeGlobalAddress` `cloudasset.assets.listComputeGlobalForwardingRules` `cloudasset.assets.listComputeHealthChecks` `cloudasset.assets.listComputeHttpHealthChecks` `cloudasset.assets.listComputeHttpsHealthChecks` `cloudasset.assets.listComputeImages` `cloudasset.assets.listComputeInstanceGroupManagers` `cloudasset.assets.listComputeInstanceGroups` `cloudasset.assets.listComputeInstanceTemplates` `cloudasset.assets.listComputeInstances` `cloudasset.assets.listComputeInterconnect` `cloudasset.assets.listComputeInterconnectAttachment` `cloudasset.assets.listComputeLicenses` `cloudasset.assets.listComputeNetworkEndpointGroups` `cloudasset.assets.listComputeNetworks` `cloudasset.assets.listComputeNodeGroups` `cloudasset.assets.listComputeNodeTemplates` `cloudasset.assets.listComputePacketMirrorings` `cloudasset.assets.listComputeProjects` `cloudasset.assets.listComputeRegionAutoscaler` `cloudasset.assets.listComputeRegionBackendServices` `cloudasset.assets.listComputeRegionDisk` `cloudasset.assets.listComputeRegionInstanceGroup` `cloudasset.assets.listComputeRegionInstanceGroupManager` `cloudasset.assets.listComputeReservations` `cloudasset.assets.listComputeResourcePolicies` `cloudasset.assets.listComputeRouters` `cloudasset.assets.listComputeRoutes` `cloudasset.assets.listComputeSecurityPolicy` `cloudasset.assets.listComputeServiceAttachments` `cloudasset.assets.listComputeSnapshots` `cloudasset.assets.listComputeSslCertificates` `cloudasset.assets.listComputeSslPolicies` `cloudasset.assets.listComputeSubnetworks` `cloudasset.assets.listComputeTargetHttpProxies` `cloudasset.assets.listComputeTargetHttpsProxies` `cloudasset.assets.listComputeTargetInstances` `cloudasset.assets.listComputeTargetPools` `cloudasset.assets.listComputeTargetSslProxies` `cloudasset.assets.listComputeTargetTcpProxies` `cloudasset.assets.listComputeTargetVpnGateways` `cloudasset.assets.listComputeUrlMaps` `cloudasset.assets.listComputeVpnGateways` `cloudasset.assets.listComputeVpnTunnels` `cloudasset.assets.listConnectorsConnections` `cloudasset.assets.listConnectorsConnectorVersions` `cloudasset.assets.listConnectorsConnectors` `cloudasset.assets.listConnectorsProviders` `cloudasset.assets.listConnectorsRuntimeConfigs` `cloudasset.assets.listContainerAppsDeployment` `cloudasset.assets.listContainerAppsReplicaSets` `cloudasset.assets.listContainerBatchJobs` `cloudasset.assets.listContainerClusterrole` `cloudasset.assets.listContainerClusterrolebinding` `cloudasset.assets.listContainerClusters` `cloudasset.assets.listContainerExtensionsIngresses` `cloudasset.assets.listContainerJobs` `cloudasset.assets.listContainerNamespace` `cloudasset.assets.listContainerNetworkingIngresses` `cloudasset.assets.listContainerNetworkingNetworkPolicies` `cloudasset.assets.listContainerNode` `cloudasset.assets.listContainerNodepool` `cloudasset.assets.listContainerPod` `cloudasset.assets.listContainerReplicaSets` `cloudasset.assets.listContainerRole` `cloudasset.assets.listContainerRolebinding` `cloudasset.assets.listContainerServices` `cloudasset.assets.listContainerregistryImage` `cloudasset.assets.listDataMigrationConnectionProfiles` `cloudasset.assets.listDataMigrationMigrationJobs` `cloudasset.assets.listDataflowJobs` `cloudasset.assets.listDatafusionInstance` `cloudasset.assets.listDataplexAssets` `cloudasset.assets.listDataplexLakes` `cloudasset.assets.listDataplexTasks` `cloudasset.assets.listDataplexZones` `cloudasset.assets.listDataprocAutoscalingPolicies` `cloudasset.assets.listDataprocBatches` `cloudasset.assets.listDataprocClusters` `cloudasset.assets.listDataprocJobs` `cloudasset.assets.listDataprocSessions` `cloudasset.assets.listDataprocWorkflowTemplates` `cloudasset.assets.listDatastreamConnectionProfile` `cloudasset.assets.listDatastreamPrivateConnection` `cloudasset.assets.listDatastreamStream` `cloudasset.assets.listDialogflowAgents` `cloudasset.assets.listDialogflowConversationProfiles` `cloudasset.assets.listDialogflowKnowledgeBases` `cloudasset.assets.listDialogflowLocationSettings` `cloudasset.assets.listDlpDeidentifyTemplates` `cloudasset.assets.listDlpDlpJobs` `cloudasset.assets.listDlpInspectTemplates` `cloudasset.assets.listDlpJobTriggers` `cloudasset.assets.listDlpStoredInfoTypes` `cloudasset.assets.listDnsManagedZones` `cloudasset.assets.listDnsPolicies` `cloudasset.assets.listDomainsRegistrations` `cloudasset.assets.listEventarcTriggers` `cloudasset.assets.listFileBackups` `cloudasset.assets.listFileInstances` `cloudasset.assets.listFirebaseAppInfos` `cloudasset.assets.listFirebaseProjects` `cloudasset.assets.listFirestoreDatabases` `cloudasset.assets.listGKEHubFeatures` `cloudasset.assets.listGKEHubMemberships` `cloudasset.assets.listGameservicesGameServerClusters` `cloudasset.assets.listGameservicesGameServerConfigs` `cloudasset.assets.listGameservicesGameServerDeployments` `cloudasset.assets.listGameservicesRealms` `cloudasset.assets.listGkeBackupBackupPlans` `cloudasset.assets.listGkeBackupBackups` `cloudasset.assets.listGkeBackupRestorePlans` `cloudasset.assets.listGkeBackupRestores` `cloudasset.assets.listGkeBackupVolumeBackups` `cloudasset.assets.listGkeBackupVolumeRestores` `cloudasset.assets.listHealthcareConsentStores` `cloudasset.assets.listHealthcareDatasets` `cloudasset.assets.listHealthcareDicomStores` `cloudasset.assets.listHealthcareFhirStores` `cloudasset.assets.listHealthcareHl7V2Stores` `cloudasset.assets.listIamPolicy` `cloudasset.assets.listIamRoles` `cloudasset.assets.listIamServiceAccountKeys` `cloudasset.assets.listIamServiceAccounts` `cloudasset.assets.listIapTunnel` `cloudasset.assets.listIapTunnelInstances` `cloudasset.assets.listIapTunnelZones` `cloudasset.assets.listIapWeb` `cloudasset.assets.listIapWebServiceVersion` `cloudasset.assets.listIapWebServices` `cloudasset.assets.listIapWebType` `cloudasset.assets.listIdsEndpoints` `cloudasset.assets.listIntegrationsAuthConfigs` `cloudasset.assets.listIntegrationsCertificates` `cloudasset.assets.listIntegrationsExecutions` `cloudasset.assets.listIntegrationsIntegrationVersions` `cloudasset.assets.listIntegrationsIntegrations` `cloudasset.assets.listIntegrationsSfdcChannels` `cloudasset.assets.listIntegrationsSfdcInstances` `cloudasset.assets.listIntegrationsSuspensions` `cloudasset.assets.listLoggingLogMetrics` `cloudasset.assets.listLoggingLogSinks` `cloudasset.assets.listManagedidentitiesDomain` `cloudasset.assets.listMetastoreBackups` `cloudasset.assets.listMetastoreMetadataImports` `cloudasset.assets.listMetastoreServices` `cloudasset.assets.listMonitoringAlertPolicies` `cloudasset.assets.listNetworkConnectivityHubs` `cloudasset.assets.listNetworkConnectivitySpokes` `cloudasset.assets.listNetworkManagementConnectivityTests` `cloudasset.assets.listNetworkServicesEndpointPolicies` `cloudasset.assets.listNetworkServicesGateways` `cloudasset.assets.listNetworkServicesGrpcRoutes` `cloudasset.assets.listNetworkServicesHttpRoutes` `cloudasset.assets.listNetworkServicesMeshes` `cloudasset.assets.listNetworkServicesServiceBindings` `cloudasset.assets.listNetworkServicesTcpRoutes` `cloudasset.assets.listNetworkServicesTlsRoutes` `cloudasset.assets.listOSConfigOSPolicyAssignmentReports` `cloudasset.assets.listOSConfigOSPolicyAssignments` `cloudasset.assets.listOSConfigVulnerabilityReports` `cloudasset.assets.listOSInventories` `cloudasset.assets.listOrgPolicy` `cloudasset.assets.listPatchDeployments` `cloudasset.assets.listPubsubSnapshots` `cloudasset.assets.listPubsubSubscriptions` `cloudasset.assets.listPubsubTopics` `cloudasset.assets.listRedisInstances` `cloudasset.assets.listResource` `cloudasset.assets.listRunDomainMapping` `cloudasset.assets.listRunRevision` `cloudasset.assets.listRunService` `cloudasset.assets.listSecretManagerSecretVersions` `cloudasset.assets.listSecretManagerSecrets` `cloudasset.assets.listServiceDirectoryNamespaces` `cloudasset.assets.listServicePerimeter` `cloudasset.assets.listServiceconsumermanagementConsumerProperty` `cloudasset.assets.listServiceconsumermanagementConsumerQuotaLimits` `cloudasset.assets.listServiceconsumermanagementConsumers` `cloudasset.assets.listServiceconsumermanagementProducerOverrides` `cloudasset.assets.listServiceconsumermanagementTenancyUnits` `cloudasset.assets.listServiceconsumermanagementVisibility` `cloudasset.assets.listServicemanagementServices` `cloudasset.assets.listServiceusageAdminOverrides` `cloudasset.assets.listServiceusageConsumerOverrides` `cloudasset.assets.listServiceusageServices` `cloudasset.assets.listSpannerBackups` `cloudasset.assets.listSpannerDatabases` `cloudasset.assets.listSpannerInstances` `cloudasset.assets.listSpeakerIdPhrases` `cloudasset.assets.listSpeakerIdSettings` `cloudasset.assets.listSpeakerIdSpeakers` `cloudasset.assets.listSpeechCustomClasses` `cloudasset.assets.listSpeechPhraseSets` `cloudasset.assets.listSqladminBackupRuns` `cloudasset.assets.listSqladminInstances` `cloudasset.assets.listStorageBuckets` `cloudasset.assets.listTpuNodes` `cloudasset.assets.listVpcaccessConnector` `cloudasset.assets.queryAccessPolicy` `cloudasset.assets.queryIamPolicy` `cloudasset.assets.queryOSInventories` `cloudasset.assets.queryResource` `cloudasset.assets.searchAllIamPolicies` `cloudasset.assets.searchAllResources` `cloudasset.feeds.` `cloudasset.feeds.create` `cloudasset.feeds.delete` `cloudasset.feeds.get` `cloudasset.feeds.list` `cloudasset.feeds.update` `cloudasset.othercloudconnections.get` `cloudasset.othercloudconnections.list` `cloudasset.othercloudconnections.verify` `cloudsql.instances.connect` `cloudsql.users.list` `compute.disks.useReadOnly` `compute.globalOperations.get` `compute.instances.get` `compute.instances.list` `compute.networkEndpointGroups.get` `compute.projects.get` `compute.regionOperations.get` `compute.zoneOperations.get` `container.clusters.get` `iam.denypolicies.get` `iam.denypolicies.list` `iam.googleapis.com/workloadIdentityPoolProviders.list` `iam.googleapis.com/workloadIdentityPools.list` `logging.logEntries.list` `monitoring.alertPolicies.list` `monitoring.timeSeries.list` `orgpolicy.policies.list` `orgpolicy.policy.get` `recommender.cloudAssetInsights.get` `recommender.cloudAssetInsights.list` `recommender.locations.` `recommender.locations.get` `recommender.locations.list` `resourcemanager.folders.get` `resourcemanager.folders.list` `resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.getIamPolicy` `resourcemanager.projects.list` `resourcemanager.tagValues.get` `securitycenter.assets.list` `securitycenter.assetsecuritymarks.update` `securitycenter.findings.list` `securitycenter.notificationconfig.create` `securitycenter.notificationconfig.delete` `securitycenter.notificationconfig.update` `securitycenter.organizationsettings.get` `securitycenter.resourcevalueconfigs.get` `securitycenter.resourcevalueconfigs.list` `securitycenter.simulations.get` `securitycenter.sources.list` `securitycenter.valuedresources.list` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list` `securitycentermanagement.securityHealthAnalyticsCustomModules.create` `securitycentermanagement.securityHealthAnalyticsCustomModules.delete` `securitycentermanagement.securityHealthAnalyticsCustomModules.get` `securitycentermanagement.securityHealthAnalyticsCustomModules.list` `securitycentermanagement.securityHealthAnalyticsCustomModules.simulate` `securitycentermanagement.securityHealthAnalyticsCustomModules.update` `serviceusage.consumerpolicy.` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.consumerpolicy.update` `serviceusage.effectivepolicy.get` `serviceusage.groups.*` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.operations.get` `serviceusage.quotas.get` `serviceusage.services.disable` `serviceusage.services.enable` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test` `stackdriver.projects.get` `storage.buckets.get` `storage.buckets.getIamPolicy` `storage.buckets.list`
Security Center Integration Executor Service Agent (`roles/securitycenter.integrationExecutorServiceAgent`) Gives Security Center access to execute Integrations. Warning: Do not grant service agent roles to any principals except service agents.	`integrations.securityExecutions.cancel` `integrations.securityExecutions.list` `integrations.securityIntegrations.invoke`
Security Center Notification Service Agent (`roles/securitycenter.notificationServiceAgent`) Security Center service agent can publish notifications to Pub/Sub topics. Warning: Do not grant service agent roles to any principals except service agents.	`pubsub.topics.publish`
Security Health Analytics Service Agent (`roles/securitycenter.securityHealthAnalyticsServiceAgent`) Security Health Analytics service agent can scan GCP resource metadata to find security vulnerabilities. Warning: Do not grant service agent roles to any principals except service agents.	`bigquery.datasets.get` `binaryauthorization.policy.get` `cloudasset.assets.analyzeIamPolicy` `cloudasset.assets.analyzeMove` `cloudasset.assets.analyzeOrgPolicy` `cloudasset.assets.exportAccessLevel` `cloudasset.assets.exportAccessPolicy` `cloudasset.assets.exportAiplatformBatchPredictionJobs` `cloudasset.assets.exportAiplatformCustomJobs` `cloudasset.assets.exportAiplatformDataLabelingJobs` `cloudasset.assets.exportAiplatformDatasets` `cloudasset.assets.exportAiplatformEndpoints` `cloudasset.assets.exportAiplatformHyperparameterTuningJobs` `cloudasset.assets.exportAiplatformMetadataStores` `cloudasset.assets.exportAiplatformModelDeploymentMonitoringJobs` `cloudasset.assets.exportAiplatformModels` `cloudasset.assets.exportAiplatformPipelineJobs` `cloudasset.assets.exportAiplatformSpecialistPools` `cloudasset.assets.exportAiplatformTrainingPipelines` `cloudasset.assets.exportAllAccessPolicy` `cloudasset.assets.exportAnthosConnectedCluster` `cloudasset.assets.exportAnthosedgeCluster` `cloudasset.assets.exportApigatewayApi` `cloudasset.assets.exportApigatewayApiConfig` `cloudasset.assets.exportApigatewayGateway` `cloudasset.assets.exportApikeysKeys` `cloudasset.assets.exportAppengineApplications` `cloudasset.assets.exportAppengineServices` `cloudasset.assets.exportAppengineVersions` `cloudasset.assets.exportArtifactregistryDockerImages` `cloudasset.assets.exportArtifactregistryRepositories` `cloudasset.assets.exportAssuredWorkloadsWorkloads` `cloudasset.assets.exportBeyondCorpApiGateways` `cloudasset.assets.exportBeyondCorpAppConnections` `cloudasset.assets.exportBeyondCorpAppConnectors` `cloudasset.assets.exportBeyondCorpAppGateways` `cloudasset.assets.exportBeyondCorpClientConnectorServices` `cloudasset.assets.exportBeyondCorpClientGateways` `cloudasset.assets.exportBigqueryDatasets` `cloudasset.assets.exportBigqueryModels` `cloudasset.assets.exportBigqueryTables` `cloudasset.assets.exportBigtableAppProfile` `cloudasset.assets.exportBigtableBackup` `cloudasset.assets.exportBigtableCluster` `cloudasset.assets.exportBigtableInstance` `cloudasset.assets.exportBigtableTable` `cloudasset.assets.exportCloudAssetFeeds` `cloudasset.assets.exportCloudDeployDeliveryPipelines` `cloudasset.assets.exportCloudDeployReleases` `cloudasset.assets.exportCloudDeployRollouts` `cloudasset.assets.exportCloudDeployTargets` `cloudasset.assets.exportCloudDocumentAIEvaluation` `cloudasset.assets.exportCloudDocumentAIHumanReviewConfig` `cloudasset.assets.exportCloudDocumentAILabelerPool` `cloudasset.assets.exportCloudDocumentAIProcessor` `cloudasset.assets.exportCloudDocumentAIProcessorVersion` `cloudasset.assets.exportCloudbillingBillingAccounts` `cloudasset.assets.exportCloudbillingProjectBillingInfos` `cloudasset.assets.exportCloudfunctionsFunctions` `cloudasset.assets.exportCloudfunctionsGen2Functions` `cloudasset.assets.exportCloudkmsCryptoKeyVersions` `cloudasset.assets.exportCloudkmsCryptoKeys` `cloudasset.assets.exportCloudkmsEkmConnections` `cloudasset.assets.exportCloudkmsImportJobs` `cloudasset.assets.exportCloudkmsKeyRings` `cloudasset.assets.exportCloudmemcacheInstances` `cloudasset.assets.exportCloudresourcemanagerFolders` `cloudasset.assets.exportCloudresourcemanagerOrganizations` `cloudasset.assets.exportCloudresourcemanagerProjects` `cloudasset.assets.exportCloudresourcemanagerTagBindings` `cloudasset.assets.exportCloudresourcemanagerTagKeys` `cloudasset.assets.exportCloudresourcemanagerTagValues` `cloudasset.assets.exportComposerEnvironments` `cloudasset.assets.exportComputeAddress` `cloudasset.assets.exportComputeAutoscalers` `cloudasset.assets.exportComputeBackendBuckets` `cloudasset.assets.exportComputeBackendServices` `cloudasset.assets.exportComputeCommitments` `cloudasset.assets.exportComputeDisks` `cloudasset.assets.exportComputeExternalVpnGateways` `cloudasset.assets.exportComputeFirewallPolicies` `cloudasset.assets.exportComputeFirewalls` `cloudasset.assets.exportComputeForwardingRules` `cloudasset.assets.exportComputeGlobalAddress` `cloudasset.assets.exportComputeGlobalForwardingRules` `cloudasset.assets.exportComputeHealthChecks` `cloudasset.assets.exportComputeHttpHealthChecks` `cloudasset.assets.exportComputeHttpsHealthChecks` `cloudasset.assets.exportComputeImages` `cloudasset.assets.exportComputeInstanceGroupManagers` `cloudasset.assets.exportComputeInstanceGroups` `cloudasset.assets.exportComputeInstanceTemplates` `cloudasset.assets.exportComputeInstances` `cloudasset.assets.exportComputeInterconnect` `cloudasset.assets.exportComputeInterconnectAttachment` `cloudasset.assets.exportComputeLicenses` `cloudasset.assets.exportComputeNetworkEndpointGroups` `cloudasset.assets.exportComputeNetworks` `cloudasset.assets.exportComputeNodeGroups` `cloudasset.assets.exportComputeNodeTemplates` `cloudasset.assets.exportComputePacketMirrorings` `cloudasset.assets.exportComputeProjects` `cloudasset.assets.exportComputeRegionAutoscaler` `cloudasset.assets.exportComputeRegionBackendServices` `cloudasset.assets.exportComputeRegionDisk` `cloudasset.assets.exportComputeRegionInstanceGroup` `cloudasset.assets.exportComputeRegionInstanceGroupManager` `cloudasset.assets.exportComputeReservations` `cloudasset.assets.exportComputeResourcePolicies` `cloudasset.assets.exportComputeRouters` `cloudasset.assets.exportComputeRoutes` `cloudasset.assets.exportComputeSecurityPolicy` `cloudasset.assets.exportComputeServiceAttachments` `cloudasset.assets.exportComputeSnapshots` `cloudasset.assets.exportComputeSslCertificates` `cloudasset.assets.exportComputeSslPolicies` `cloudasset.assets.exportComputeSubnetworks` `cloudasset.assets.exportComputeTargetHttpProxies` `cloudasset.assets.exportComputeTargetHttpsProxies` `cloudasset.assets.exportComputeTargetInstances` `cloudasset.assets.exportComputeTargetPools` `cloudasset.assets.exportComputeTargetSslProxies` `cloudasset.assets.exportComputeTargetTcpProxies` `cloudasset.assets.exportComputeTargetVpnGateways` `cloudasset.assets.exportComputeUrlMaps` `cloudasset.assets.exportComputeVpnGateways` `cloudasset.assets.exportComputeVpnTunnels` `cloudasset.assets.exportConnectorsConnections` `cloudasset.assets.exportConnectorsConnectorVersions` `cloudasset.assets.exportConnectorsConnectors` `cloudasset.assets.exportConnectorsProviders` `cloudasset.assets.exportConnectorsRuntimeConfigs` `cloudasset.assets.exportContainerAppsDeployment` `cloudasset.assets.exportContainerAppsReplicaSets` `cloudasset.assets.exportContainerBatchJobs` `cloudasset.assets.exportContainerClusterrole` `cloudasset.assets.exportContainerClusterrolebinding` `cloudasset.assets.exportContainerClusters` `cloudasset.assets.exportContainerExtensionsIngresses` `cloudasset.assets.exportContainerJobs` `cloudasset.assets.exportContainerNamespace` `cloudasset.assets.exportContainerNetworkingIngresses` `cloudasset.assets.exportContainerNetworkingNetworkPolicies` `cloudasset.assets.exportContainerNode` `cloudasset.assets.exportContainerNodepool` `cloudasset.assets.exportContainerPod` `cloudasset.assets.exportContainerReplicaSets` `cloudasset.assets.exportContainerRole` `cloudasset.assets.exportContainerRolebinding` `cloudasset.assets.exportContainerServices` `cloudasset.assets.exportContainerregistryImage` `cloudasset.assets.exportDataMigrationConnectionProfiles` `cloudasset.assets.exportDataMigrationMigrationJobs` `cloudasset.assets.exportDataflowJobs` `cloudasset.assets.exportDatafusionInstance` `cloudasset.assets.exportDataplexAssets` `cloudasset.assets.exportDataplexLakes` `cloudasset.assets.exportDataplexTasks` `cloudasset.assets.exportDataplexZones` `cloudasset.assets.exportDataprocAutoscalingPolicies` `cloudasset.assets.exportDataprocBatches` `cloudasset.assets.exportDataprocClusters` `cloudasset.assets.exportDataprocJobs` `cloudasset.assets.exportDataprocSessions` `cloudasset.assets.exportDataprocWorkflowTemplates` `cloudasset.assets.exportDatastreamConnectionProfile` `cloudasset.assets.exportDatastreamPrivateConnection` `cloudasset.assets.exportDatastreamStream` `cloudasset.assets.exportDialogflowAgents` `cloudasset.assets.exportDialogflowConversationProfiles` `cloudasset.assets.exportDialogflowKnowledgeBases` `cloudasset.assets.exportDialogflowLocationSettings` `cloudasset.assets.exportDlpDeidentifyTemplates` `cloudasset.assets.exportDlpDlpJobs` `cloudasset.assets.exportDlpInspectTemplates` `cloudasset.assets.exportDlpJobTriggers` `cloudasset.assets.exportDlpStoredInfoTypes` `cloudasset.assets.exportDnsManagedZones` `cloudasset.assets.exportDnsPolicies` `cloudasset.assets.exportDomainsRegistrations` `cloudasset.assets.exportEventarcTriggers` `cloudasset.assets.exportFileBackups` `cloudasset.assets.exportFileInstances` `cloudasset.assets.exportFirebaseAppInfos` `cloudasset.assets.exportFirebaseProjects` `cloudasset.assets.exportFirestoreDatabases` `cloudasset.assets.exportGKEHubFeatures` `cloudasset.assets.exportGKEHubMemberships` `cloudasset.assets.exportGameservicesGameServerClusters` `cloudasset.assets.exportGameservicesGameServerConfigs` `cloudasset.assets.exportGameservicesGameServerDeployments` `cloudasset.assets.exportGameservicesRealms` `cloudasset.assets.exportGkeBackupBackupPlans` `cloudasset.assets.exportGkeBackupBackups` `cloudasset.assets.exportGkeBackupRestorePlans` `cloudasset.assets.exportGkeBackupRestores` `cloudasset.assets.exportGkeBackupVolumeBackups` `cloudasset.assets.exportGkeBackupVolumeRestores` `cloudasset.assets.exportHealthcareConsentStores` `cloudasset.assets.exportHealthcareDatasets` `cloudasset.assets.exportHealthcareDicomStores` `cloudasset.assets.exportHealthcareFhirStores` `cloudasset.assets.exportHealthcareHl7V2Stores` `cloudasset.assets.exportIamPolicy` `cloudasset.assets.exportIamRoles` `cloudasset.assets.exportIamServiceAccountKeys` `cloudasset.assets.exportIamServiceAccounts` `cloudasset.assets.exportIapTunnel` `cloudasset.assets.exportIapTunnelInstances` `cloudasset.assets.exportIapTunnelZones` `cloudasset.assets.exportIapWeb` `cloudasset.assets.exportIapWebServiceVersion` `cloudasset.assets.exportIapWebServices` `cloudasset.assets.exportIapWebType` `cloudasset.assets.exportIdsEndpoints` `cloudasset.assets.exportIntegrationsAuthConfigs` `cloudasset.assets.exportIntegrationsCertificates` `cloudasset.assets.exportIntegrationsExecutions` `cloudasset.assets.exportIntegrationsIntegrationVersions` `cloudasset.assets.exportIntegrationsIntegrations` `cloudasset.assets.exportIntegrationsSfdcChannels` `cloudasset.assets.exportIntegrationsSfdcInstances` `cloudasset.assets.exportIntegrationsSuspensions` `cloudasset.assets.exportLoggingLogMetrics` `cloudasset.assets.exportLoggingLogSinks` `cloudasset.assets.exportManagedidentitiesDomain` `cloudasset.assets.exportMetastoreBackups` `cloudasset.assets.exportMetastoreMetadataImports` `cloudasset.assets.exportMetastoreServices` `cloudasset.assets.exportMonitoringAlertPolicies` `cloudasset.assets.exportNetworkConnectivityHubs` `cloudasset.assets.exportNetworkConnectivitySpokes` `cloudasset.assets.exportNetworkManagementConnectivityTests` `cloudasset.assets.exportNetworkServicesEndpointPolicies` `cloudasset.assets.exportNetworkServicesGateways` `cloudasset.assets.exportNetworkServicesGrpcRoutes` `cloudasset.assets.exportNetworkServicesHttpRoutes` `cloudasset.assets.exportNetworkServicesMeshes` `cloudasset.assets.exportNetworkServicesServiceBindings` `cloudasset.assets.exportNetworkServicesTcpRoutes` `cloudasset.assets.exportNetworkServicesTlsRoutes` `cloudasset.assets.exportOSConfigOSPolicyAssignmentReports` `cloudasset.assets.exportOSConfigOSPolicyAssignments` `cloudasset.assets.exportOSConfigVulnerabilityReports` `cloudasset.assets.exportOSInventories` `cloudasset.assets.exportOrgPolicy` `cloudasset.assets.exportPatchDeployments` `cloudasset.assets.exportPubsubSnapshots` `cloudasset.assets.exportPubsubSubscriptions` `cloudasset.assets.exportPubsubTopics` `cloudasset.assets.exportRedisInstances` `cloudasset.assets.exportResource` `cloudasset.assets.exportSecretManagerSecretVersions` `cloudasset.assets.exportSecretManagerSecrets` `cloudasset.assets.exportServiceDirectoryNamespaces` `cloudasset.assets.exportServicePerimeter` `cloudasset.assets.exportServiceconsumermanagementConsumerProperty` `cloudasset.assets.exportServiceconsumermanagementConsumerQuotaLimits` `cloudasset.assets.exportServiceconsumermanagementConsumers` `cloudasset.assets.exportServiceconsumermanagementProducerOverrides` `cloudasset.assets.exportServiceconsumermanagementTenancyUnits` `cloudasset.assets.exportServiceconsumermanagementVisibility` `cloudasset.assets.exportServicemanagementServices` `cloudasset.assets.exportServiceusageAdminOverrides` `cloudasset.assets.exportServiceusageConsumerOverrides` `cloudasset.assets.exportServiceusageServices` `cloudasset.assets.exportSpannerBackups` `cloudasset.assets.exportSpannerDatabases` `cloudasset.assets.exportSpannerInstances` `cloudasset.assets.exportSpeakerIdPhrases` `cloudasset.assets.exportSpeakerIdSettings` `cloudasset.assets.exportSpeakerIdSpeakers` `cloudasset.assets.exportSpeechCustomClasses` `cloudasset.assets.exportSpeechPhraseSets` `cloudasset.assets.exportSqladminBackupRuns` `cloudasset.assets.exportSqladminInstances` `cloudasset.assets.exportStorageBuckets` `cloudasset.assets.exportTpuNodes` `cloudasset.assets.exportVpcaccessConnector` `cloudasset.assets.listAccessLevel` `cloudasset.assets.listAccessPolicy` `cloudasset.assets.listAiplatformBatchPredictionJobs` `cloudasset.assets.listAiplatformCustomJobs` `cloudasset.assets.listAiplatformDataLabelingJobs` `cloudasset.assets.listAiplatformDatasets` `cloudasset.assets.listAiplatformEndpoints` `cloudasset.assets.listAiplatformHyperparameterTuningJobs` `cloudasset.assets.listAiplatformMetadataStores` `cloudasset.assets.listAiplatformModelDeploymentMonitoringJobs` `cloudasset.assets.listAiplatformModels` `cloudasset.assets.listAiplatformPipelineJobs` `cloudasset.assets.listAiplatformSpecialistPools` `cloudasset.assets.listAiplatformTrainingPipelines` `cloudasset.assets.listAllAccessPolicy` `cloudasset.assets.listAnthosConnectedCluster` `cloudasset.assets.listAnthosedgeCluster` `cloudasset.assets.listApigatewayApi` `cloudasset.assets.listApigatewayApiConfig` `cloudasset.assets.listApigatewayGateway` `cloudasset.assets.listApikeysKeys` `cloudasset.assets.listAppengineApplications` `cloudasset.assets.listAppengineServices` `cloudasset.assets.listAppengineVersions` `cloudasset.assets.listArtifactregistryDockerImages` `cloudasset.assets.listArtifactregistryRepositories` `cloudasset.assets.listAssuredWorkloadsWorkloads` `cloudasset.assets.listBeyondCorpApiGateways` `cloudasset.assets.listBeyondCorpAppConnections` `cloudasset.assets.listBeyondCorpAppConnectors` `cloudasset.assets.listBeyondCorpAppGateways` `cloudasset.assets.listBeyondCorpClientConnectorServices` `cloudasset.assets.listBeyondCorpClientGateways` `cloudasset.assets.listBigqueryDatasets` `cloudasset.assets.listBigqueryModels` `cloudasset.assets.listBigqueryTables` `cloudasset.assets.listBigtableAppProfile` `cloudasset.assets.listBigtableBackup` `cloudasset.assets.listBigtableCluster` `cloudasset.assets.listBigtableInstance` `cloudasset.assets.listBigtableTable` `cloudasset.assets.listCloudAssetFeeds` `cloudasset.assets.listCloudDeployDeliveryPipelines` `cloudasset.assets.listCloudDeployReleases` `cloudasset.assets.listCloudDeployRollouts` `cloudasset.assets.listCloudDeployTargets` `cloudasset.assets.listCloudDocumentAIEvaluation` `cloudasset.assets.listCloudDocumentAIHumanReviewConfig` `cloudasset.assets.listCloudDocumentAILabelerPool` `cloudasset.assets.listCloudDocumentAIProcessor` `cloudasset.assets.listCloudDocumentAIProcessorVersion` `cloudasset.assets.listCloudbillingBillingAccounts` `cloudasset.assets.listCloudbillingProjectBillingInfos` `cloudasset.assets.listCloudfunctionsFunctions` `cloudasset.assets.listCloudfunctionsGen2Functions` `cloudasset.assets.listCloudkmsCryptoKeyVersions` `cloudasset.assets.listCloudkmsCryptoKeys` `cloudasset.assets.listCloudkmsEkmConnections` `cloudasset.assets.listCloudkmsImportJobs` `cloudasset.assets.listCloudkmsKeyRings` `cloudasset.assets.listCloudmemcacheInstances` `cloudasset.assets.listCloudresourcemanagerFolders` `cloudasset.assets.listCloudresourcemanagerOrganizations` `cloudasset.assets.listCloudresourcemanagerProjects` `cloudasset.assets.listCloudresourcemanagerTagBindings` `cloudasset.assets.listCloudresourcemanagerTagKeys` `cloudasset.assets.listCloudresourcemanagerTagValues` `cloudasset.assets.listComposerEnvironments` `cloudasset.assets.listComputeAddress` `cloudasset.assets.listComputeAutoscalers` `cloudasset.assets.listComputeBackendBuckets` `cloudasset.assets.listComputeBackendServices` `cloudasset.assets.listComputeCommitments` `cloudasset.assets.listComputeDisks` `cloudasset.assets.listComputeExternalVpnGateways` `cloudasset.assets.listComputeFirewallPolicies` `cloudasset.assets.listComputeFirewalls` `cloudasset.assets.listComputeForwardingRules` `cloudasset.assets.listComputeGlobalAddress` `cloudasset.assets.listComputeGlobalForwardingRules` `cloudasset.assets.listComputeHealthChecks` `cloudasset.assets.listComputeHttpHealthChecks` `cloudasset.assets.listComputeHttpsHealthChecks` `cloudasset.assets.listComputeImages` `cloudasset.assets.listComputeInstanceGroupManagers` `cloudasset.assets.listComputeInstanceGroups` `cloudasset.assets.listComputeInstanceTemplates` `cloudasset.assets.listComputeInstances` `cloudasset.assets.listComputeInterconnect` `cloudasset.assets.listComputeInterconnectAttachment` `cloudasset.assets.listComputeLicenses` `cloudasset.assets.listComputeNetworkEndpointGroups` `cloudasset.assets.listComputeNetworks` `cloudasset.assets.listComputeNodeGroups` `cloudasset.assets.listComputeNodeTemplates` `cloudasset.assets.listComputePacketMirrorings` `cloudasset.assets.listComputeProjects` `cloudasset.assets.listComputeRegionAutoscaler` `cloudasset.assets.listComputeRegionBackendServices` `cloudasset.assets.listComputeRegionDisk` `cloudasset.assets.listComputeRegionInstanceGroup` `cloudasset.assets.listComputeRegionInstanceGroupManager` `cloudasset.assets.listComputeReservations` `cloudasset.assets.listComputeResourcePolicies` `cloudasset.assets.listComputeRouters` `cloudasset.assets.listComputeRoutes` `cloudasset.assets.listComputeSecurityPolicy` `cloudasset.assets.listComputeServiceAttachments` `cloudasset.assets.listComputeSnapshots` `cloudasset.assets.listComputeSslCertificates` `cloudasset.assets.listComputeSslPolicies` `cloudasset.assets.listComputeSubnetworks` `cloudasset.assets.listComputeTargetHttpProxies` `cloudasset.assets.listComputeTargetHttpsProxies` `cloudasset.assets.listComputeTargetInstances` `cloudasset.assets.listComputeTargetPools` `cloudasset.assets.listComputeTargetSslProxies` `cloudasset.assets.listComputeTargetTcpProxies` `cloudasset.assets.listComputeTargetVpnGateways` `cloudasset.assets.listComputeUrlMaps` `cloudasset.assets.listComputeVpnGateways` `cloudasset.assets.listComputeVpnTunnels` `cloudasset.assets.listConnectorsConnections` `cloudasset.assets.listConnectorsConnectorVersions` `cloudasset.assets.listConnectorsConnectors` `cloudasset.assets.listConnectorsProviders` `cloudasset.assets.listConnectorsRuntimeConfigs` `cloudasset.assets.listContainerAppsDeployment` `cloudasset.assets.listContainerAppsReplicaSets` `cloudasset.assets.listContainerBatchJobs` `cloudasset.assets.listContainerClusterrole` `cloudasset.assets.listContainerClusterrolebinding` `cloudasset.assets.listContainerClusters` `cloudasset.assets.listContainerExtensionsIngresses` `cloudasset.assets.listContainerJobs` `cloudasset.assets.listContainerNamespace` `cloudasset.assets.listContainerNetworkingIngresses` `cloudasset.assets.listContainerNetworkingNetworkPolicies` `cloudasset.assets.listContainerNode` `cloudasset.assets.listContainerNodepool` `cloudasset.assets.listContainerPod` `cloudasset.assets.listContainerReplicaSets` `cloudasset.assets.listContainerRole` `cloudasset.assets.listContainerRolebinding` `cloudasset.assets.listContainerServices` `cloudasset.assets.listContainerregistryImage` `cloudasset.assets.listDataMigrationConnectionProfiles` `cloudasset.assets.listDataMigrationMigrationJobs` `cloudasset.assets.listDataflowJobs` `cloudasset.assets.listDatafusionInstance` `cloudasset.assets.listDataplexAssets` `cloudasset.assets.listDataplexLakes` `cloudasset.assets.listDataplexTasks` `cloudasset.assets.listDataplexZones` `cloudasset.assets.listDataprocAutoscalingPolicies` `cloudasset.assets.listDataprocBatches` `cloudasset.assets.listDataprocClusters` `cloudasset.assets.listDataprocJobs` `cloudasset.assets.listDataprocSessions` `cloudasset.assets.listDataprocWorkflowTemplates` `cloudasset.assets.listDatastreamConnectionProfile` `cloudasset.assets.listDatastreamPrivateConnection` `cloudasset.assets.listDatastreamStream` `cloudasset.assets.listDialogflowAgents` `cloudasset.assets.listDialogflowConversationProfiles` `cloudasset.assets.listDialogflowKnowledgeBases` `cloudasset.assets.listDialogflowLocationSettings` `cloudasset.assets.listDlpDeidentifyTemplates` `cloudasset.assets.listDlpDlpJobs` `cloudasset.assets.listDlpInspectTemplates` `cloudasset.assets.listDlpJobTriggers` `cloudasset.assets.listDlpStoredInfoTypes` `cloudasset.assets.listDnsManagedZones` `cloudasset.assets.listDnsPolicies` `cloudasset.assets.listDomainsRegistrations` `cloudasset.assets.listEventarcTriggers` `cloudasset.assets.listFileBackups` `cloudasset.assets.listFileInstances` `cloudasset.assets.listFirebaseAppInfos` `cloudasset.assets.listFirebaseProjects` `cloudasset.assets.listFirestoreDatabases` `cloudasset.assets.listGKEHubFeatures` `cloudasset.assets.listGKEHubMemberships` `cloudasset.assets.listGameservicesGameServerClusters` `cloudasset.assets.listGameservicesGameServerConfigs` `cloudasset.assets.listGameservicesGameServerDeployments` `cloudasset.assets.listGameservicesRealms` `cloudasset.assets.listGkeBackupBackupPlans` `cloudasset.assets.listGkeBackupBackups` `cloudasset.assets.listGkeBackupRestorePlans` `cloudasset.assets.listGkeBackupRestores` `cloudasset.assets.listGkeBackupVolumeBackups` `cloudasset.assets.listGkeBackupVolumeRestores` `cloudasset.assets.listHealthcareConsentStores` `cloudasset.assets.listHealthcareDatasets` `cloudasset.assets.listHealthcareDicomStores` `cloudasset.assets.listHealthcareFhirStores` `cloudasset.assets.listHealthcareHl7V2Stores` `cloudasset.assets.listIamPolicy` `cloudasset.assets.listIamRoles` `cloudasset.assets.listIamServiceAccountKeys` `cloudasset.assets.listIamServiceAccounts` `cloudasset.assets.listIapTunnel` `cloudasset.assets.listIapTunnelInstances` `cloudasset.assets.listIapTunnelZones` `cloudasset.assets.listIapWeb` `cloudasset.assets.listIapWebServiceVersion` `cloudasset.assets.listIapWebServices` `cloudasset.assets.listIapWebType` `cloudasset.assets.listIdsEndpoints` `cloudasset.assets.listIntegrationsAuthConfigs` `cloudasset.assets.listIntegrationsCertificates` `cloudasset.assets.listIntegrationsExecutions` `cloudasset.assets.listIntegrationsIntegrationVersions` `cloudasset.assets.listIntegrationsIntegrations` `cloudasset.assets.listIntegrationsSfdcChannels` `cloudasset.assets.listIntegrationsSfdcInstances` `cloudasset.assets.listIntegrationsSuspensions` `cloudasset.assets.listLoggingLogMetrics` `cloudasset.assets.listLoggingLogSinks` `cloudasset.assets.listManagedidentitiesDomain` `cloudasset.assets.listMetastoreBackups` `cloudasset.assets.listMetastoreMetadataImports` `cloudasset.assets.listMetastoreServices` `cloudasset.assets.listMonitoringAlertPolicies` `cloudasset.assets.listNetworkConnectivityHubs` `cloudasset.assets.listNetworkConnectivitySpokes` `cloudasset.assets.listNetworkManagementConnectivityTests` `cloudasset.assets.listNetworkServicesEndpointPolicies` `cloudasset.assets.listNetworkServicesGateways` `cloudasset.assets.listNetworkServicesGrpcRoutes` `cloudasset.assets.listNetworkServicesHttpRoutes` `cloudasset.assets.listNetworkServicesMeshes` `cloudasset.assets.listNetworkServicesServiceBindings` `cloudasset.assets.listNetworkServicesTcpRoutes` `cloudasset.assets.listNetworkServicesTlsRoutes` `cloudasset.assets.listOSConfigOSPolicyAssignmentReports` `cloudasset.assets.listOSConfigOSPolicyAssignments` `cloudasset.assets.listOSConfigVulnerabilityReports` `cloudasset.assets.listOSInventories` `cloudasset.assets.listOrgPolicy` `cloudasset.assets.listPatchDeployments` `cloudasset.assets.listPubsubSnapshots` `cloudasset.assets.listPubsubSubscriptions` `cloudasset.assets.listPubsubTopics` `cloudasset.assets.listRedisInstances` `cloudasset.assets.listResource` `cloudasset.assets.listRunDomainMapping` `cloudasset.assets.listRunRevision` `cloudasset.assets.listRunService` `cloudasset.assets.listSecretManagerSecretVersions` `cloudasset.assets.listSecretManagerSecrets` `cloudasset.assets.listServiceDirectoryNamespaces` `cloudasset.assets.listServicePerimeter` `cloudasset.assets.listServiceconsumermanagementConsumerProperty` `cloudasset.assets.listServiceconsumermanagementConsumerQuotaLimits` `cloudasset.assets.listServiceconsumermanagementConsumers` `cloudasset.assets.listServiceconsumermanagementProducerOverrides` `cloudasset.assets.listServiceconsumermanagementTenancyUnits` `cloudasset.assets.listServiceconsumermanagementVisibility` `cloudasset.assets.listServicemanagementServices` `cloudasset.assets.listServiceusageAdminOverrides` `cloudasset.assets.listServiceusageConsumerOverrides` `cloudasset.assets.listServiceusageServices` `cloudasset.assets.listSpannerBackups` `cloudasset.assets.listSpannerDatabases` `cloudasset.assets.listSpannerInstances` `cloudasset.assets.listSpeakerIdPhrases` `cloudasset.assets.listSpeakerIdSettings` `cloudasset.assets.listSpeakerIdSpeakers` `cloudasset.assets.listSpeechCustomClasses` `cloudasset.assets.listSpeechPhraseSets` `cloudasset.assets.listSqladminBackupRuns` `cloudasset.assets.listSqladminInstances` `cloudasset.assets.listStorageBuckets` `cloudasset.assets.listTpuNodes` `cloudasset.assets.listVpcaccessConnector` `cloudasset.assets.queryAccessPolicy` `cloudasset.assets.queryIamPolicy` `cloudasset.assets.queryOSInventories` `cloudasset.assets.queryResource` `cloudasset.assets.searchAllIamPolicies` `cloudasset.assets.searchAllResources` `cloudasset.feeds.` `cloudasset.feeds.create` `cloudasset.feeds.delete` `cloudasset.feeds.get` `cloudasset.feeds.list` `cloudasset.feeds.update` `cloudasset.othercloudconnections.get` `cloudasset.othercloudconnections.list` `cloudasset.othercloudconnections.verify` `cloudsql.instances.connect` `cloudsql.users.list` `compute.globalOperations.get` `compute.instances.get` `compute.instances.list` `compute.networkEndpointGroups.get` `compute.projects.get` `container.clusters.get` `monitoring.alertPolicies.list` `orgpolicy.policy.get` `recommender.cloudAssetInsights.get` `recommender.cloudAssetInsights.list` `recommender.locations.` `recommender.locations.get` `recommender.locations.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `securitycenter.organizationsettings.get` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.*` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test` `stackdriver.projects.get`
Google Cloud Security Response Service Agent (`roles/securitycenter.securityResponseServiceAgent`) Gives Playbook Runner permissions to execute all Google authored Playbooks. This role will keep evolving as we add more playbooks Warning: Do not grant service agent roles to any principals except service agents.	`compute.globalOperations.get` `compute.instances.deleteAccessConfig` `compute.instances.get` `compute.instances.setMetadata` `compute.regionOperations.get` `compute.zoneOperations.get` `iam.serviceAccounts.actAs` `pubsub.topics.publish` `securitycenter.findings.list` `storage.buckets.get` `storage.buckets.update`
Security Center Service Agent (`roles/securitycenter.serviceAgent`) Security Center service agent can scan GCP resources and import security scans. Warning: Do not grant service agent roles to any principals except service agents.	`accesscontextmanager.gcpUserAccessBindings.get` `accesscontextmanager.gcpUserAccessBindings.list` `aiplatform.dataItems.list` `aiplatform.datasets.list` `aiplatform.models.list` `bigquery.datasets.get` `binaryauthorization.policy.get` `cloudasset.assets.analyzeIamPolicy` `cloudasset.assets.analyzeMove` `cloudasset.assets.analyzeOrgPolicy` `cloudasset.assets.exportAccessLevel` `cloudasset.assets.exportAccessPolicy` `cloudasset.assets.exportAiplatformBatchPredictionJobs` `cloudasset.assets.exportAiplatformCustomJobs` `cloudasset.assets.exportAiplatformDataLabelingJobs` `cloudasset.assets.exportAiplatformDatasets` `cloudasset.assets.exportAiplatformEndpoints` `cloudasset.assets.exportAiplatformHyperparameterTuningJobs` `cloudasset.assets.exportAiplatformMetadataStores` `cloudasset.assets.exportAiplatformModelDeploymentMonitoringJobs` `cloudasset.assets.exportAiplatformModels` `cloudasset.assets.exportAiplatformPipelineJobs` `cloudasset.assets.exportAiplatformSpecialistPools` `cloudasset.assets.exportAiplatformTrainingPipelines` `cloudasset.assets.exportAllAccessPolicy` `cloudasset.assets.exportAnthosConnectedCluster` `cloudasset.assets.exportAnthosedgeCluster` `cloudasset.assets.exportApigatewayApi` `cloudasset.assets.exportApigatewayApiConfig` `cloudasset.assets.exportApigatewayGateway` `cloudasset.assets.exportApikeysKeys` `cloudasset.assets.exportAppengineApplications` `cloudasset.assets.exportAppengineServices` `cloudasset.assets.exportAppengineVersions` `cloudasset.assets.exportArtifactregistryDockerImages` `cloudasset.assets.exportArtifactregistryRepositories` `cloudasset.assets.exportAssuredWorkloadsWorkloads` `cloudasset.assets.exportBeyondCorpApiGateways` `cloudasset.assets.exportBeyondCorpAppConnections` `cloudasset.assets.exportBeyondCorpAppConnectors` `cloudasset.assets.exportBeyondCorpAppGateways` `cloudasset.assets.exportBeyondCorpClientConnectorServices` `cloudasset.assets.exportBeyondCorpClientGateways` `cloudasset.assets.exportBigqueryDatasets` `cloudasset.assets.exportBigqueryModels` `cloudasset.assets.exportBigqueryTables` `cloudasset.assets.exportBigtableAppProfile` `cloudasset.assets.exportBigtableBackup` `cloudasset.assets.exportBigtableCluster` `cloudasset.assets.exportBigtableInstance` `cloudasset.assets.exportBigtableTable` `cloudasset.assets.exportCloudAssetFeeds` `cloudasset.assets.exportCloudDeployDeliveryPipelines` `cloudasset.assets.exportCloudDeployReleases` `cloudasset.assets.exportCloudDeployRollouts` `cloudasset.assets.exportCloudDeployTargets` `cloudasset.assets.exportCloudDocumentAIEvaluation` `cloudasset.assets.exportCloudDocumentAIHumanReviewConfig` `cloudasset.assets.exportCloudDocumentAILabelerPool` `cloudasset.assets.exportCloudDocumentAIProcessor` `cloudasset.assets.exportCloudDocumentAIProcessorVersion` `cloudasset.assets.exportCloudbillingBillingAccounts` `cloudasset.assets.exportCloudbillingProjectBillingInfos` `cloudasset.assets.exportCloudfunctionsFunctions` `cloudasset.assets.exportCloudfunctionsGen2Functions` `cloudasset.assets.exportCloudkmsCryptoKeyVersions` `cloudasset.assets.exportCloudkmsCryptoKeys` `cloudasset.assets.exportCloudkmsEkmConnections` `cloudasset.assets.exportCloudkmsImportJobs` `cloudasset.assets.exportCloudkmsKeyRings` `cloudasset.assets.exportCloudmemcacheInstances` `cloudasset.assets.exportCloudresourcemanagerFolders` `cloudasset.assets.exportCloudresourcemanagerOrganizations` `cloudasset.assets.exportCloudresourcemanagerProjects` `cloudasset.assets.exportCloudresourcemanagerTagBindings` `cloudasset.assets.exportCloudresourcemanagerTagKeys` `cloudasset.assets.exportCloudresourcemanagerTagValues` `cloudasset.assets.exportComposerEnvironments` `cloudasset.assets.exportComputeAddress` `cloudasset.assets.exportComputeAutoscalers` `cloudasset.assets.exportComputeBackendBuckets` `cloudasset.assets.exportComputeBackendServices` `cloudasset.assets.exportComputeCommitments` `cloudasset.assets.exportComputeDisks` `cloudasset.assets.exportComputeExternalVpnGateways` `cloudasset.assets.exportComputeFirewallPolicies` `cloudasset.assets.exportComputeFirewalls` `cloudasset.assets.exportComputeForwardingRules` `cloudasset.assets.exportComputeGlobalAddress` `cloudasset.assets.exportComputeGlobalForwardingRules` `cloudasset.assets.exportComputeHealthChecks` `cloudasset.assets.exportComputeHttpHealthChecks` `cloudasset.assets.exportComputeHttpsHealthChecks` `cloudasset.assets.exportComputeImages` `cloudasset.assets.exportComputeInstanceGroupManagers` `cloudasset.assets.exportComputeInstanceGroups` `cloudasset.assets.exportComputeInstanceTemplates` `cloudasset.assets.exportComputeInstances` `cloudasset.assets.exportComputeInterconnect` `cloudasset.assets.exportComputeInterconnectAttachment` `cloudasset.assets.exportComputeLicenses` `cloudasset.assets.exportComputeNetworkEndpointGroups` `cloudasset.assets.exportComputeNetworks` `cloudasset.assets.exportComputeNodeGroups` `cloudasset.assets.exportComputeNodeTemplates` `cloudasset.assets.exportComputePacketMirrorings` `cloudasset.assets.exportComputeProjects` `cloudasset.assets.exportComputeRegionAutoscaler` `cloudasset.assets.exportComputeRegionBackendServices` `cloudasset.assets.exportComputeRegionDisk` `cloudasset.assets.exportComputeRegionInstanceGroup` `cloudasset.assets.exportComputeRegionInstanceGroupManager` `cloudasset.assets.exportComputeReservations` `cloudasset.assets.exportComputeResourcePolicies` `cloudasset.assets.exportComputeRouters` `cloudasset.assets.exportComputeRoutes` `cloudasset.assets.exportComputeSecurityPolicy` `cloudasset.assets.exportComputeServiceAttachments` `cloudasset.assets.exportComputeSnapshots` `cloudasset.assets.exportComputeSslCertificates` `cloudasset.assets.exportComputeSslPolicies` `cloudasset.assets.exportComputeSubnetworks` `cloudasset.assets.exportComputeTargetHttpProxies` `cloudasset.assets.exportComputeTargetHttpsProxies` `cloudasset.assets.exportComputeTargetInstances` `cloudasset.assets.exportComputeTargetPools` `cloudasset.assets.exportComputeTargetSslProxies` `cloudasset.assets.exportComputeTargetTcpProxies` `cloudasset.assets.exportComputeTargetVpnGateways` `cloudasset.assets.exportComputeUrlMaps` `cloudasset.assets.exportComputeVpnGateways` `cloudasset.assets.exportComputeVpnTunnels` `cloudasset.assets.exportConnectorsConnections` `cloudasset.assets.exportConnectorsConnectorVersions` `cloudasset.assets.exportConnectorsConnectors` `cloudasset.assets.exportConnectorsProviders` `cloudasset.assets.exportConnectorsRuntimeConfigs` `cloudasset.assets.exportContainerAppsDeployment` `cloudasset.assets.exportContainerAppsReplicaSets` `cloudasset.assets.exportContainerBatchJobs` `cloudasset.assets.exportContainerClusterrole` `cloudasset.assets.exportContainerClusterrolebinding` `cloudasset.assets.exportContainerClusters` `cloudasset.assets.exportContainerExtensionsIngresses` `cloudasset.assets.exportContainerJobs` `cloudasset.assets.exportContainerNamespace` `cloudasset.assets.exportContainerNetworkingIngresses` `cloudasset.assets.exportContainerNetworkingNetworkPolicies` `cloudasset.assets.exportContainerNode` `cloudasset.assets.exportContainerNodepool` `cloudasset.assets.exportContainerPod` `cloudasset.assets.exportContainerReplicaSets` `cloudasset.assets.exportContainerRole` `cloudasset.assets.exportContainerRolebinding` `cloudasset.assets.exportContainerServices` `cloudasset.assets.exportContainerregistryImage` `cloudasset.assets.exportDataMigrationConnectionProfiles` `cloudasset.assets.exportDataMigrationMigrationJobs` `cloudasset.assets.exportDataflowJobs` `cloudasset.assets.exportDatafusionInstance` `cloudasset.assets.exportDataplexAssets` `cloudasset.assets.exportDataplexLakes` `cloudasset.assets.exportDataplexTasks` `cloudasset.assets.exportDataplexZones` `cloudasset.assets.exportDataprocAutoscalingPolicies` `cloudasset.assets.exportDataprocBatches` `cloudasset.assets.exportDataprocClusters` `cloudasset.assets.exportDataprocJobs` `cloudasset.assets.exportDataprocSessions` `cloudasset.assets.exportDataprocWorkflowTemplates` `cloudasset.assets.exportDatastreamConnectionProfile` `cloudasset.assets.exportDatastreamPrivateConnection` `cloudasset.assets.exportDatastreamStream` `cloudasset.assets.exportDialogflowAgents` `cloudasset.assets.exportDialogflowConversationProfiles` `cloudasset.assets.exportDialogflowKnowledgeBases` `cloudasset.assets.exportDialogflowLocationSettings` `cloudasset.assets.exportDlpDeidentifyTemplates` `cloudasset.assets.exportDlpDlpJobs` `cloudasset.assets.exportDlpInspectTemplates` `cloudasset.assets.exportDlpJobTriggers` `cloudasset.assets.exportDlpStoredInfoTypes` `cloudasset.assets.exportDnsManagedZones` `cloudasset.assets.exportDnsPolicies` `cloudasset.assets.exportDomainsRegistrations` `cloudasset.assets.exportEventarcTriggers` `cloudasset.assets.exportFileBackups` `cloudasset.assets.exportFileInstances` `cloudasset.assets.exportFirebaseAppInfos` `cloudasset.assets.exportFirebaseProjects` `cloudasset.assets.exportFirestoreDatabases` `cloudasset.assets.exportGKEHubFeatures` `cloudasset.assets.exportGKEHubMemberships` `cloudasset.assets.exportGameservicesGameServerClusters` `cloudasset.assets.exportGameservicesGameServerConfigs` `cloudasset.assets.exportGameservicesGameServerDeployments` `cloudasset.assets.exportGameservicesRealms` `cloudasset.assets.exportGkeBackupBackupPlans` `cloudasset.assets.exportGkeBackupBackups` `cloudasset.assets.exportGkeBackupRestorePlans` `cloudasset.assets.exportGkeBackupRestores` `cloudasset.assets.exportGkeBackupVolumeBackups` `cloudasset.assets.exportGkeBackupVolumeRestores` `cloudasset.assets.exportHealthcareConsentStores` `cloudasset.assets.exportHealthcareDatasets` `cloudasset.assets.exportHealthcareDicomStores` `cloudasset.assets.exportHealthcareFhirStores` `cloudasset.assets.exportHealthcareHl7V2Stores` `cloudasset.assets.exportIamPolicy` `cloudasset.assets.exportIamRoles` `cloudasset.assets.exportIamServiceAccountKeys` `cloudasset.assets.exportIamServiceAccounts` `cloudasset.assets.exportIapTunnel` `cloudasset.assets.exportIapTunnelInstances` `cloudasset.assets.exportIapTunnelZones` `cloudasset.assets.exportIapWeb` `cloudasset.assets.exportIapWebServiceVersion` `cloudasset.assets.exportIapWebServices` `cloudasset.assets.exportIapWebType` `cloudasset.assets.exportIdsEndpoints` `cloudasset.assets.exportIntegrationsAuthConfigs` `cloudasset.assets.exportIntegrationsCertificates` `cloudasset.assets.exportIntegrationsExecutions` `cloudasset.assets.exportIntegrationsIntegrationVersions` `cloudasset.assets.exportIntegrationsIntegrations` `cloudasset.assets.exportIntegrationsSfdcChannels` `cloudasset.assets.exportIntegrationsSfdcInstances` `cloudasset.assets.exportIntegrationsSuspensions` `cloudasset.assets.exportLoggingLogMetrics` `cloudasset.assets.exportLoggingLogSinks` `cloudasset.assets.exportManagedidentitiesDomain` `cloudasset.assets.exportMetastoreBackups` `cloudasset.assets.exportMetastoreMetadataImports` `cloudasset.assets.exportMetastoreServices` `cloudasset.assets.exportMonitoringAlertPolicies` `cloudasset.assets.exportNetworkConnectivityHubs` `cloudasset.assets.exportNetworkConnectivitySpokes` `cloudasset.assets.exportNetworkManagementConnectivityTests` `cloudasset.assets.exportNetworkServicesEndpointPolicies` `cloudasset.assets.exportNetworkServicesGateways` `cloudasset.assets.exportNetworkServicesGrpcRoutes` `cloudasset.assets.exportNetworkServicesHttpRoutes` `cloudasset.assets.exportNetworkServicesMeshes` `cloudasset.assets.exportNetworkServicesServiceBindings` `cloudasset.assets.exportNetworkServicesTcpRoutes` `cloudasset.assets.exportNetworkServicesTlsRoutes` `cloudasset.assets.exportOSConfigOSPolicyAssignmentReports` `cloudasset.assets.exportOSConfigOSPolicyAssignments` `cloudasset.assets.exportOSConfigVulnerabilityReports` `cloudasset.assets.exportOSInventories` `cloudasset.assets.exportOrgPolicy` `cloudasset.assets.exportPatchDeployments` `cloudasset.assets.exportPubsubSnapshots` `cloudasset.assets.exportPubsubSubscriptions` `cloudasset.assets.exportPubsubTopics` `cloudasset.assets.exportRedisInstances` `cloudasset.assets.exportResource` `cloudasset.assets.exportSecretManagerSecretVersions` `cloudasset.assets.exportSecretManagerSecrets` `cloudasset.assets.exportServiceDirectoryNamespaces` `cloudasset.assets.exportServicePerimeter` `cloudasset.assets.exportServiceconsumermanagementConsumerProperty` `cloudasset.assets.exportServiceconsumermanagementConsumerQuotaLimits` `cloudasset.assets.exportServiceconsumermanagementConsumers` `cloudasset.assets.exportServiceconsumermanagementProducerOverrides` `cloudasset.assets.exportServiceconsumermanagementTenancyUnits` `cloudasset.assets.exportServiceconsumermanagementVisibility` `cloudasset.assets.exportServicemanagementServices` `cloudasset.assets.exportServiceusageAdminOverrides` `cloudasset.assets.exportServiceusageConsumerOverrides` `cloudasset.assets.exportServiceusageServices` `cloudasset.assets.exportSpannerBackups` `cloudasset.assets.exportSpannerDatabases` `cloudasset.assets.exportSpannerInstances` `cloudasset.assets.exportSpeakerIdPhrases` `cloudasset.assets.exportSpeakerIdSettings` `cloudasset.assets.exportSpeakerIdSpeakers` `cloudasset.assets.exportSpeechCustomClasses` `cloudasset.assets.exportSpeechPhraseSets` `cloudasset.assets.exportSqladminBackupRuns` `cloudasset.assets.exportSqladminInstances` `cloudasset.assets.exportStorageBuckets` `cloudasset.assets.exportTpuNodes` `cloudasset.assets.exportVpcaccessConnector` `cloudasset.assets.listAccessLevel` `cloudasset.assets.listAccessPolicy` `cloudasset.assets.listAiplatformBatchPredictionJobs` `cloudasset.assets.listAiplatformCustomJobs` `cloudasset.assets.listAiplatformDataLabelingJobs` `cloudasset.assets.listAiplatformDatasets` `cloudasset.assets.listAiplatformEndpoints` `cloudasset.assets.listAiplatformHyperparameterTuningJobs` `cloudasset.assets.listAiplatformMetadataStores` `cloudasset.assets.listAiplatformModelDeploymentMonitoringJobs` `cloudasset.assets.listAiplatformModels` `cloudasset.assets.listAiplatformPipelineJobs` `cloudasset.assets.listAiplatformSpecialistPools` `cloudasset.assets.listAiplatformTrainingPipelines` `cloudasset.assets.listAllAccessPolicy` `cloudasset.assets.listAnthosConnectedCluster` `cloudasset.assets.listAnthosedgeCluster` `cloudasset.assets.listApigatewayApi` `cloudasset.assets.listApigatewayApiConfig` `cloudasset.assets.listApigatewayGateway` `cloudasset.assets.listApikeysKeys` `cloudasset.assets.listAppengineApplications` `cloudasset.assets.listAppengineServices` `cloudasset.assets.listAppengineVersions` `cloudasset.assets.listArtifactregistryDockerImages` `cloudasset.assets.listArtifactregistryRepositories` `cloudasset.assets.listAssuredWorkloadsWorkloads` `cloudasset.assets.listBeyondCorpApiGateways` `cloudasset.assets.listBeyondCorpAppConnections` `cloudasset.assets.listBeyondCorpAppConnectors` `cloudasset.assets.listBeyondCorpAppGateways` `cloudasset.assets.listBeyondCorpClientConnectorServices` `cloudasset.assets.listBeyondCorpClientGateways` `cloudasset.assets.listBigqueryDatasets` `cloudasset.assets.listBigqueryModels` `cloudasset.assets.listBigqueryTables` `cloudasset.assets.listBigtableAppProfile` `cloudasset.assets.listBigtableBackup` `cloudasset.assets.listBigtableCluster` `cloudasset.assets.listBigtableInstance` `cloudasset.assets.listBigtableTable` `cloudasset.assets.listCloudAssetFeeds` `cloudasset.assets.listCloudDeployDeliveryPipelines` `cloudasset.assets.listCloudDeployReleases` `cloudasset.assets.listCloudDeployRollouts` `cloudasset.assets.listCloudDeployTargets` `cloudasset.assets.listCloudDocumentAIEvaluation` `cloudasset.assets.listCloudDocumentAIHumanReviewConfig` `cloudasset.assets.listCloudDocumentAILabelerPool` `cloudasset.assets.listCloudDocumentAIProcessor` `cloudasset.assets.listCloudDocumentAIProcessorVersion` `cloudasset.assets.listCloudbillingBillingAccounts` `cloudasset.assets.listCloudbillingProjectBillingInfos` `cloudasset.assets.listCloudfunctionsFunctions` `cloudasset.assets.listCloudfunctionsGen2Functions` `cloudasset.assets.listCloudkmsCryptoKeyVersions` `cloudasset.assets.listCloudkmsCryptoKeys` `cloudasset.assets.listCloudkmsEkmConnections` `cloudasset.assets.listCloudkmsImportJobs` `cloudasset.assets.listCloudkmsKeyRings` `cloudasset.assets.listCloudmemcacheInstances` `cloudasset.assets.listCloudresourcemanagerFolders` `cloudasset.assets.listCloudresourcemanagerOrganizations` `cloudasset.assets.listCloudresourcemanagerProjects` `cloudasset.assets.listCloudresourcemanagerTagBindings` `cloudasset.assets.listCloudresourcemanagerTagKeys` `cloudasset.assets.listCloudresourcemanagerTagValues` `cloudasset.assets.listComposerEnvironments` `cloudasset.assets.listComputeAddress` `cloudasset.assets.listComputeAutoscalers` `cloudasset.assets.listComputeBackendBuckets` `cloudasset.assets.listComputeBackendServices` `cloudasset.assets.listComputeCommitments` `cloudasset.assets.listComputeDisks` `cloudasset.assets.listComputeExternalVpnGateways` `cloudasset.assets.listComputeFirewallPolicies` `cloudasset.assets.listComputeFirewalls` `cloudasset.assets.listComputeForwardingRules` `cloudasset.assets.listComputeGlobalAddress` `cloudasset.assets.listComputeGlobalForwardingRules` `cloudasset.assets.listComputeHealthChecks` `cloudasset.assets.listComputeHttpHealthChecks` `cloudasset.assets.listComputeHttpsHealthChecks` `cloudasset.assets.listComputeImages` `cloudasset.assets.listComputeInstanceGroupManagers` `cloudasset.assets.listComputeInstanceGroups` `cloudasset.assets.listComputeInstanceTemplates` `cloudasset.assets.listComputeInstances` `cloudasset.assets.listComputeInterconnect` `cloudasset.assets.listComputeInterconnectAttachment` `cloudasset.assets.listComputeLicenses` `cloudasset.assets.listComputeNetworkEndpointGroups` `cloudasset.assets.listComputeNetworks` `cloudasset.assets.listComputeNodeGroups` `cloudasset.assets.listComputeNodeTemplates` `cloudasset.assets.listComputePacketMirrorings` `cloudasset.assets.listComputeProjects` `cloudasset.assets.listComputeRegionAutoscaler` `cloudasset.assets.listComputeRegionBackendServices` `cloudasset.assets.listComputeRegionDisk` `cloudasset.assets.listComputeRegionInstanceGroup` `cloudasset.assets.listComputeRegionInstanceGroupManager` `cloudasset.assets.listComputeReservations` `cloudasset.assets.listComputeResourcePolicies` `cloudasset.assets.listComputeRouters` `cloudasset.assets.listComputeRoutes` `cloudasset.assets.listComputeSecurityPolicy` `cloudasset.assets.listComputeServiceAttachments` `cloudasset.assets.listComputeSnapshots` `cloudasset.assets.listComputeSslCertificates` `cloudasset.assets.listComputeSslPolicies` `cloudasset.assets.listComputeSubnetworks` `cloudasset.assets.listComputeTargetHttpProxies` `cloudasset.assets.listComputeTargetHttpsProxies` `cloudasset.assets.listComputeTargetInstances` `cloudasset.assets.listComputeTargetPools` `cloudasset.assets.listComputeTargetSslProxies` `cloudasset.assets.listComputeTargetTcpProxies` `cloudasset.assets.listComputeTargetVpnGateways` `cloudasset.assets.listComputeUrlMaps` `cloudasset.assets.listComputeVpnGateways` `cloudasset.assets.listComputeVpnTunnels` `cloudasset.assets.listConnectorsConnections` `cloudasset.assets.listConnectorsConnectorVersions` `cloudasset.assets.listConnectorsConnectors` `cloudasset.assets.listConnectorsProviders` `cloudasset.assets.listConnectorsRuntimeConfigs` `cloudasset.assets.listContainerAppsDeployment` `cloudasset.assets.listContainerAppsReplicaSets` `cloudasset.assets.listContainerBatchJobs` `cloudasset.assets.listContainerClusterrole` `cloudasset.assets.listContainerClusterrolebinding` `cloudasset.assets.listContainerClusters` `cloudasset.assets.listContainerExtensionsIngresses` `cloudasset.assets.listContainerJobs` `cloudasset.assets.listContainerNamespace` `cloudasset.assets.listContainerNetworkingIngresses` `cloudasset.assets.listContainerNetworkingNetworkPolicies` `cloudasset.assets.listContainerNode` `cloudasset.assets.listContainerNodepool` `cloudasset.assets.listContainerPod` `cloudasset.assets.listContainerReplicaSets` `cloudasset.assets.listContainerRole` `cloudasset.assets.listContainerRolebinding` `cloudasset.assets.listContainerServices` `cloudasset.assets.listContainerregistryImage` `cloudasset.assets.listDataMigrationConnectionProfiles` `cloudasset.assets.listDataMigrationMigrationJobs` `cloudasset.assets.listDataflowJobs` `cloudasset.assets.listDatafusionInstance` `cloudasset.assets.listDataplexAssets` `cloudasset.assets.listDataplexLakes` `cloudasset.assets.listDataplexTasks` `cloudasset.assets.listDataplexZones` `cloudasset.assets.listDataprocAutoscalingPolicies` `cloudasset.assets.listDataprocBatches` `cloudasset.assets.listDataprocClusters` `cloudasset.assets.listDataprocJobs` `cloudasset.assets.listDataprocSessions` `cloudasset.assets.listDataprocWorkflowTemplates` `cloudasset.assets.listDatastreamConnectionProfile` `cloudasset.assets.listDatastreamPrivateConnection` `cloudasset.assets.listDatastreamStream` `cloudasset.assets.listDialogflowAgents` `cloudasset.assets.listDialogflowConversationProfiles` `cloudasset.assets.listDialogflowKnowledgeBases` `cloudasset.assets.listDialogflowLocationSettings` `cloudasset.assets.listDlpDeidentifyTemplates` `cloudasset.assets.listDlpDlpJobs` `cloudasset.assets.listDlpInspectTemplates` `cloudasset.assets.listDlpJobTriggers` `cloudasset.assets.listDlpStoredInfoTypes` `cloudasset.assets.listDnsManagedZones` `cloudasset.assets.listDnsPolicies` `cloudasset.assets.listDomainsRegistrations` `cloudasset.assets.listEventarcTriggers` `cloudasset.assets.listFileBackups` `cloudasset.assets.listFileInstances` `cloudasset.assets.listFirebaseAppInfos` `cloudasset.assets.listFirebaseProjects` `cloudasset.assets.listFirestoreDatabases` `cloudasset.assets.listGKEHubFeatures` `cloudasset.assets.listGKEHubMemberships` `cloudasset.assets.listGameservicesGameServerClusters` `cloudasset.assets.listGameservicesGameServerConfigs` `cloudasset.assets.listGameservicesGameServerDeployments` `cloudasset.assets.listGameservicesRealms` `cloudasset.assets.listGkeBackupBackupPlans` `cloudasset.assets.listGkeBackupBackups` `cloudasset.assets.listGkeBackupRestorePlans` `cloudasset.assets.listGkeBackupRestores` `cloudasset.assets.listGkeBackupVolumeBackups` `cloudasset.assets.listGkeBackupVolumeRestores` `cloudasset.assets.listHealthcareConsentStores` `cloudasset.assets.listHealthcareDatasets` `cloudasset.assets.listHealthcareDicomStores` `cloudasset.assets.listHealthcareFhirStores` `cloudasset.assets.listHealthcareHl7V2Stores` `cloudasset.assets.listIamPolicy` `cloudasset.assets.listIamRoles` `cloudasset.assets.listIamServiceAccountKeys` `cloudasset.assets.listIamServiceAccounts` `cloudasset.assets.listIapTunnel` `cloudasset.assets.listIapTunnelInstances` `cloudasset.assets.listIapTunnelZones` `cloudasset.assets.listIapWeb` `cloudasset.assets.listIapWebServiceVersion` `cloudasset.assets.listIapWebServices` `cloudasset.assets.listIapWebType` `cloudasset.assets.listIdsEndpoints` `cloudasset.assets.listIntegrationsAuthConfigs` `cloudasset.assets.listIntegrationsCertificates` `cloudasset.assets.listIntegrationsExecutions` `cloudasset.assets.listIntegrationsIntegrationVersions` `cloudasset.assets.listIntegrationsIntegrations` `cloudasset.assets.listIntegrationsSfdcChannels` `cloudasset.assets.listIntegrationsSfdcInstances` `cloudasset.assets.listIntegrationsSuspensions` `cloudasset.assets.listLoggingLogMetrics` `cloudasset.assets.listLoggingLogSinks` `cloudasset.assets.listManagedidentitiesDomain` `cloudasset.assets.listMetastoreBackups` `cloudasset.assets.listMetastoreMetadataImports` `cloudasset.assets.listMetastoreServices` `cloudasset.assets.listMonitoringAlertPolicies` `cloudasset.assets.listNetworkConnectivityHubs` `cloudasset.assets.listNetworkConnectivitySpokes` `cloudasset.assets.listNetworkManagementConnectivityTests` `cloudasset.assets.listNetworkServicesEndpointPolicies` `cloudasset.assets.listNetworkServicesGateways` `cloudasset.assets.listNetworkServicesGrpcRoutes` `cloudasset.assets.listNetworkServicesHttpRoutes` `cloudasset.assets.listNetworkServicesMeshes` `cloudasset.assets.listNetworkServicesServiceBindings` `cloudasset.assets.listNetworkServicesTcpRoutes` `cloudasset.assets.listNetworkServicesTlsRoutes` `cloudasset.assets.listOSConfigOSPolicyAssignmentReports` `cloudasset.assets.listOSConfigOSPolicyAssignments` `cloudasset.assets.listOSConfigVulnerabilityReports` `cloudasset.assets.listOSInventories` `cloudasset.assets.listOrgPolicy` `cloudasset.assets.listPatchDeployments` `cloudasset.assets.listPubsubSnapshots` `cloudasset.assets.listPubsubSubscriptions` `cloudasset.assets.listPubsubTopics` `cloudasset.assets.listRedisInstances` `cloudasset.assets.listResource` `cloudasset.assets.listRunDomainMapping` `cloudasset.assets.listRunRevision` `cloudasset.assets.listRunService` `cloudasset.assets.listSecretManagerSecretVersions` `cloudasset.assets.listSecretManagerSecrets` `cloudasset.assets.listServiceDirectoryNamespaces` `cloudasset.assets.listServicePerimeter` `cloudasset.assets.listServiceconsumermanagementConsumerProperty` `cloudasset.assets.listServiceconsumermanagementConsumerQuotaLimits` `cloudasset.assets.listServiceconsumermanagementConsumers` `cloudasset.assets.listServiceconsumermanagementProducerOverrides` `cloudasset.assets.listServiceconsumermanagementTenancyUnits` `cloudasset.assets.listServiceconsumermanagementVisibility` `cloudasset.assets.listServicemanagementServices` `cloudasset.assets.listServiceusageAdminOverrides` `cloudasset.assets.listServiceusageConsumerOverrides` `cloudasset.assets.listServiceusageServices` `cloudasset.assets.listSpannerBackups` `cloudasset.assets.listSpannerDatabases` `cloudasset.assets.listSpannerInstances` `cloudasset.assets.listSpeakerIdPhrases` `cloudasset.assets.listSpeakerIdSettings` `cloudasset.assets.listSpeakerIdSpeakers` `cloudasset.assets.listSpeechCustomClasses` `cloudasset.assets.listSpeechPhraseSets` `cloudasset.assets.listSqladminBackupRuns` `cloudasset.assets.listSqladminInstances` `cloudasset.assets.listStorageBuckets` `cloudasset.assets.listTpuNodes` `cloudasset.assets.listVpcaccessConnector` `cloudasset.assets.queryAccessPolicy` `cloudasset.assets.queryIamPolicy` `cloudasset.assets.queryOSInventories` `cloudasset.assets.queryResource` `cloudasset.assets.searchAllIamPolicies` `cloudasset.assets.searchAllResources` `cloudasset.feeds.` `cloudasset.feeds.create` `cloudasset.feeds.delete` `cloudasset.feeds.get` `cloudasset.feeds.list` `cloudasset.feeds.update` `cloudasset.othercloudconnections.get` `cloudasset.othercloudconnections.list` `cloudasset.othercloudconnections.verify` `cloudsql.instances.connect` `cloudsql.users.list` `compute.disks.useReadOnly` `compute.globalOperations.get` `compute.instances.get` `compute.instances.list` `compute.networkEndpointGroups.get` `compute.projects.get` `compute.regionOperations.get` `compute.zoneOperations.get` `container.clusters.get` `iam.denypolicies.get` `iam.denypolicies.list` `iam.googleapis.com/workloadIdentityPoolProviders.list` `iam.googleapis.com/workloadIdentityPools.list` `logging.logEntries.list` `monitoring.alertPolicies.list` `monitoring.timeSeries.list` `orgpolicy.policies.list` `orgpolicy.policy.get` `recommender.cloudAssetInsights.get` `recommender.cloudAssetInsights.list` `recommender.locations.` `recommender.locations.get` `recommender.locations.list` `resourcemanager.folders.get` `resourcemanager.folders.list` `resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.getIamPolicy` `resourcemanager.projects.list` `resourcemanager.tagValues.get` `securitycenter.assets.list` `securitycenter.assetsecuritymarks.update` `securitycenter.findings.list` `securitycenter.notificationconfig.create` `securitycenter.notificationconfig.delete` `securitycenter.notificationconfig.update` `securitycenter.organizationsettings.get` `securitycenter.resourcevalueconfigs.get` `securitycenter.resourcevalueconfigs.list` `securitycenter.simulations.get` `securitycenter.sources.list` `securitycenter.valuedresources.list` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list` `securitycentermanagement.securityHealthAnalyticsCustomModules.create` `securitycentermanagement.securityHealthAnalyticsCustomModules.delete` `securitycentermanagement.securityHealthAnalyticsCustomModules.get` `securitycentermanagement.securityHealthAnalyticsCustomModules.list` `securitycentermanagement.securityHealthAnalyticsCustomModules.simulate` `securitycentermanagement.securityHealthAnalyticsCustomModules.update` `serviceusage.consumerpolicy.` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.consumerpolicy.update` `serviceusage.effectivepolicy.get` `serviceusage.groups.*` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.operations.get` `serviceusage.quotas.get` `serviceusage.services.disable` `serviceusage.services.enable` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test` `stackdriver.projects.get` `storage.buckets.get` `storage.buckets.getIamPolicy` `storage.buckets.list`

Attack Surface Management Scanner Service Agent

(roles/securitycenter.attackSurfaceManagementScannerServiceAgent)

Gives Mandiant Attack Surface Management the ability to scan Cloud Platform resources.

apigateway.apiconfigs.get

cloudasset.assets.listResource

dns.managedZones.list

dns.resourceRecordSets.list

resourcemanager.projects.get

Security Center Automation Service Agent

(roles/securitycenter.automationServiceAgent)

Security Center automation service agent can configure GCP resources to enable security scanning.

cloudasset.feeds.*

cloudasset.feeds.create
cloudasset.feeds.delete
cloudasset.feeds.get
cloudasset.feeds.list
cloudasset.feeds.update

resourcemanager.folders.get

resourcemanager.folders.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.list

serviceusage.consumerpolicy.*

serviceusage.consumerpolicy.analyze
serviceusage.consumerpolicy.get
serviceusage.consumerpolicy.update

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.services.enable

serviceusage.services.get

serviceusage.values.test

Security Center Control Service Agent

(roles/securitycenter.controlServiceAgent)

Security Center Control service agent can monitor and configure GCP resources and import security findings.

accesscontextmanager.gcpUserAccessBindings.get

accesscontextmanager.gcpUserAccessBindings.list

aiplatform.dataItems.list

aiplatform.datasets.list

aiplatform.models.list

bigquery.datasets.get

binaryauthorization.policy.get

cloudasset.assets.analyzeIamPolicy

cloudasset.assets.analyzeMove

cloudasset.assets.analyzeOrgPolicy

cloudasset.assets.exportAccessLevel

cloudasset.assets.exportAccessPolicy

cloudasset.assets.exportAiplatformBatchPredictionJobs

cloudasset.assets.exportAiplatformCustomJobs

cloudasset.assets.exportAiplatformDataLabelingJobs

cloudasset.assets.exportAiplatformDatasets

cloudasset.assets.exportAiplatformEndpoints

cloudasset.assets.exportAiplatformHyperparameterTuningJobs

cloudasset.assets.exportAiplatformMetadataStores

cloudasset.assets.exportAiplatformModelDeploymentMonitoringJobs

cloudasset.assets.exportAiplatformModels

cloudasset.assets.exportAiplatformPipelineJobs

cloudasset.assets.exportAiplatformSpecialistPools

cloudasset.assets.exportAiplatformTrainingPipelines

cloudasset.assets.exportAllAccessPolicy

cloudasset.assets.exportAnthosConnectedCluster

cloudasset.assets.exportAnthosedgeCluster

cloudasset.assets.exportApigatewayApi

cloudasset.assets.exportApigatewayApiConfig

cloudasset.assets.exportApigatewayGateway

cloudasset.assets.exportApikeysKeys

cloudasset.assets.exportAppengineApplications

cloudasset.assets.exportAppengineServices

cloudasset.assets.exportAppengineVersions

cloudasset.assets.exportArtifactregistryDockerImages

cloudasset.assets.exportArtifactregistryRepositories

cloudasset.assets.exportAssuredWorkloadsWorkloads

cloudasset.assets.exportBeyondCorpApiGateways

cloudasset.assets.exportBeyondCorpAppConnections

cloudasset.assets.exportBeyondCorpAppConnectors

cloudasset.assets.exportBeyondCorpAppGateways

cloudasset.assets.exportBeyondCorpClientConnectorServices

cloudasset.assets.exportBeyondCorpClientGateways

cloudasset.assets.exportBigqueryDatasets

cloudasset.assets.exportBigqueryModels

cloudasset.assets.exportBigqueryTables

cloudasset.assets.exportBigtableAppProfile

cloudasset.assets.exportBigtableBackup

cloudasset.assets.exportBigtableCluster

cloudasset.assets.exportBigtableInstance

cloudasset.assets.exportBigtableTable

cloudasset.assets.exportCloudAssetFeeds

cloudasset.assets.exportCloudDeployDeliveryPipelines

cloudasset.assets.exportCloudDeployReleases

cloudasset.assets.exportCloudDeployRollouts

cloudasset.assets.exportCloudDeployTargets

cloudasset.assets.exportCloudDocumentAIEvaluation

cloudasset.assets.exportCloudDocumentAIHumanReviewConfig

cloudasset.assets.exportCloudDocumentAILabelerPool

cloudasset.assets.exportCloudDocumentAIProcessor

cloudasset.assets.exportCloudDocumentAIProcessorVersion

cloudasset.assets.exportCloudbillingBillingAccounts

cloudasset.assets.exportCloudbillingProjectBillingInfos

cloudasset.assets.exportCloudfunctionsFunctions

cloudasset.assets.exportCloudfunctionsGen2Functions

cloudasset.assets.exportCloudkmsCryptoKeyVersions

cloudasset.assets.exportCloudkmsCryptoKeys

cloudasset.assets.exportCloudkmsEkmConnections

cloudasset.assets.exportCloudkmsImportJobs

cloudasset.assets.exportCloudkmsKeyRings

cloudasset.assets.exportCloudmemcacheInstances

cloudasset.assets.exportCloudresourcemanagerFolders

cloudasset.assets.exportCloudresourcemanagerOrganizations

cloudasset.assets.exportCloudresourcemanagerProjects

cloudasset.assets.exportCloudresourcemanagerTagBindings

cloudasset.assets.exportCloudresourcemanagerTagKeys

cloudasset.assets.exportCloudresourcemanagerTagValues

cloudasset.assets.exportComposerEnvironments

cloudasset.assets.exportComputeAddress

cloudasset.assets.exportComputeAutoscalers

cloudasset.assets.exportComputeBackendBuckets

cloudasset.assets.exportComputeBackendServices

cloudasset.assets.exportComputeCommitments

cloudasset.assets.exportComputeDisks

cloudasset.assets.exportComputeExternalVpnGateways

cloudasset.assets.exportComputeFirewallPolicies

cloudasset.assets.exportComputeFirewalls

cloudasset.assets.exportComputeForwardingRules

cloudasset.assets.exportComputeGlobalAddress

cloudasset.assets.exportComputeGlobalForwardingRules

cloudasset.assets.exportComputeHealthChecks

cloudasset.assets.exportComputeHttpHealthChecks

cloudasset.assets.exportComputeHttpsHealthChecks

cloudasset.assets.exportComputeImages

cloudasset.assets.exportComputeInstanceGroupManagers

cloudasset.assets.exportComputeInstanceGroups

cloudasset.assets.exportComputeInstanceTemplates

cloudasset.assets.exportComputeInstances

cloudasset.assets.exportComputeInterconnect

cloudasset.assets.exportComputeInterconnectAttachment

cloudasset.assets.exportComputeLicenses

cloudasset.assets.exportComputeNetworkEndpointGroups

cloudasset.assets.exportComputeNetworks

cloudasset.assets.exportComputeNodeGroups

cloudasset.assets.exportComputeNodeTemplates

cloudasset.assets.exportComputePacketMirrorings

cloudasset.assets.exportComputeProjects

cloudasset.assets.exportComputeRegionAutoscaler

cloudasset.assets.exportComputeRegionBackendServices

cloudasset.assets.exportComputeRegionDisk

cloudasset.assets.exportComputeRegionInstanceGroup

cloudasset.assets.exportComputeRegionInstanceGroupManager

cloudasset.assets.exportComputeReservations

cloudasset.assets.exportComputeResourcePolicies

cloudasset.assets.exportComputeRouters

cloudasset.assets.exportComputeRoutes

cloudasset.assets.exportComputeSecurityPolicy

cloudasset.assets.exportComputeServiceAttachments

cloudasset.assets.exportComputeSnapshots

cloudasset.assets.exportComputeSslCertificates

cloudasset.assets.exportComputeSslPolicies

cloudasset.assets.exportComputeSubnetworks

cloudasset.assets.exportComputeTargetHttpProxies

cloudasset.assets.exportComputeTargetHttpsProxies

cloudasset.assets.exportComputeTargetInstances

cloudasset.assets.exportComputeTargetPools

cloudasset.assets.exportComputeTargetSslProxies

cloudasset.assets.exportComputeTargetTcpProxies

cloudasset.assets.exportComputeTargetVpnGateways

cloudasset.assets.exportComputeUrlMaps

cloudasset.assets.exportComputeVpnGateways

cloudasset.assets.exportComputeVpnTunnels

cloudasset.assets.exportConnectorsConnections

cloudasset.assets.exportConnectorsConnectorVersions

cloudasset.assets.exportConnectorsConnectors

cloudasset.assets.exportConnectorsProviders

cloudasset.assets.exportConnectorsRuntimeConfigs

cloudasset.assets.exportContainerAppsDeployment

cloudasset.assets.exportContainerAppsReplicaSets

cloudasset.assets.exportContainerBatchJobs

cloudasset.assets.exportContainerClusterrole

cloudasset.assets.exportContainerClusterrolebinding

cloudasset.assets.exportContainerClusters

cloudasset.assets.exportContainerExtensionsIngresses

cloudasset.assets.exportContainerJobs

cloudasset.assets.exportContainerNamespace

cloudasset.assets.exportContainerNetworkingIngresses

cloudasset.assets.exportContainerNetworkingNetworkPolicies

cloudasset.assets.exportContainerNode

cloudasset.assets.exportContainerNodepool

cloudasset.assets.exportContainerPod

cloudasset.assets.exportContainerReplicaSets

cloudasset.assets.exportContainerRole

cloudasset.assets.exportContainerRolebinding

cloudasset.assets.exportContainerServices

cloudasset.assets.exportContainerregistryImage

cloudasset.assets.exportDataMigrationConnectionProfiles

cloudasset.assets.exportDataMigrationMigrationJobs

cloudasset.assets.exportDataflowJobs

cloudasset.assets.exportDatafusionInstance

cloudasset.assets.exportDataplexAssets

cloudasset.assets.exportDataplexLakes

cloudasset.assets.exportDataplexTasks

cloudasset.assets.exportDataplexZones

cloudasset.assets.exportDataprocAutoscalingPolicies

cloudasset.assets.exportDataprocBatches

cloudasset.assets.exportDataprocClusters

cloudasset.assets.exportDataprocJobs

cloudasset.assets.exportDataprocSessions

cloudasset.assets.exportDataprocWorkflowTemplates

cloudasset.assets.exportDatastreamConnectionProfile

cloudasset.assets.exportDatastreamPrivateConnection

cloudasset.assets.exportDatastreamStream

cloudasset.assets.exportDialogflowAgents

cloudasset.assets.exportDialogflowConversationProfiles

cloudasset.assets.exportDialogflowKnowledgeBases

cloudasset.assets.exportDialogflowLocationSettings

cloudasset.assets.exportDlpDeidentifyTemplates

cloudasset.assets.exportDlpDlpJobs

cloudasset.assets.exportDlpInspectTemplates

cloudasset.assets.exportDlpJobTriggers

cloudasset.assets.exportDlpStoredInfoTypes

cloudasset.assets.exportDnsManagedZones

cloudasset.assets.exportDnsPolicies

cloudasset.assets.exportDomainsRegistrations

cloudasset.assets.exportEventarcTriggers

cloudasset.assets.exportFileBackups

cloudasset.assets.exportFileInstances

cloudasset.assets.exportFirebaseAppInfos

cloudasset.assets.exportFirebaseProjects

cloudasset.assets.exportFirestoreDatabases

cloudasset.assets.exportGKEHubFeatures

cloudasset.assets.exportGKEHubMemberships

cloudasset.assets.exportGameservicesGameServerClusters

cloudasset.assets.exportGameservicesGameServerConfigs

cloudasset.assets.exportGameservicesGameServerDeployments

cloudasset.assets.exportGameservicesRealms

cloudasset.assets.exportGkeBackupBackupPlans

cloudasset.assets.exportGkeBackupBackups

cloudasset.assets.exportGkeBackupRestorePlans

cloudasset.assets.exportGkeBackupRestores

cloudasset.assets.exportGkeBackupVolumeBackups

cloudasset.assets.exportGkeBackupVolumeRestores

cloudasset.assets.exportHealthcareConsentStores

cloudasset.assets.exportHealthcareDatasets

cloudasset.assets.exportHealthcareDicomStores

cloudasset.assets.exportHealthcareFhirStores

cloudasset.assets.exportHealthcareHl7V2Stores

cloudasset.assets.exportIamPolicy

cloudasset.assets.exportIamRoles

cloudasset.assets.exportIamServiceAccountKeys

cloudasset.assets.exportIamServiceAccounts

cloudasset.assets.exportIapTunnel

cloudasset.assets.exportIapTunnelInstances

cloudasset.assets.exportIapTunnelZones

cloudasset.assets.exportIapWeb

cloudasset.assets.exportIapWebServiceVersion

cloudasset.assets.exportIapWebServices

cloudasset.assets.exportIapWebType

cloudasset.assets.exportIdsEndpoints

cloudasset.assets.exportIntegrationsAuthConfigs

cloudasset.assets.exportIntegrationsCertificates

cloudasset.assets.exportIntegrationsExecutions

cloudasset.assets.exportIntegrationsIntegrationVersions

cloudasset.assets.exportIntegrationsIntegrations

cloudasset.assets.exportIntegrationsSfdcChannels

cloudasset.assets.exportIntegrationsSfdcInstances

cloudasset.assets.exportIntegrationsSuspensions

cloudasset.assets.exportLoggingLogMetrics

cloudasset.assets.exportLoggingLogSinks

cloudasset.assets.exportManagedidentitiesDomain

cloudasset.assets.exportMetastoreBackups

cloudasset.assets.exportMetastoreMetadataImports

cloudasset.assets.exportMetastoreServices

cloudasset.assets.exportMonitoringAlertPolicies

cloudasset.assets.exportNetworkConnectivityHubs

cloudasset.assets.exportNetworkConnectivitySpokes

cloudasset.assets.exportNetworkManagementConnectivityTests

cloudasset.assets.exportNetworkServicesEndpointPolicies

cloudasset.assets.exportNetworkServicesGateways

cloudasset.assets.exportNetworkServicesGrpcRoutes

cloudasset.assets.exportNetworkServicesHttpRoutes

cloudasset.assets.exportNetworkServicesMeshes

cloudasset.assets.exportNetworkServicesServiceBindings

cloudasset.assets.exportNetworkServicesTcpRoutes

cloudasset.assets.exportNetworkServicesTlsRoutes

cloudasset.assets.exportOSConfigOSPolicyAssignmentReports

cloudasset.assets.exportOSConfigOSPolicyAssignments

cloudasset.assets.exportOSConfigVulnerabilityReports

cloudasset.assets.exportOSInventories

cloudasset.assets.exportOrgPolicy

cloudasset.assets.exportPatchDeployments

cloudasset.assets.exportPubsubSnapshots

cloudasset.assets.exportPubsubSubscriptions

cloudasset.assets.exportPubsubTopics

cloudasset.assets.exportRedisInstances

cloudasset.assets.exportResource

cloudasset.assets.exportSecretManagerSecretVersions

cloudasset.assets.exportSecretManagerSecrets

cloudasset.assets.exportServiceDirectoryNamespaces

cloudasset.assets.exportServicePerimeter

cloudasset.assets.exportServiceconsumermanagementConsumerProperty

cloudasset.assets.exportServiceconsumermanagementConsumerQuotaLimits

cloudasset.assets.exportServiceconsumermanagementConsumers

cloudasset.assets.exportServiceconsumermanagementProducerOverrides

cloudasset.assets.exportServiceconsumermanagementTenancyUnits

cloudasset.assets.exportServiceconsumermanagementVisibility

cloudasset.assets.exportServicemanagementServices

cloudasset.assets.exportServiceusageAdminOverrides

cloudasset.assets.exportServiceusageConsumerOverrides

cloudasset.assets.exportServiceusageServices

cloudasset.assets.exportSpannerBackups

cloudasset.assets.exportSpannerDatabases

cloudasset.assets.exportSpannerInstances

cloudasset.assets.exportSpeakerIdPhrases

cloudasset.assets.exportSpeakerIdSettings

cloudasset.assets.exportSpeakerIdSpeakers

cloudasset.assets.exportSpeechCustomClasses

cloudasset.assets.exportSpeechPhraseSets

cloudasset.assets.exportSqladminBackupRuns

cloudasset.assets.exportSqladminInstances

cloudasset.assets.exportStorageBuckets

cloudasset.assets.exportTpuNodes

cloudasset.assets.exportVpcaccessConnector

cloudasset.assets.listAccessLevel

cloudasset.assets.listAccessPolicy

cloudasset.assets.listAiplatformBatchPredictionJobs

cloudasset.assets.listAiplatformCustomJobs

cloudasset.assets.listAiplatformDataLabelingJobs

cloudasset.assets.listAiplatformDatasets

cloudasset.assets.listAiplatformEndpoints

cloudasset.assets.listAiplatformHyperparameterTuningJobs

cloudasset.assets.listAiplatformMetadataStores

cloudasset.assets.listAiplatformModelDeploymentMonitoringJobs

cloudasset.assets.listAiplatformModels

cloudasset.assets.listAiplatformPipelineJobs

cloudasset.assets.listAiplatformSpecialistPools

cloudasset.assets.listAiplatformTrainingPipelines

cloudasset.assets.listAllAccessPolicy

cloudasset.assets.listAnthosConnectedCluster

cloudasset.assets.listAnthosedgeCluster

cloudasset.assets.listApigatewayApi

cloudasset.assets.listApigatewayApiConfig

cloudasset.assets.listApigatewayGateway

cloudasset.assets.listApikeysKeys

cloudasset.assets.listAppengineApplications

cloudasset.assets.listAppengineServices

cloudasset.assets.listAppengineVersions

cloudasset.assets.listArtifactregistryDockerImages

cloudasset.assets.listArtifactregistryRepositories

cloudasset.assets.listAssuredWorkloadsWorkloads

cloudasset.assets.listBeyondCorpApiGateways

cloudasset.assets.listBeyondCorpAppConnections

cloudasset.assets.listBeyondCorpAppConnectors

cloudasset.assets.listBeyondCorpAppGateways

cloudasset.assets.listBeyondCorpClientConnectorServices

cloudasset.assets.listBeyondCorpClientGateways

cloudasset.assets.listBigqueryDatasets

cloudasset.assets.listBigqueryModels

cloudasset.assets.listBigqueryTables

cloudasset.assets.listBigtableAppProfile

cloudasset.assets.listBigtableBackup

cloudasset.assets.listBigtableCluster

cloudasset.assets.listBigtableInstance

cloudasset.assets.listBigtableTable

cloudasset.assets.listCloudAssetFeeds

cloudasset.assets.listCloudDeployDeliveryPipelines

cloudasset.assets.listCloudDeployReleases

cloudasset.assets.listCloudDeployRollouts

cloudasset.assets.listCloudDeployTargets

cloudasset.assets.listCloudDocumentAIEvaluation

cloudasset.assets.listCloudDocumentAIHumanReviewConfig

cloudasset.assets.listCloudDocumentAILabelerPool

cloudasset.assets.listCloudDocumentAIProcessor

cloudasset.assets.listCloudDocumentAIProcessorVersion

cloudasset.assets.listCloudbillingBillingAccounts

cloudasset.assets.listCloudbillingProjectBillingInfos

cloudasset.assets.listCloudfunctionsFunctions

cloudasset.assets.listCloudfunctionsGen2Functions

cloudasset.assets.listCloudkmsCryptoKeyVersions

cloudasset.assets.listCloudkmsCryptoKeys

cloudasset.assets.listCloudkmsEkmConnections

cloudasset.assets.listCloudkmsImportJobs

cloudasset.assets.listCloudkmsKeyRings

cloudasset.assets.listCloudmemcacheInstances

cloudasset.assets.listCloudresourcemanagerFolders

cloudasset.assets.listCloudresourcemanagerOrganizations

cloudasset.assets.listCloudresourcemanagerProjects

cloudasset.assets.listCloudresourcemanagerTagBindings

cloudasset.assets.listCloudresourcemanagerTagKeys

cloudasset.assets.listCloudresourcemanagerTagValues

cloudasset.assets.listComposerEnvironments

cloudasset.assets.listComputeAddress

cloudasset.assets.listComputeAutoscalers

cloudasset.assets.listComputeBackendBuckets

cloudasset.assets.listComputeBackendServices

cloudasset.assets.listComputeCommitments

cloudasset.assets.listComputeDisks

cloudasset.assets.listComputeExternalVpnGateways

cloudasset.assets.listComputeFirewallPolicies

cloudasset.assets.listComputeFirewalls

cloudasset.assets.listComputeForwardingRules

cloudasset.assets.listComputeGlobalAddress

cloudasset.assets.listComputeGlobalForwardingRules

cloudasset.assets.listComputeHealthChecks

cloudasset.assets.listComputeHttpHealthChecks

cloudasset.assets.listComputeHttpsHealthChecks

cloudasset.assets.listComputeImages

cloudasset.assets.listComputeInstanceGroupManagers

cloudasset.assets.listComputeInstanceGroups

cloudasset.assets.listComputeInstanceTemplates

cloudasset.assets.listComputeInstances

cloudasset.assets.listComputeInterconnect

cloudasset.assets.listComputeInterconnectAttachment

cloudasset.assets.listComputeLicenses

cloudasset.assets.listComputeNetworkEndpointGroups

cloudasset.assets.listComputeNetworks

cloudasset.assets.listComputeNodeGroups

cloudasset.assets.listComputeNodeTemplates

cloudasset.assets.listComputePacketMirrorings

cloudasset.assets.listComputeProjects

cloudasset.assets.listComputeRegionAutoscaler

cloudasset.assets.listComputeRegionBackendServices

cloudasset.assets.listComputeRegionDisk

cloudasset.assets.listComputeRegionInstanceGroup

cloudasset.assets.listComputeRegionInstanceGroupManager

cloudasset.assets.listComputeReservations

cloudasset.assets.listComputeResourcePolicies

cloudasset.assets.listComputeRouters

cloudasset.assets.listComputeRoutes

cloudasset.assets.listComputeSecurityPolicy

cloudasset.assets.listComputeServiceAttachments

cloudasset.assets.listComputeSnapshots

cloudasset.assets.listComputeSslCertificates

cloudasset.assets.listComputeSslPolicies

cloudasset.assets.listComputeSubnetworks

cloudasset.assets.listComputeTargetHttpProxies

cloudasset.assets.listComputeTargetHttpsProxies

cloudasset.assets.listComputeTargetInstances

cloudasset.assets.listComputeTargetPools

cloudasset.assets.listComputeTargetSslProxies

cloudasset.assets.listComputeTargetTcpProxies

cloudasset.assets.listComputeTargetVpnGateways

cloudasset.assets.listComputeUrlMaps

cloudasset.assets.listComputeVpnGateways

cloudasset.assets.listComputeVpnTunnels

cloudasset.assets.listConnectorsConnections

cloudasset.assets.listConnectorsConnectorVersions

cloudasset.assets.listConnectorsConnectors

cloudasset.assets.listConnectorsProviders

cloudasset.assets.listConnectorsRuntimeConfigs

cloudasset.assets.listContainerAppsDeployment

cloudasset.assets.listContainerAppsReplicaSets

cloudasset.assets.listContainerBatchJobs

cloudasset.assets.listContainerClusterrole

cloudasset.assets.listContainerClusterrolebinding

cloudasset.assets.listContainerClusters

cloudasset.assets.listContainerExtensionsIngresses

cloudasset.assets.listContainerJobs

cloudasset.assets.listContainerNamespace

cloudasset.assets.listContainerNetworkingIngresses

cloudasset.assets.listContainerNetworkingNetworkPolicies

cloudasset.assets.listContainerNode

cloudasset.assets.listContainerNodepool

cloudasset.assets.listContainerPod

cloudasset.assets.listContainerReplicaSets

cloudasset.assets.listContainerRole

cloudasset.assets.listContainerRolebinding

cloudasset.assets.listContainerServices

cloudasset.assets.listContainerregistryImage

cloudasset.assets.listDataMigrationConnectionProfiles

cloudasset.assets.listDataMigrationMigrationJobs

cloudasset.assets.listDataflowJobs

cloudasset.assets.listDatafusionInstance

cloudasset.assets.listDataplexAssets

cloudasset.assets.listDataplexLakes

cloudasset.assets.listDataplexTasks

cloudasset.assets.listDataplexZones

cloudasset.assets.listDataprocAutoscalingPolicies

cloudasset.assets.listDataprocBatches

cloudasset.assets.listDataprocClusters

cloudasset.assets.listDataprocJobs

cloudasset.assets.listDataprocSessions

cloudasset.assets.listDataprocWorkflowTemplates

cloudasset.assets.listDatastreamConnectionProfile

cloudasset.assets.listDatastreamPrivateConnection

cloudasset.assets.listDatastreamStream

cloudasset.assets.listDialogflowAgents

cloudasset.assets.listDialogflowConversationProfiles

cloudasset.assets.listDialogflowKnowledgeBases

cloudasset.assets.listDialogflowLocationSettings

cloudasset.assets.listDlpDeidentifyTemplates

cloudasset.assets.listDlpDlpJobs

cloudasset.assets.listDlpInspectTemplates

cloudasset.assets.listDlpJobTriggers

cloudasset.assets.listDlpStoredInfoTypes

cloudasset.assets.listDnsManagedZones

cloudasset.assets.listDnsPolicies

cloudasset.assets.listDomainsRegistrations

cloudasset.assets.listEventarcTriggers

cloudasset.assets.listFileBackups

cloudasset.assets.listFileInstances

cloudasset.assets.listFirebaseAppInfos

cloudasset.assets.listFirebaseProjects

cloudasset.assets.listFirestoreDatabases

cloudasset.assets.listGKEHubFeatures

cloudasset.assets.listGKEHubMemberships

cloudasset.assets.listGameservicesGameServerClusters

cloudasset.assets.listGameservicesGameServerConfigs

cloudasset.assets.listGameservicesGameServerDeployments

cloudasset.assets.listGameservicesRealms

cloudasset.assets.listGkeBackupBackupPlans

cloudasset.assets.listGkeBackupBackups

cloudasset.assets.listGkeBackupRestorePlans

cloudasset.assets.listGkeBackupRestores

cloudasset.assets.listGkeBackupVolumeBackups

cloudasset.assets.listGkeBackupVolumeRestores

cloudasset.assets.listHealthcareConsentStores

cloudasset.assets.listHealthcareDatasets

cloudasset.assets.listHealthcareDicomStores

cloudasset.assets.listHealthcareFhirStores

cloudasset.assets.listHealthcareHl7V2Stores

cloudasset.assets.listIamPolicy

cloudasset.assets.listIamRoles

cloudasset.assets.listIamServiceAccountKeys

cloudasset.assets.listIamServiceAccounts

cloudasset.assets.listIapTunnel

cloudasset.assets.listIapTunnelInstances

cloudasset.assets.listIapTunnelZones

cloudasset.assets.listIapWeb

cloudasset.assets.listIapWebServiceVersion

cloudasset.assets.listIapWebServices

cloudasset.assets.listIapWebType

cloudasset.assets.listIdsEndpoints

cloudasset.assets.listIntegrationsAuthConfigs

cloudasset.assets.listIntegrationsCertificates

cloudasset.assets.listIntegrationsExecutions

cloudasset.assets.listIntegrationsIntegrationVersions

cloudasset.assets.listIntegrationsIntegrations

cloudasset.assets.listIntegrationsSfdcChannels

cloudasset.assets.listIntegrationsSfdcInstances

cloudasset.assets.listIntegrationsSuspensions

cloudasset.assets.listLoggingLogMetrics

cloudasset.assets.listLoggingLogSinks

cloudasset.assets.listManagedidentitiesDomain

cloudasset.assets.listMetastoreBackups

cloudasset.assets.listMetastoreMetadataImports

cloudasset.assets.listMetastoreServices

cloudasset.assets.listMonitoringAlertPolicies

cloudasset.assets.listNetworkConnectivityHubs

cloudasset.assets.listNetworkConnectivitySpokes

cloudasset.assets.listNetworkManagementConnectivityTests

cloudasset.assets.listNetworkServicesEndpointPolicies

cloudasset.assets.listNetworkServicesGateways

cloudasset.assets.listNetworkServicesGrpcRoutes

cloudasset.assets.listNetworkServicesHttpRoutes

cloudasset.assets.listNetworkServicesMeshes

cloudasset.assets.listNetworkServicesServiceBindings

cloudasset.assets.listNetworkServicesTcpRoutes

cloudasset.assets.listNetworkServicesTlsRoutes

cloudasset.assets.listOSConfigOSPolicyAssignmentReports

cloudasset.assets.listOSConfigOSPolicyAssignments

cloudasset.assets.listOSConfigVulnerabilityReports

cloudasset.assets.listOSInventories

cloudasset.assets.listOrgPolicy

cloudasset.assets.listPatchDeployments

cloudasset.assets.listPubsubSnapshots

cloudasset.assets.listPubsubSubscriptions

cloudasset.assets.listPubsubTopics

cloudasset.assets.listRedisInstances

cloudasset.assets.listResource

cloudasset.assets.listRunDomainMapping

cloudasset.assets.listRunRevision

cloudasset.assets.listRunService

cloudasset.assets.listSecretManagerSecretVersions

cloudasset.assets.listSecretManagerSecrets

cloudasset.assets.listServiceDirectoryNamespaces

cloudasset.assets.listServicePerimeter

cloudasset.assets.listServiceconsumermanagementConsumerProperty

cloudasset.assets.listServiceconsumermanagementConsumerQuotaLimits

cloudasset.assets.listServiceconsumermanagementConsumers

cloudasset.assets.listServiceconsumermanagementProducerOverrides

cloudasset.assets.listServiceconsumermanagementTenancyUnits

cloudasset.assets.listServiceconsumermanagementVisibility

cloudasset.assets.listServicemanagementServices

cloudasset.assets.listServiceusageAdminOverrides

cloudasset.assets.listServiceusageConsumerOverrides

cloudasset.assets.listServiceusageServices

cloudasset.assets.listSpannerBackups

cloudasset.assets.listSpannerDatabases

cloudasset.assets.listSpannerInstances

cloudasset.assets.listSpeakerIdPhrases

cloudasset.assets.listSpeakerIdSettings

cloudasset.assets.listSpeakerIdSpeakers

cloudasset.assets.listSpeechCustomClasses

cloudasset.assets.listSpeechPhraseSets

cloudasset.assets.listSqladminBackupRuns

cloudasset.assets.listSqladminInstances

cloudasset.assets.listStorageBuckets

cloudasset.assets.listTpuNodes

cloudasset.assets.listVpcaccessConnector

cloudasset.assets.queryAccessPolicy

cloudasset.assets.queryIamPolicy

cloudasset.assets.queryOSInventories

cloudasset.assets.queryResource

cloudasset.assets.searchAllIamPolicies

cloudasset.assets.searchAllResources

cloudasset.feeds.*

cloudasset.feeds.create
cloudasset.feeds.delete
cloudasset.feeds.get
cloudasset.feeds.list
cloudasset.feeds.update

cloudasset.othercloudconnections.get

cloudasset.othercloudconnections.list

cloudasset.othercloudconnections.verify

cloudsql.instances.connect

cloudsql.users.list

compute.disks.useReadOnly

compute.globalOperations.get

compute.instances.get

compute.instances.list

compute.networkEndpointGroups.get

compute.projects.get

compute.regionOperations.get

compute.zoneOperations.get

container.clusters.get

iam.denypolicies.get

iam.denypolicies.list

iam.googleapis.com/workloadIdentityPoolProviders.list

iam.googleapis.com/workloadIdentityPools.list

logging.logEntries.list

monitoring.alertPolicies.list

monitoring.timeSeries.list

orgpolicy.policies.list

orgpolicy.policy.get

recommender.cloudAssetInsights.get

recommender.cloudAssetInsights.list

recommender.locations.*

recommender.locations.get
recommender.locations.list

resourcemanager.folders.get

resourcemanager.folders.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.list

resourcemanager.tagValues.get

securitycenter.assets.list

securitycenter.assetsecuritymarks.update

securitycenter.findings.list

securitycenter.notificationconfig.create

securitycenter.notificationconfig.delete

securitycenter.notificationconfig.update

securitycenter.organizationsettings.get

securitycenter.resourcevalueconfigs.get

securitycenter.resourcevalueconfigs.list

securitycenter.simulations.get

securitycenter.sources.list

securitycenter.valuedresources.list

securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.*

securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get
securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list

securitycentermanagement.securityHealthAnalyticsCustomModules.create

securitycentermanagement.securityHealthAnalyticsCustomModules.delete

securitycentermanagement.securityHealthAnalyticsCustomModules.get

securitycentermanagement.securityHealthAnalyticsCustomModules.list

securitycentermanagement.securityHealthAnalyticsCustomModules.simulate

securitycentermanagement.securityHealthAnalyticsCustomModules.update

serviceusage.consumerpolicy.*

serviceusage.consumerpolicy.analyze
serviceusage.consumerpolicy.get
serviceusage.consumerpolicy.update

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.operations.get

serviceusage.quotas.get

serviceusage.services.disable

serviceusage.services.enable

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

stackdriver.projects.get

storage.buckets.get

storage.buckets.getIamPolicy

storage.buckets.list

Security Center Integration Executor Service Agent

(roles/securitycenter.integrationExecutorServiceAgent)

Gives Security Center access to execute Integrations.

integrations.securityExecutions.cancel

integrations.securityExecutions.list

integrations.securityIntegrations.invoke

Security Center Notification Service Agent

(roles/securitycenter.notificationServiceAgent)

Security Center service agent can publish notifications to Pub/Sub topics.

pubsub.topics.publish

Security Health Analytics Service Agent

(roles/securitycenter.securityHealthAnalyticsServiceAgent)

Security Health Analytics service agent can scan GCP resource metadata to find security vulnerabilities.

bigquery.datasets.get

binaryauthorization.policy.get

cloudasset.assets.analyzeIamPolicy

cloudasset.assets.analyzeMove

cloudasset.assets.analyzeOrgPolicy

cloudasset.assets.exportAccessLevel

cloudasset.assets.exportAccessPolicy

cloudasset.assets.exportAiplatformBatchPredictionJobs

cloudasset.assets.exportAiplatformCustomJobs

cloudasset.assets.exportAiplatformDataLabelingJobs

cloudasset.assets.exportAiplatformDatasets

cloudasset.assets.exportAiplatformEndpoints

cloudasset.assets.exportAiplatformHyperparameterTuningJobs

cloudasset.assets.exportAiplatformMetadataStores

cloudasset.assets.exportAiplatformModelDeploymentMonitoringJobs

cloudasset.assets.exportAiplatformModels

cloudasset.assets.exportAiplatformPipelineJobs

cloudasset.assets.exportAiplatformSpecialistPools

cloudasset.assets.exportAiplatformTrainingPipelines

cloudasset.assets.exportAllAccessPolicy

cloudasset.assets.exportAnthosConnectedCluster

cloudasset.assets.exportAnthosedgeCluster

cloudasset.assets.exportApigatewayApi

cloudasset.assets.exportApigatewayApiConfig

cloudasset.assets.exportApigatewayGateway

cloudasset.assets.exportApikeysKeys

cloudasset.assets.exportAppengineApplications

cloudasset.assets.exportAppengineServices

cloudasset.assets.exportAppengineVersions

cloudasset.assets.exportArtifactregistryDockerImages

cloudasset.assets.exportArtifactregistryRepositories

cloudasset.assets.exportAssuredWorkloadsWorkloads

cloudasset.assets.exportBeyondCorpApiGateways

cloudasset.assets.exportBeyondCorpAppConnections

cloudasset.assets.exportBeyondCorpAppConnectors

cloudasset.assets.exportBeyondCorpAppGateways

cloudasset.assets.exportBeyondCorpClientConnectorServices

cloudasset.assets.exportBeyondCorpClientGateways

cloudasset.assets.exportBigqueryDatasets

cloudasset.assets.exportBigqueryModels

cloudasset.assets.exportBigqueryTables

cloudasset.assets.exportBigtableAppProfile

cloudasset.assets.exportBigtableBackup

cloudasset.assets.exportBigtableCluster

cloudasset.assets.exportBigtableInstance

cloudasset.assets.exportBigtableTable

cloudasset.assets.exportCloudAssetFeeds

cloudasset.assets.exportCloudDeployDeliveryPipelines

cloudasset.assets.exportCloudDeployReleases

cloudasset.assets.exportCloudDeployRollouts

cloudasset.assets.exportCloudDeployTargets

cloudasset.assets.exportCloudDocumentAIEvaluation

cloudasset.assets.exportCloudDocumentAIHumanReviewConfig

cloudasset.assets.exportCloudDocumentAILabelerPool

cloudasset.assets.exportCloudDocumentAIProcessor

cloudasset.assets.exportCloudDocumentAIProcessorVersion

cloudasset.assets.exportCloudbillingBillingAccounts

cloudasset.assets.exportCloudbillingProjectBillingInfos

cloudasset.assets.exportCloudfunctionsFunctions

cloudasset.assets.exportCloudfunctionsGen2Functions

cloudasset.assets.exportCloudkmsCryptoKeyVersions

cloudasset.assets.exportCloudkmsCryptoKeys

cloudasset.assets.exportCloudkmsEkmConnections

cloudasset.assets.exportCloudkmsImportJobs

cloudasset.assets.exportCloudkmsKeyRings

cloudasset.assets.exportCloudmemcacheInstances

cloudasset.assets.exportCloudresourcemanagerFolders

cloudasset.assets.exportCloudresourcemanagerOrganizations

cloudasset.assets.exportCloudresourcemanagerProjects

cloudasset.assets.exportCloudresourcemanagerTagBindings

cloudasset.assets.exportCloudresourcemanagerTagKeys

cloudasset.assets.exportCloudresourcemanagerTagValues

cloudasset.assets.exportComposerEnvironments

cloudasset.assets.exportComputeAddress

cloudasset.assets.exportComputeAutoscalers

cloudasset.assets.exportComputeBackendBuckets

cloudasset.assets.exportComputeBackendServices

cloudasset.assets.exportComputeCommitments

cloudasset.assets.exportComputeDisks

cloudasset.assets.exportComputeExternalVpnGateways

cloudasset.assets.exportComputeFirewallPolicies

cloudasset.assets.exportComputeFirewalls

cloudasset.assets.exportComputeForwardingRules

cloudasset.assets.exportComputeGlobalAddress

cloudasset.assets.exportComputeGlobalForwardingRules

cloudasset.assets.exportComputeHealthChecks

cloudasset.assets.exportComputeHttpHealthChecks

cloudasset.assets.exportComputeHttpsHealthChecks

cloudasset.assets.exportComputeImages

cloudasset.assets.exportComputeInstanceGroupManagers

cloudasset.assets.exportComputeInstanceGroups

cloudasset.assets.exportComputeInstanceTemplates

cloudasset.assets.exportComputeInstances

cloudasset.assets.exportComputeInterconnect

cloudasset.assets.exportComputeInterconnectAttachment

cloudasset.assets.exportComputeLicenses

cloudasset.assets.exportComputeNetworkEndpointGroups

cloudasset.assets.exportComputeNetworks

cloudasset.assets.exportComputeNodeGroups

cloudasset.assets.exportComputeNodeTemplates

cloudasset.assets.exportComputePacketMirrorings

cloudasset.assets.exportComputeProjects

cloudasset.assets.exportComputeRegionAutoscaler

cloudasset.assets.exportComputeRegionBackendServices

cloudasset.assets.exportComputeRegionDisk

cloudasset.assets.exportComputeRegionInstanceGroup

cloudasset.assets.exportComputeRegionInstanceGroupManager

cloudasset.assets.exportComputeReservations

cloudasset.assets.exportComputeResourcePolicies

cloudasset.assets.exportComputeRouters

cloudasset.assets.exportComputeRoutes

cloudasset.assets.exportComputeSecurityPolicy

cloudasset.assets.exportComputeServiceAttachments

cloudasset.assets.exportComputeSnapshots

cloudasset.assets.exportComputeSslCertificates

cloudasset.assets.exportComputeSslPolicies

cloudasset.assets.exportComputeSubnetworks

cloudasset.assets.exportComputeTargetHttpProxies

cloudasset.assets.exportComputeTargetHttpsProxies

cloudasset.assets.exportComputeTargetInstances

cloudasset.assets.exportComputeTargetPools

cloudasset.assets.exportComputeTargetSslProxies

cloudasset.assets.exportComputeTargetTcpProxies

cloudasset.assets.exportComputeTargetVpnGateways

cloudasset.assets.exportComputeUrlMaps

cloudasset.assets.exportComputeVpnGateways

cloudasset.assets.exportComputeVpnTunnels

cloudasset.assets.exportConnectorsConnections

cloudasset.assets.exportConnectorsConnectorVersions

cloudasset.assets.exportConnectorsConnectors

cloudasset.assets.exportConnectorsProviders

cloudasset.assets.exportConnectorsRuntimeConfigs

cloudasset.assets.exportContainerAppsDeployment

cloudasset.assets.exportContainerAppsReplicaSets

cloudasset.assets.exportContainerBatchJobs

cloudasset.assets.exportContainerClusterrole

cloudasset.assets.exportContainerClusterrolebinding

cloudasset.assets.exportContainerClusters

cloudasset.assets.exportContainerExtensionsIngresses

cloudasset.assets.exportContainerJobs

cloudasset.assets.exportContainerNamespace

cloudasset.assets.exportContainerNetworkingIngresses

cloudasset.assets.exportContainerNetworkingNetworkPolicies

cloudasset.assets.exportContainerNode

cloudasset.assets.exportContainerNodepool

cloudasset.assets.exportContainerPod

cloudasset.assets.exportContainerReplicaSets

cloudasset.assets.exportContainerRole

cloudasset.assets.exportContainerRolebinding

cloudasset.assets.exportContainerServices

cloudasset.assets.exportContainerregistryImage

cloudasset.assets.exportDataMigrationConnectionProfiles

cloudasset.assets.exportDataMigrationMigrationJobs

cloudasset.assets.exportDataflowJobs

cloudasset.assets.exportDatafusionInstance

cloudasset.assets.exportDataplexAssets

cloudasset.assets.exportDataplexLakes

cloudasset.assets.exportDataplexTasks

cloudasset.assets.exportDataplexZones

cloudasset.assets.exportDataprocAutoscalingPolicies

cloudasset.assets.exportDataprocBatches

cloudasset.assets.exportDataprocClusters

cloudasset.assets.exportDataprocJobs

cloudasset.assets.exportDataprocSessions

cloudasset.assets.exportDataprocWorkflowTemplates

cloudasset.assets.exportDatastreamConnectionProfile

cloudasset.assets.exportDatastreamPrivateConnection

cloudasset.assets.exportDatastreamStream

cloudasset.assets.exportDialogflowAgents

cloudasset.assets.exportDialogflowConversationProfiles

cloudasset.assets.exportDialogflowKnowledgeBases

cloudasset.assets.exportDialogflowLocationSettings

cloudasset.assets.exportDlpDeidentifyTemplates

cloudasset.assets.exportDlpDlpJobs

cloudasset.assets.exportDlpInspectTemplates

cloudasset.assets.exportDlpJobTriggers

cloudasset.assets.exportDlpStoredInfoTypes

cloudasset.assets.exportDnsManagedZones

cloudasset.assets.exportDnsPolicies

cloudasset.assets.exportDomainsRegistrations

cloudasset.assets.exportEventarcTriggers

cloudasset.assets.exportFileBackups

cloudasset.assets.exportFileInstances

cloudasset.assets.exportFirebaseAppInfos

cloudasset.assets.exportFirebaseProjects

cloudasset.assets.exportFirestoreDatabases

cloudasset.assets.exportGKEHubFeatures

cloudasset.assets.exportGKEHubMemberships

cloudasset.assets.exportGameservicesGameServerClusters

cloudasset.assets.exportGameservicesGameServerConfigs

cloudasset.assets.exportGameservicesGameServerDeployments

cloudasset.assets.exportGameservicesRealms

cloudasset.assets.exportGkeBackupBackupPlans

cloudasset.assets.exportGkeBackupBackups

cloudasset.assets.exportGkeBackupRestorePlans

cloudasset.assets.exportGkeBackupRestores

cloudasset.assets.exportGkeBackupVolumeBackups

cloudasset.assets.exportGkeBackupVolumeRestores

cloudasset.assets.exportHealthcareConsentStores

cloudasset.assets.exportHealthcareDatasets

cloudasset.assets.exportHealthcareDicomStores

cloudasset.assets.exportHealthcareFhirStores

cloudasset.assets.exportHealthcareHl7V2Stores

cloudasset.assets.exportIamPolicy

cloudasset.assets.exportIamRoles

cloudasset.assets.exportIamServiceAccountKeys

cloudasset.assets.exportIamServiceAccounts

cloudasset.assets.exportIapTunnel

cloudasset.assets.exportIapTunnelInstances

cloudasset.assets.exportIapTunnelZones

cloudasset.assets.exportIapWeb

cloudasset.assets.exportIapWebServiceVersion

cloudasset.assets.exportIapWebServices

cloudasset.assets.exportIapWebType

cloudasset.assets.exportIdsEndpoints

cloudasset.assets.exportIntegrationsAuthConfigs

cloudasset.assets.exportIntegrationsCertificates

cloudasset.assets.exportIntegrationsExecutions

cloudasset.assets.exportIntegrationsIntegrationVersions

cloudasset.assets.exportIntegrationsIntegrations

cloudasset.assets.exportIntegrationsSfdcChannels

cloudasset.assets.exportIntegrationsSfdcInstances

cloudasset.assets.exportIntegrationsSuspensions

cloudasset.assets.exportLoggingLogMetrics

cloudasset.assets.exportLoggingLogSinks

cloudasset.assets.exportManagedidentitiesDomain

cloudasset.assets.exportMetastoreBackups

cloudasset.assets.exportMetastoreMetadataImports

cloudasset.assets.exportMetastoreServices

cloudasset.assets.exportMonitoringAlertPolicies

cloudasset.assets.exportNetworkConnectivityHubs

cloudasset.assets.exportNetworkConnectivitySpokes

cloudasset.assets.exportNetworkManagementConnectivityTests

cloudasset.assets.exportNetworkServicesEndpointPolicies

cloudasset.assets.exportNetworkServicesGateways

cloudasset.assets.exportNetworkServicesGrpcRoutes

cloudasset.assets.exportNetworkServicesHttpRoutes

cloudasset.assets.exportNetworkServicesMeshes

cloudasset.assets.exportNetworkServicesServiceBindings

cloudasset.assets.exportNetworkServicesTcpRoutes

cloudasset.assets.exportNetworkServicesTlsRoutes

cloudasset.assets.exportOSConfigOSPolicyAssignmentReports

cloudasset.assets.exportOSConfigOSPolicyAssignments

cloudasset.assets.exportOSConfigVulnerabilityReports

cloudasset.assets.exportOSInventories

cloudasset.assets.exportOrgPolicy

cloudasset.assets.exportPatchDeployments

cloudasset.assets.exportPubsubSnapshots

cloudasset.assets.exportPubsubSubscriptions

cloudasset.assets.exportPubsubTopics

cloudasset.assets.exportRedisInstances

cloudasset.assets.exportResource

cloudasset.assets.exportSecretManagerSecretVersions

cloudasset.assets.exportSecretManagerSecrets

cloudasset.assets.exportServiceDirectoryNamespaces

cloudasset.assets.exportServicePerimeter

cloudasset.assets.exportServiceconsumermanagementConsumerProperty

cloudasset.assets.exportServiceconsumermanagementConsumerQuotaLimits

cloudasset.assets.exportServiceconsumermanagementConsumers

cloudasset.assets.exportServiceconsumermanagementProducerOverrides

cloudasset.assets.exportServiceconsumermanagementTenancyUnits

cloudasset.assets.exportServiceconsumermanagementVisibility

cloudasset.assets.exportServicemanagementServices

cloudasset.assets.exportServiceusageAdminOverrides

cloudasset.assets.exportServiceusageConsumerOverrides

cloudasset.assets.exportServiceusageServices

cloudasset.assets.exportSpannerBackups

cloudasset.assets.exportSpannerDatabases

cloudasset.assets.exportSpannerInstances

cloudasset.assets.exportSpeakerIdPhrases

cloudasset.assets.exportSpeakerIdSettings

cloudasset.assets.exportSpeakerIdSpeakers

cloudasset.assets.exportSpeechCustomClasses

cloudasset.assets.exportSpeechPhraseSets

cloudasset.assets.exportSqladminBackupRuns

cloudasset.assets.exportSqladminInstances

cloudasset.assets.exportStorageBuckets

cloudasset.assets.exportTpuNodes

cloudasset.assets.exportVpcaccessConnector

cloudasset.assets.listAccessLevel

cloudasset.assets.listAccessPolicy

cloudasset.assets.listAiplatformBatchPredictionJobs

cloudasset.assets.listAiplatformCustomJobs

cloudasset.assets.listAiplatformDataLabelingJobs

cloudasset.assets.listAiplatformDatasets

cloudasset.assets.listAiplatformEndpoints

cloudasset.assets.listAiplatformHyperparameterTuningJobs

cloudasset.assets.listAiplatformMetadataStores

cloudasset.assets.listAiplatformModelDeploymentMonitoringJobs

cloudasset.assets.listAiplatformModels

cloudasset.assets.listAiplatformPipelineJobs

cloudasset.assets.listAiplatformSpecialistPools

cloudasset.assets.listAiplatformTrainingPipelines

cloudasset.assets.listAllAccessPolicy

cloudasset.assets.listAnthosConnectedCluster

cloudasset.assets.listAnthosedgeCluster

cloudasset.assets.listApigatewayApi

cloudasset.assets.listApigatewayApiConfig

cloudasset.assets.listApigatewayGateway

cloudasset.assets.listApikeysKeys

cloudasset.assets.listAppengineApplications

cloudasset.assets.listAppengineServices

cloudasset.assets.listAppengineVersions

cloudasset.assets.listArtifactregistryDockerImages

cloudasset.assets.listArtifactregistryRepositories

cloudasset.assets.listAssuredWorkloadsWorkloads

cloudasset.assets.listBeyondCorpApiGateways

cloudasset.assets.listBeyondCorpAppConnections

cloudasset.assets.listBeyondCorpAppConnectors

cloudasset.assets.listBeyondCorpAppGateways

cloudasset.assets.listBeyondCorpClientConnectorServices

cloudasset.assets.listBeyondCorpClientGateways

cloudasset.assets.listBigqueryDatasets

cloudasset.assets.listBigqueryModels

cloudasset.assets.listBigqueryTables

cloudasset.assets.listBigtableAppProfile

cloudasset.assets.listBigtableBackup

cloudasset.assets.listBigtableCluster

cloudasset.assets.listBigtableInstance

cloudasset.assets.listBigtableTable

cloudasset.assets.listCloudAssetFeeds

cloudasset.assets.listCloudDeployDeliveryPipelines

cloudasset.assets.listCloudDeployReleases

cloudasset.assets.listCloudDeployRollouts

cloudasset.assets.listCloudDeployTargets

cloudasset.assets.listCloudDocumentAIEvaluation

cloudasset.assets.listCloudDocumentAIHumanReviewConfig

cloudasset.assets.listCloudDocumentAILabelerPool

cloudasset.assets.listCloudDocumentAIProcessor

cloudasset.assets.listCloudDocumentAIProcessorVersion

cloudasset.assets.listCloudbillingBillingAccounts

cloudasset.assets.listCloudbillingProjectBillingInfos

cloudasset.assets.listCloudfunctionsFunctions

cloudasset.assets.listCloudfunctionsGen2Functions

cloudasset.assets.listCloudkmsCryptoKeyVersions

cloudasset.assets.listCloudkmsCryptoKeys

cloudasset.assets.listCloudkmsEkmConnections

cloudasset.assets.listCloudkmsImportJobs

cloudasset.assets.listCloudkmsKeyRings

cloudasset.assets.listCloudmemcacheInstances

cloudasset.assets.listCloudresourcemanagerFolders

cloudasset.assets.listCloudresourcemanagerOrganizations

cloudasset.assets.listCloudresourcemanagerProjects

cloudasset.assets.listCloudresourcemanagerTagBindings

cloudasset.assets.listCloudresourcemanagerTagKeys

cloudasset.assets.listCloudresourcemanagerTagValues

cloudasset.assets.listComposerEnvironments

cloudasset.assets.listComputeAddress

cloudasset.assets.listComputeAutoscalers

cloudasset.assets.listComputeBackendBuckets

cloudasset.assets.listComputeBackendServices

cloudasset.assets.listComputeCommitments

cloudasset.assets.listComputeDisks

cloudasset.assets.listComputeExternalVpnGateways

cloudasset.assets.listComputeFirewallPolicies

cloudasset.assets.listComputeFirewalls

cloudasset.assets.listComputeForwardingRules

cloudasset.assets.listComputeGlobalAddress

cloudasset.assets.listComputeGlobalForwardingRules

cloudasset.assets.listComputeHealthChecks

cloudasset.assets.listComputeHttpHealthChecks

cloudasset.assets.listComputeHttpsHealthChecks

cloudasset.assets.listComputeImages

cloudasset.assets.listComputeInstanceGroupManagers

cloudasset.assets.listComputeInstanceGroups

cloudasset.assets.listComputeInstanceTemplates

cloudasset.assets.listComputeInstances

cloudasset.assets.listComputeInterconnect

cloudasset.assets.listComputeInterconnectAttachment

cloudasset.assets.listComputeLicenses

cloudasset.assets.listComputeNetworkEndpointGroups

cloudasset.assets.listComputeNetworks

cloudasset.assets.listComputeNodeGroups

cloudasset.assets.listComputeNodeTemplates

cloudasset.assets.listComputePacketMirrorings

cloudasset.assets.listComputeProjects

cloudasset.assets.listComputeRegionAutoscaler

cloudasset.assets.listComputeRegionBackendServices

cloudasset.assets.listComputeRegionDisk

cloudasset.assets.listComputeRegionInstanceGroup

cloudasset.assets.listComputeRegionInstanceGroupManager

cloudasset.assets.listComputeReservations

cloudasset.assets.listComputeResourcePolicies

cloudasset.assets.listComputeRouters

cloudasset.assets.listComputeRoutes

cloudasset.assets.listComputeSecurityPolicy

cloudasset.assets.listComputeServiceAttachments

cloudasset.assets.listComputeSnapshots

cloudasset.assets.listComputeSslCertificates

cloudasset.assets.listComputeSslPolicies

cloudasset.assets.listComputeSubnetworks

cloudasset.assets.listComputeTargetHttpProxies

cloudasset.assets.listComputeTargetHttpsProxies

cloudasset.assets.listComputeTargetInstances

cloudasset.assets.listComputeTargetPools

cloudasset.assets.listComputeTargetSslProxies

cloudasset.assets.listComputeTargetTcpProxies

cloudasset.assets.listComputeTargetVpnGateways

cloudasset.assets.listComputeUrlMaps

cloudasset.assets.listComputeVpnGateways

cloudasset.assets.listComputeVpnTunnels

cloudasset.assets.listConnectorsConnections

cloudasset.assets.listConnectorsConnectorVersions

cloudasset.assets.listConnectorsConnectors

cloudasset.assets.listConnectorsProviders

cloudasset.assets.listConnectorsRuntimeConfigs

cloudasset.assets.listContainerAppsDeployment

cloudasset.assets.listContainerAppsReplicaSets

cloudasset.assets.listContainerBatchJobs

cloudasset.assets.listContainerClusterrole

cloudasset.assets.listContainerClusterrolebinding

cloudasset.assets.listContainerClusters

cloudasset.assets.listContainerExtensionsIngresses

cloudasset.assets.listContainerJobs

cloudasset.assets.listContainerNamespace

cloudasset.assets.listContainerNetworkingIngresses

cloudasset.assets.listContainerNetworkingNetworkPolicies

cloudasset.assets.listContainerNode

cloudasset.assets.listContainerNodepool

cloudasset.assets.listContainerPod

cloudasset.assets.listContainerReplicaSets

cloudasset.assets.listContainerRole

cloudasset.assets.listContainerRolebinding

cloudasset.assets.listContainerServices

cloudasset.assets.listContainerregistryImage

cloudasset.assets.listDataMigrationConnectionProfiles

cloudasset.assets.listDataMigrationMigrationJobs

cloudasset.assets.listDataflowJobs

cloudasset.assets.listDatafusionInstance

cloudasset.assets.listDataplexAssets

cloudasset.assets.listDataplexLakes

cloudasset.assets.listDataplexTasks

cloudasset.assets.listDataplexZones

cloudasset.assets.listDataprocAutoscalingPolicies

cloudasset.assets.listDataprocBatches

cloudasset.assets.listDataprocClusters

cloudasset.assets.listDataprocJobs

cloudasset.assets.listDataprocSessions

cloudasset.assets.listDataprocWorkflowTemplates

cloudasset.assets.listDatastreamConnectionProfile

cloudasset.assets.listDatastreamPrivateConnection

cloudasset.assets.listDatastreamStream

cloudasset.assets.listDialogflowAgents

cloudasset.assets.listDialogflowConversationProfiles

cloudasset.assets.listDialogflowKnowledgeBases

cloudasset.assets.listDialogflowLocationSettings

cloudasset.assets.listDlpDeidentifyTemplates

cloudasset.assets.listDlpDlpJobs

cloudasset.assets.listDlpInspectTemplates

cloudasset.assets.listDlpJobTriggers

cloudasset.assets.listDlpStoredInfoTypes

cloudasset.assets.listDnsManagedZones

cloudasset.assets.listDnsPolicies

cloudasset.assets.listDomainsRegistrations

cloudasset.assets.listEventarcTriggers

cloudasset.assets.listFileBackups

cloudasset.assets.listFileInstances

cloudasset.assets.listFirebaseAppInfos

cloudasset.assets.listFirebaseProjects

cloudasset.assets.listFirestoreDatabases

cloudasset.assets.listGKEHubFeatures

cloudasset.assets.listGKEHubMemberships

cloudasset.assets.listGameservicesGameServerClusters

cloudasset.assets.listGameservicesGameServerConfigs

cloudasset.assets.listGameservicesGameServerDeployments

cloudasset.assets.listGameservicesRealms

cloudasset.assets.listGkeBackupBackupPlans

cloudasset.assets.listGkeBackupBackups

cloudasset.assets.listGkeBackupRestorePlans

cloudasset.assets.listGkeBackupRestores

cloudasset.assets.listGkeBackupVolumeBackups

cloudasset.assets.listGkeBackupVolumeRestores

cloudasset.assets.listHealthcareConsentStores

cloudasset.assets.listHealthcareDatasets

cloudasset.assets.listHealthcareDicomStores

cloudasset.assets.listHealthcareFhirStores

cloudasset.assets.listHealthcareHl7V2Stores

cloudasset.assets.listIamPolicy

cloudasset.assets.listIamRoles

cloudasset.assets.listIamServiceAccountKeys

cloudasset.assets.listIamServiceAccounts

cloudasset.assets.listIapTunnel

cloudasset.assets.listIapTunnelInstances

cloudasset.assets.listIapTunnelZones

cloudasset.assets.listIapWeb

cloudasset.assets.listIapWebServiceVersion

cloudasset.assets.listIapWebServices

cloudasset.assets.listIapWebType

cloudasset.assets.listIdsEndpoints

cloudasset.assets.listIntegrationsAuthConfigs

cloudasset.assets.listIntegrationsCertificates

cloudasset.assets.listIntegrationsExecutions

cloudasset.assets.listIntegrationsIntegrationVersions

cloudasset.assets.listIntegrationsIntegrations

cloudasset.assets.listIntegrationsSfdcChannels

cloudasset.assets.listIntegrationsSfdcInstances

cloudasset.assets.listIntegrationsSuspensions

cloudasset.assets.listLoggingLogMetrics

cloudasset.assets.listLoggingLogSinks

cloudasset.assets.listManagedidentitiesDomain

cloudasset.assets.listMetastoreBackups

cloudasset.assets.listMetastoreMetadataImports

cloudasset.assets.listMetastoreServices

cloudasset.assets.listMonitoringAlertPolicies

cloudasset.assets.listNetworkConnectivityHubs

cloudasset.assets.listNetworkConnectivitySpokes

cloudasset.assets.listNetworkManagementConnectivityTests

cloudasset.assets.listNetworkServicesEndpointPolicies

cloudasset.assets.listNetworkServicesGateways

cloudasset.assets.listNetworkServicesGrpcRoutes

cloudasset.assets.listNetworkServicesHttpRoutes

cloudasset.assets.listNetworkServicesMeshes

cloudasset.assets.listNetworkServicesServiceBindings

cloudasset.assets.listNetworkServicesTcpRoutes

cloudasset.assets.listNetworkServicesTlsRoutes

cloudasset.assets.listOSConfigOSPolicyAssignmentReports

cloudasset.assets.listOSConfigOSPolicyAssignments

cloudasset.assets.listOSConfigVulnerabilityReports

cloudasset.assets.listOSInventories

cloudasset.assets.listOrgPolicy

cloudasset.assets.listPatchDeployments

cloudasset.assets.listPubsubSnapshots

cloudasset.assets.listPubsubSubscriptions

cloudasset.assets.listPubsubTopics

cloudasset.assets.listRedisInstances

cloudasset.assets.listResource

cloudasset.assets.listRunDomainMapping

cloudasset.assets.listRunRevision

cloudasset.assets.listRunService

cloudasset.assets.listSecretManagerSecretVersions

cloudasset.assets.listSecretManagerSecrets

cloudasset.assets.listServiceDirectoryNamespaces

cloudasset.assets.listServicePerimeter

cloudasset.assets.listServiceconsumermanagementConsumerProperty

cloudasset.assets.listServiceconsumermanagementConsumerQuotaLimits

cloudasset.assets.listServiceconsumermanagementConsumers

cloudasset.assets.listServiceconsumermanagementProducerOverrides

cloudasset.assets.listServiceconsumermanagementTenancyUnits

cloudasset.assets.listServiceconsumermanagementVisibility

cloudasset.assets.listServicemanagementServices

cloudasset.assets.listServiceusageAdminOverrides

cloudasset.assets.listServiceusageConsumerOverrides

cloudasset.assets.listServiceusageServices

cloudasset.assets.listSpannerBackups

cloudasset.assets.listSpannerDatabases

cloudasset.assets.listSpannerInstances

cloudasset.assets.listSpeakerIdPhrases

cloudasset.assets.listSpeakerIdSettings

cloudasset.assets.listSpeakerIdSpeakers

cloudasset.assets.listSpeechCustomClasses

cloudasset.assets.listSpeechPhraseSets

cloudasset.assets.listSqladminBackupRuns

cloudasset.assets.listSqladminInstances

cloudasset.assets.listStorageBuckets

cloudasset.assets.listTpuNodes

cloudasset.assets.listVpcaccessConnector

cloudasset.assets.queryAccessPolicy

cloudasset.assets.queryIamPolicy

cloudasset.assets.queryOSInventories

cloudasset.assets.queryResource

cloudasset.assets.searchAllIamPolicies

cloudasset.assets.searchAllResources

cloudasset.feeds.*

cloudasset.feeds.create
cloudasset.feeds.delete
cloudasset.feeds.get
cloudasset.feeds.list
cloudasset.feeds.update

cloudasset.othercloudconnections.get

cloudasset.othercloudconnections.list

cloudasset.othercloudconnections.verify

cloudsql.instances.connect

cloudsql.users.list

compute.globalOperations.get

compute.instances.get

compute.instances.list

compute.networkEndpointGroups.get

compute.projects.get

container.clusters.get

monitoring.alertPolicies.list

orgpolicy.policy.get

recommender.cloudAssetInsights.get

recommender.cloudAssetInsights.list

recommender.locations.*

recommender.locations.get
recommender.locations.list

resourcemanager.projects.get

resourcemanager.projects.list

securitycenter.organizationsettings.get

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

stackdriver.projects.get

Google Cloud Security Response Service Agent

(roles/securitycenter.securityResponseServiceAgent)

Gives Playbook Runner permissions to execute all Google authored Playbooks. This role will keep evolving as we add more playbooks

compute.globalOperations.get

compute.instances.deleteAccessConfig

compute.instances.get

compute.instances.setMetadata

compute.regionOperations.get

compute.zoneOperations.get

iam.serviceAccounts.actAs

pubsub.topics.publish

securitycenter.findings.list

storage.buckets.get

storage.buckets.update

Security Center Service Agent

(roles/securitycenter.serviceAgent)

Security Center service agent can scan GCP resources and import security scans.

accesscontextmanager.gcpUserAccessBindings.get

accesscontextmanager.gcpUserAccessBindings.list

aiplatform.dataItems.list

aiplatform.datasets.list

aiplatform.models.list

bigquery.datasets.get

binaryauthorization.policy.get

cloudasset.assets.analyzeIamPolicy

cloudasset.assets.analyzeMove

cloudasset.assets.analyzeOrgPolicy

cloudasset.assets.exportAccessLevel

cloudasset.assets.exportAccessPolicy

cloudasset.assets.exportAiplatformBatchPredictionJobs

cloudasset.assets.exportAiplatformCustomJobs

cloudasset.assets.exportAiplatformDataLabelingJobs

cloudasset.assets.exportAiplatformDatasets

cloudasset.assets.exportAiplatformEndpoints

cloudasset.assets.exportAiplatformHyperparameterTuningJobs

cloudasset.assets.exportAiplatformMetadataStores

cloudasset.assets.exportAiplatformModelDeploymentMonitoringJobs

cloudasset.assets.exportAiplatformModels

cloudasset.assets.exportAiplatformPipelineJobs

cloudasset.assets.exportAiplatformSpecialistPools

cloudasset.assets.exportAiplatformTrainingPipelines

cloudasset.assets.exportAllAccessPolicy

cloudasset.assets.exportAnthosConnectedCluster

cloudasset.assets.exportAnthosedgeCluster

cloudasset.assets.exportApigatewayApi

cloudasset.assets.exportApigatewayApiConfig

cloudasset.assets.exportApigatewayGateway

cloudasset.assets.exportApikeysKeys

cloudasset.assets.exportAppengineApplications

cloudasset.assets.exportAppengineServices

cloudasset.assets.exportAppengineVersions

cloudasset.assets.exportArtifactregistryDockerImages

cloudasset.assets.exportArtifactregistryRepositories

cloudasset.assets.exportAssuredWorkloadsWorkloads

cloudasset.assets.exportBeyondCorpApiGateways

cloudasset.assets.exportBeyondCorpAppConnections

cloudasset.assets.exportBeyondCorpAppConnectors

cloudasset.assets.exportBeyondCorpAppGateways

cloudasset.assets.exportBeyondCorpClientConnectorServices

cloudasset.assets.exportBeyondCorpClientGateways

cloudasset.assets.exportBigqueryDatasets

cloudasset.assets.exportBigqueryModels

cloudasset.assets.exportBigqueryTables

cloudasset.assets.exportBigtableAppProfile

cloudasset.assets.exportBigtableBackup

cloudasset.assets.exportBigtableCluster

cloudasset.assets.exportBigtableInstance

cloudasset.assets.exportBigtableTable

cloudasset.assets.exportCloudAssetFeeds

cloudasset.assets.exportCloudDeployDeliveryPipelines

cloudasset.assets.exportCloudDeployReleases

cloudasset.assets.exportCloudDeployRollouts

cloudasset.assets.exportCloudDeployTargets

cloudasset.assets.exportCloudDocumentAIEvaluation

cloudasset.assets.exportCloudDocumentAIHumanReviewConfig

cloudasset.assets.exportCloudDocumentAILabelerPool

cloudasset.assets.exportCloudDocumentAIProcessor

cloudasset.assets.exportCloudDocumentAIProcessorVersion

cloudasset.assets.exportCloudbillingBillingAccounts

cloudasset.assets.exportCloudbillingProjectBillingInfos

cloudasset.assets.exportCloudfunctionsFunctions

cloudasset.assets.exportCloudfunctionsGen2Functions

cloudasset.assets.exportCloudkmsCryptoKeyVersions

cloudasset.assets.exportCloudkmsCryptoKeys

cloudasset.assets.exportCloudkmsEkmConnections

cloudasset.assets.exportCloudkmsImportJobs

cloudasset.assets.exportCloudkmsKeyRings

cloudasset.assets.exportCloudmemcacheInstances

cloudasset.assets.exportCloudresourcemanagerFolders

cloudasset.assets.exportCloudresourcemanagerOrganizations

cloudasset.assets.exportCloudresourcemanagerProjects

cloudasset.assets.exportCloudresourcemanagerTagBindings

cloudasset.assets.exportCloudresourcemanagerTagKeys

cloudasset.assets.exportCloudresourcemanagerTagValues

cloudasset.assets.exportComposerEnvironments

cloudasset.assets.exportComputeAddress

cloudasset.assets.exportComputeAutoscalers

cloudasset.assets.exportComputeBackendBuckets

cloudasset.assets.exportComputeBackendServices

cloudasset.assets.exportComputeCommitments

cloudasset.assets.exportComputeDisks

cloudasset.assets.exportComputeExternalVpnGateways

cloudasset.assets.exportComputeFirewallPolicies

cloudasset.assets.exportComputeFirewalls

cloudasset.assets.exportComputeForwardingRules

cloudasset.assets.exportComputeGlobalAddress

cloudasset.assets.exportComputeGlobalForwardingRules

cloudasset.assets.exportComputeHealthChecks

cloudasset.assets.exportComputeHttpHealthChecks

cloudasset.assets.exportComputeHttpsHealthChecks

cloudasset.assets.exportComputeImages

cloudasset.assets.exportComputeInstanceGroupManagers

cloudasset.assets.exportComputeInstanceGroups

cloudasset.assets.exportComputeInstanceTemplates

cloudasset.assets.exportComputeInstances

cloudasset.assets.exportComputeInterconnect

cloudasset.assets.exportComputeInterconnectAttachment

cloudasset.assets.exportComputeLicenses

cloudasset.assets.exportComputeNetworkEndpointGroups

cloudasset.assets.exportComputeNetworks

cloudasset.assets.exportComputeNodeGroups

cloudasset.assets.exportComputeNodeTemplates

cloudasset.assets.exportComputePacketMirrorings

cloudasset.assets.exportComputeProjects

cloudasset.assets.exportComputeRegionAutoscaler

cloudasset.assets.exportComputeRegionBackendServices

cloudasset.assets.exportComputeRegionDisk

cloudasset.assets.exportComputeRegionInstanceGroup

cloudasset.assets.exportComputeRegionInstanceGroupManager

cloudasset.assets.exportComputeReservations

cloudasset.assets.exportComputeResourcePolicies

cloudasset.assets.exportComputeRouters

cloudasset.assets.exportComputeRoutes

cloudasset.assets.exportComputeSecurityPolicy

cloudasset.assets.exportComputeServiceAttachments

cloudasset.assets.exportComputeSnapshots

cloudasset.assets.exportComputeSslCertificates

cloudasset.assets.exportComputeSslPolicies

cloudasset.assets.exportComputeSubnetworks

cloudasset.assets.exportComputeTargetHttpProxies

cloudasset.assets.exportComputeTargetHttpsProxies

cloudasset.assets.exportComputeTargetInstances

cloudasset.assets.exportComputeTargetPools

cloudasset.assets.exportComputeTargetSslProxies

cloudasset.assets.exportComputeTargetTcpProxies

cloudasset.assets.exportComputeTargetVpnGateways

cloudasset.assets.exportComputeUrlMaps

cloudasset.assets.exportComputeVpnGateways

cloudasset.assets.exportComputeVpnTunnels

cloudasset.assets.exportConnectorsConnections

cloudasset.assets.exportConnectorsConnectorVersions

cloudasset.assets.exportConnectorsConnectors

cloudasset.assets.exportConnectorsProviders

cloudasset.assets.exportConnectorsRuntimeConfigs

cloudasset.assets.exportContainerAppsDeployment

cloudasset.assets.exportContainerAppsReplicaSets

cloudasset.assets.exportContainerBatchJobs

cloudasset.assets.exportContainerClusterrole

cloudasset.assets.exportContainerClusterrolebinding

cloudasset.assets.exportContainerClusters

cloudasset.assets.exportContainerExtensionsIngresses

cloudasset.assets.exportContainerJobs

cloudasset.assets.exportContainerNamespace

cloudasset.assets.exportContainerNetworkingIngresses

cloudasset.assets.exportContainerNetworkingNetworkPolicies

cloudasset.assets.exportContainerNode

cloudasset.assets.exportContainerNodepool

cloudasset.assets.exportContainerPod

cloudasset.assets.exportContainerReplicaSets

cloudasset.assets.exportContainerRole

cloudasset.assets.exportContainerRolebinding

cloudasset.assets.exportContainerServices

cloudasset.assets.exportContainerregistryImage

cloudasset.assets.exportDataMigrationConnectionProfiles

cloudasset.assets.exportDataMigrationMigrationJobs

cloudasset.assets.exportDataflowJobs

cloudasset.assets.exportDatafusionInstance

cloudasset.assets.exportDataplexAssets

cloudasset.assets.exportDataplexLakes

cloudasset.assets.exportDataplexTasks

cloudasset.assets.exportDataplexZones

cloudasset.assets.exportDataprocAutoscalingPolicies

cloudasset.assets.exportDataprocBatches

cloudasset.assets.exportDataprocClusters

cloudasset.assets.exportDataprocJobs

cloudasset.assets.exportDataprocSessions

cloudasset.assets.exportDataprocWorkflowTemplates

cloudasset.assets.exportDatastreamConnectionProfile

cloudasset.assets.exportDatastreamPrivateConnection

cloudasset.assets.exportDatastreamStream

cloudasset.assets.exportDialogflowAgents

cloudasset.assets.exportDialogflowConversationProfiles

cloudasset.assets.exportDialogflowKnowledgeBases

cloudasset.assets.exportDialogflowLocationSettings

cloudasset.assets.exportDlpDeidentifyTemplates

cloudasset.assets.exportDlpDlpJobs

cloudasset.assets.exportDlpInspectTemplates

cloudasset.assets.exportDlpJobTriggers

cloudasset.assets.exportDlpStoredInfoTypes

cloudasset.assets.exportDnsManagedZones

cloudasset.assets.exportDnsPolicies

cloudasset.assets.exportDomainsRegistrations

cloudasset.assets.exportEventarcTriggers

cloudasset.assets.exportFileBackups

cloudasset.assets.exportFileInstances

cloudasset.assets.exportFirebaseAppInfos

cloudasset.assets.exportFirebaseProjects

cloudasset.assets.exportFirestoreDatabases

cloudasset.assets.exportGKEHubFeatures

cloudasset.assets.exportGKEHubMemberships

cloudasset.assets.exportGameservicesGameServerClusters

cloudasset.assets.exportGameservicesGameServerConfigs

cloudasset.assets.exportGameservicesGameServerDeployments

cloudasset.assets.exportGameservicesRealms

cloudasset.assets.exportGkeBackupBackupPlans

cloudasset.assets.exportGkeBackupBackups

cloudasset.assets.exportGkeBackupRestorePlans

cloudasset.assets.exportGkeBackupRestores

cloudasset.assets.exportGkeBackupVolumeBackups

cloudasset.assets.exportGkeBackupVolumeRestores

cloudasset.assets.exportHealthcareConsentStores

cloudasset.assets.exportHealthcareDatasets

cloudasset.assets.exportHealthcareDicomStores

cloudasset.assets.exportHealthcareFhirStores

cloudasset.assets.exportHealthcareHl7V2Stores

cloudasset.assets.exportIamPolicy

cloudasset.assets.exportIamRoles

cloudasset.assets.exportIamServiceAccountKeys

cloudasset.assets.exportIamServiceAccounts

cloudasset.assets.exportIapTunnel

cloudasset.assets.exportIapTunnelInstances

cloudasset.assets.exportIapTunnelZones

cloudasset.assets.exportIapWeb

cloudasset.assets.exportIapWebServiceVersion

cloudasset.assets.exportIapWebServices

cloudasset.assets.exportIapWebType

cloudasset.assets.exportIdsEndpoints

cloudasset.assets.exportIntegrationsAuthConfigs

cloudasset.assets.exportIntegrationsCertificates

cloudasset.assets.exportIntegrationsExecutions

cloudasset.assets.exportIntegrationsIntegrationVersions

cloudasset.assets.exportIntegrationsIntegrations

cloudasset.assets.exportIntegrationsSfdcChannels

cloudasset.assets.exportIntegrationsSfdcInstances

cloudasset.assets.exportIntegrationsSuspensions

cloudasset.assets.exportLoggingLogMetrics

cloudasset.assets.exportLoggingLogSinks

cloudasset.assets.exportManagedidentitiesDomain

cloudasset.assets.exportMetastoreBackups

cloudasset.assets.exportMetastoreMetadataImports

cloudasset.assets.exportMetastoreServices

cloudasset.assets.exportMonitoringAlertPolicies

cloudasset.assets.exportNetworkConnectivityHubs

cloudasset.assets.exportNetworkConnectivitySpokes

cloudasset.assets.exportNetworkManagementConnectivityTests

cloudasset.assets.exportNetworkServicesEndpointPolicies

cloudasset.assets.exportNetworkServicesGateways

cloudasset.assets.exportNetworkServicesGrpcRoutes

cloudasset.assets.exportNetworkServicesHttpRoutes

cloudasset.assets.exportNetworkServicesMeshes

cloudasset.assets.exportNetworkServicesServiceBindings

cloudasset.assets.exportNetworkServicesTcpRoutes

cloudasset.assets.exportNetworkServicesTlsRoutes

cloudasset.assets.exportOSConfigOSPolicyAssignmentReports

cloudasset.assets.exportOSConfigOSPolicyAssignments

cloudasset.assets.exportOSConfigVulnerabilityReports

cloudasset.assets.exportOSInventories

cloudasset.assets.exportOrgPolicy

cloudasset.assets.exportPatchDeployments

cloudasset.assets.exportPubsubSnapshots

cloudasset.assets.exportPubsubSubscriptions

cloudasset.assets.exportPubsubTopics

cloudasset.assets.exportRedisInstances

cloudasset.assets.exportResource

cloudasset.assets.exportSecretManagerSecretVersions

cloudasset.assets.exportSecretManagerSecrets

cloudasset.assets.exportServiceDirectoryNamespaces

cloudasset.assets.exportServicePerimeter

cloudasset.assets.exportServiceconsumermanagementConsumerProperty

cloudasset.assets.exportServiceconsumermanagementConsumerQuotaLimits

cloudasset.assets.exportServiceconsumermanagementConsumers

cloudasset.assets.exportServiceconsumermanagementProducerOverrides

cloudasset.assets.exportServiceconsumermanagementTenancyUnits

cloudasset.assets.exportServiceconsumermanagementVisibility

cloudasset.assets.exportServicemanagementServices

cloudasset.assets.exportServiceusageAdminOverrides

cloudasset.assets.exportServiceusageConsumerOverrides

cloudasset.assets.exportServiceusageServices

cloudasset.assets.exportSpannerBackups

cloudasset.assets.exportSpannerDatabases

cloudasset.assets.exportSpannerInstances

cloudasset.assets.exportSpeakerIdPhrases

cloudasset.assets.exportSpeakerIdSettings

cloudasset.assets.exportSpeakerIdSpeakers

cloudasset.assets.exportSpeechCustomClasses

cloudasset.assets.exportSpeechPhraseSets

cloudasset.assets.exportSqladminBackupRuns

cloudasset.assets.exportSqladminInstances

cloudasset.assets.exportStorageBuckets

cloudasset.assets.exportTpuNodes

cloudasset.assets.exportVpcaccessConnector

cloudasset.assets.listAccessLevel

cloudasset.assets.listAccessPolicy

cloudasset.assets.listAiplatformBatchPredictionJobs

cloudasset.assets.listAiplatformCustomJobs

cloudasset.assets.listAiplatformDataLabelingJobs

cloudasset.assets.listAiplatformDatasets

cloudasset.assets.listAiplatformEndpoints

cloudasset.assets.listAiplatformHyperparameterTuningJobs

cloudasset.assets.listAiplatformMetadataStores

cloudasset.assets.listAiplatformModelDeploymentMonitoringJobs

cloudasset.assets.listAiplatformModels

cloudasset.assets.listAiplatformPipelineJobs

cloudasset.assets.listAiplatformSpecialistPools

cloudasset.assets.listAiplatformTrainingPipelines

cloudasset.assets.listAllAccessPolicy

cloudasset.assets.listAnthosConnectedCluster

cloudasset.assets.listAnthosedgeCluster

cloudasset.assets.listApigatewayApi

cloudasset.assets.listApigatewayApiConfig

cloudasset.assets.listApigatewayGateway

cloudasset.assets.listApikeysKeys

cloudasset.assets.listAppengineApplications

cloudasset.assets.listAppengineServices

cloudasset.assets.listAppengineVersions

cloudasset.assets.listArtifactregistryDockerImages

cloudasset.assets.listArtifactregistryRepositories

cloudasset.assets.listAssuredWorkloadsWorkloads

cloudasset.assets.listBeyondCorpApiGateways

cloudasset.assets.listBeyondCorpAppConnections

cloudasset.assets.listBeyondCorpAppConnectors

cloudasset.assets.listBeyondCorpAppGateways

cloudasset.assets.listBeyondCorpClientConnectorServices

cloudasset.assets.listBeyondCorpClientGateways

cloudasset.assets.listBigqueryDatasets

cloudasset.assets.listBigqueryModels

cloudasset.assets.listBigqueryTables

cloudasset.assets.listBigtableAppProfile

cloudasset.assets.listBigtableBackup

cloudasset.assets.listBigtableCluster

cloudasset.assets.listBigtableInstance

cloudasset.assets.listBigtableTable

cloudasset.assets.listCloudAssetFeeds

cloudasset.assets.listCloudDeployDeliveryPipelines

cloudasset.assets.listCloudDeployReleases

cloudasset.assets.listCloudDeployRollouts

cloudasset.assets.listCloudDeployTargets

cloudasset.assets.listCloudDocumentAIEvaluation

cloudasset.assets.listCloudDocumentAIHumanReviewConfig

cloudasset.assets.listCloudDocumentAILabelerPool

cloudasset.assets.listCloudDocumentAIProcessor

cloudasset.assets.listCloudDocumentAIProcessorVersion

cloudasset.assets.listCloudbillingBillingAccounts

cloudasset.assets.listCloudbillingProjectBillingInfos

cloudasset.assets.listCloudfunctionsFunctions

cloudasset.assets.listCloudfunctionsGen2Functions

cloudasset.assets.listCloudkmsCryptoKeyVersions

cloudasset.assets.listCloudkmsCryptoKeys

cloudasset.assets.listCloudkmsEkmConnections

cloudasset.assets.listCloudkmsImportJobs

cloudasset.assets.listCloudkmsKeyRings

cloudasset.assets.listCloudmemcacheInstances

cloudasset.assets.listCloudresourcemanagerFolders

cloudasset.assets.listCloudresourcemanagerOrganizations

cloudasset.assets.listCloudresourcemanagerProjects

cloudasset.assets.listCloudresourcemanagerTagBindings

cloudasset.assets.listCloudresourcemanagerTagKeys

cloudasset.assets.listCloudresourcemanagerTagValues

cloudasset.assets.listComposerEnvironments

cloudasset.assets.listComputeAddress

cloudasset.assets.listComputeAutoscalers

cloudasset.assets.listComputeBackendBuckets

cloudasset.assets.listComputeBackendServices

cloudasset.assets.listComputeCommitments

cloudasset.assets.listComputeDisks

cloudasset.assets.listComputeExternalVpnGateways

cloudasset.assets.listComputeFirewallPolicies

cloudasset.assets.listComputeFirewalls

cloudasset.assets.listComputeForwardingRules

cloudasset.assets.listComputeGlobalAddress

cloudasset.assets.listComputeGlobalForwardingRules

cloudasset.assets.listComputeHealthChecks

cloudasset.assets.listComputeHttpHealthChecks

cloudasset.assets.listComputeHttpsHealthChecks

cloudasset.assets.listComputeImages

cloudasset.assets.listComputeInstanceGroupManagers

cloudasset.assets.listComputeInstanceGroups

cloudasset.assets.listComputeInstanceTemplates

cloudasset.assets.listComputeInstances

cloudasset.assets.listComputeInterconnect

cloudasset.assets.listComputeInterconnectAttachment

cloudasset.assets.listComputeLicenses

cloudasset.assets.listComputeNetworkEndpointGroups

cloudasset.assets.listComputeNetworks

cloudasset.assets.listComputeNodeGroups

cloudasset.assets.listComputeNodeTemplates

cloudasset.assets.listComputePacketMirrorings

cloudasset.assets.listComputeProjects

cloudasset.assets.listComputeRegionAutoscaler

cloudasset.assets.listComputeRegionBackendServices

cloudasset.assets.listComputeRegionDisk

cloudasset.assets.listComputeRegionInstanceGroup

cloudasset.assets.listComputeRegionInstanceGroupManager

cloudasset.assets.listComputeReservations

cloudasset.assets.listComputeResourcePolicies

cloudasset.assets.listComputeRouters

cloudasset.assets.listComputeRoutes

cloudasset.assets.listComputeSecurityPolicy

cloudasset.assets.listComputeServiceAttachments

cloudasset.assets.listComputeSnapshots

cloudasset.assets.listComputeSslCertificates

cloudasset.assets.listComputeSslPolicies

cloudasset.assets.listComputeSubnetworks

cloudasset.assets.listComputeTargetHttpProxies

cloudasset.assets.listComputeTargetHttpsProxies

cloudasset.assets.listComputeTargetInstances

cloudasset.assets.listComputeTargetPools

cloudasset.assets.listComputeTargetSslProxies

cloudasset.assets.listComputeTargetTcpProxies

cloudasset.assets.listComputeTargetVpnGateways

cloudasset.assets.listComputeUrlMaps

cloudasset.assets.listComputeVpnGateways

cloudasset.assets.listComputeVpnTunnels

cloudasset.assets.listConnectorsConnections

cloudasset.assets.listConnectorsConnectorVersions

cloudasset.assets.listConnectorsConnectors

cloudasset.assets.listConnectorsProviders

cloudasset.assets.listConnectorsRuntimeConfigs

cloudasset.assets.listContainerAppsDeployment

cloudasset.assets.listContainerAppsReplicaSets

cloudasset.assets.listContainerBatchJobs

cloudasset.assets.listContainerClusterrole

cloudasset.assets.listContainerClusterrolebinding

cloudasset.assets.listContainerClusters

cloudasset.assets.listContainerExtensionsIngresses

cloudasset.assets.listContainerJobs

cloudasset.assets.listContainerNamespace

cloudasset.assets.listContainerNetworkingIngresses

cloudasset.assets.listContainerNetworkingNetworkPolicies

cloudasset.assets.listContainerNode

cloudasset.assets.listContainerNodepool

cloudasset.assets.listContainerPod

cloudasset.assets.listContainerReplicaSets

cloudasset.assets.listContainerRole

cloudasset.assets.listContainerRolebinding

cloudasset.assets.listContainerServices

cloudasset.assets.listContainerregistryImage

cloudasset.assets.listDataMigrationConnectionProfiles

cloudasset.assets.listDataMigrationMigrationJobs

cloudasset.assets.listDataflowJobs

cloudasset.assets.listDatafusionInstance

cloudasset.assets.listDataplexAssets

cloudasset.assets.listDataplexLakes

cloudasset.assets.listDataplexTasks

cloudasset.assets.listDataplexZones

cloudasset.assets.listDataprocAutoscalingPolicies

cloudasset.assets.listDataprocBatches

cloudasset.assets.listDataprocClusters

cloudasset.assets.listDataprocJobs

cloudasset.assets.listDataprocSessions

cloudasset.assets.listDataprocWorkflowTemplates

cloudasset.assets.listDatastreamConnectionProfile

cloudasset.assets.listDatastreamPrivateConnection

cloudasset.assets.listDatastreamStream

cloudasset.assets.listDialogflowAgents

cloudasset.assets.listDialogflowConversationProfiles

cloudasset.assets.listDialogflowKnowledgeBases

cloudasset.assets.listDialogflowLocationSettings

cloudasset.assets.listDlpDeidentifyTemplates

cloudasset.assets.listDlpDlpJobs

cloudasset.assets.listDlpInspectTemplates

cloudasset.assets.listDlpJobTriggers

cloudasset.assets.listDlpStoredInfoTypes

cloudasset.assets.listDnsManagedZones

cloudasset.assets.listDnsPolicies

cloudasset.assets.listDomainsRegistrations

cloudasset.assets.listEventarcTriggers

cloudasset.assets.listFileBackups

cloudasset.assets.listFileInstances

cloudasset.assets.listFirebaseAppInfos

cloudasset.assets.listFirebaseProjects

cloudasset.assets.listFirestoreDatabases

cloudasset.assets.listGKEHubFeatures

cloudasset.assets.listGKEHubMemberships

cloudasset.assets.listGameservicesGameServerClusters

cloudasset.assets.listGameservicesGameServerConfigs

cloudasset.assets.listGameservicesGameServerDeployments

cloudasset.assets.listGameservicesRealms

cloudasset.assets.listGkeBackupBackupPlans

cloudasset.assets.listGkeBackupBackups

cloudasset.assets.listGkeBackupRestorePlans

cloudasset.assets.listGkeBackupRestores

cloudasset.assets.listGkeBackupVolumeBackups

cloudasset.assets.listGkeBackupVolumeRestores

cloudasset.assets.listHealthcareConsentStores

cloudasset.assets.listHealthcareDatasets

cloudasset.assets.listHealthcareDicomStores

cloudasset.assets.listHealthcareFhirStores

cloudasset.assets.listHealthcareHl7V2Stores

cloudasset.assets.listIamPolicy

cloudasset.assets.listIamRoles

cloudasset.assets.listIamServiceAccountKeys

cloudasset.assets.listIamServiceAccounts

cloudasset.assets.listIapTunnel

cloudasset.assets.listIapTunnelInstances

cloudasset.assets.listIapTunnelZones

cloudasset.assets.listIapWeb

cloudasset.assets.listIapWebServiceVersion

cloudasset.assets.listIapWebServices

cloudasset.assets.listIapWebType

cloudasset.assets.listIdsEndpoints

cloudasset.assets.listIntegrationsAuthConfigs

cloudasset.assets.listIntegrationsCertificates

cloudasset.assets.listIntegrationsExecutions

cloudasset.assets.listIntegrationsIntegrationVersions

cloudasset.assets.listIntegrationsIntegrations

cloudasset.assets.listIntegrationsSfdcChannels

cloudasset.assets.listIntegrationsSfdcInstances

cloudasset.assets.listIntegrationsSuspensions

cloudasset.assets.listLoggingLogMetrics

cloudasset.assets.listLoggingLogSinks

cloudasset.assets.listManagedidentitiesDomain

cloudasset.assets.listMetastoreBackups

cloudasset.assets.listMetastoreMetadataImports

cloudasset.assets.listMetastoreServices

cloudasset.assets.listMonitoringAlertPolicies

cloudasset.assets.listNetworkConnectivityHubs

cloudasset.assets.listNetworkConnectivitySpokes

cloudasset.assets.listNetworkManagementConnectivityTests

cloudasset.assets.listNetworkServicesEndpointPolicies

cloudasset.assets.listNetworkServicesGateways

cloudasset.assets.listNetworkServicesGrpcRoutes

cloudasset.assets.listNetworkServicesHttpRoutes

cloudasset.assets.listNetworkServicesMeshes

cloudasset.assets.listNetworkServicesServiceBindings

cloudasset.assets.listNetworkServicesTcpRoutes

cloudasset.assets.listNetworkServicesTlsRoutes

cloudasset.assets.listOSConfigOSPolicyAssignmentReports

cloudasset.assets.listOSConfigOSPolicyAssignments

cloudasset.assets.listOSConfigVulnerabilityReports

cloudasset.assets.listOSInventories

cloudasset.assets.listOrgPolicy

cloudasset.assets.listPatchDeployments

cloudasset.assets.listPubsubSnapshots

cloudasset.assets.listPubsubSubscriptions

cloudasset.assets.listPubsubTopics

cloudasset.assets.listRedisInstances

cloudasset.assets.listResource

cloudasset.assets.listRunDomainMapping

cloudasset.assets.listRunRevision

cloudasset.assets.listRunService

cloudasset.assets.listSecretManagerSecretVersions

cloudasset.assets.listSecretManagerSecrets

cloudasset.assets.listServiceDirectoryNamespaces

cloudasset.assets.listServicePerimeter

cloudasset.assets.listServiceconsumermanagementConsumerProperty

cloudasset.assets.listServiceconsumermanagementConsumerQuotaLimits

cloudasset.assets.listServiceconsumermanagementConsumers

cloudasset.assets.listServiceconsumermanagementProducerOverrides

cloudasset.assets.listServiceconsumermanagementTenancyUnits

cloudasset.assets.listServiceconsumermanagementVisibility

cloudasset.assets.listServicemanagementServices

cloudasset.assets.listServiceusageAdminOverrides

cloudasset.assets.listServiceusageConsumerOverrides

cloudasset.assets.listServiceusageServices

cloudasset.assets.listSpannerBackups

cloudasset.assets.listSpannerDatabases

cloudasset.assets.listSpannerInstances

cloudasset.assets.listSpeakerIdPhrases

cloudasset.assets.listSpeakerIdSettings

cloudasset.assets.listSpeakerIdSpeakers

cloudasset.assets.listSpeechCustomClasses

cloudasset.assets.listSpeechPhraseSets

cloudasset.assets.listSqladminBackupRuns

cloudasset.assets.listSqladminInstances

cloudasset.assets.listStorageBuckets

cloudasset.assets.listTpuNodes

cloudasset.assets.listVpcaccessConnector

cloudasset.assets.queryAccessPolicy

cloudasset.assets.queryIamPolicy

cloudasset.assets.queryOSInventories

cloudasset.assets.queryResource

cloudasset.assets.searchAllIamPolicies

cloudasset.assets.searchAllResources

cloudasset.feeds.*

cloudasset.feeds.create
cloudasset.feeds.delete
cloudasset.feeds.get
cloudasset.feeds.list
cloudasset.feeds.update

cloudasset.othercloudconnections.get

cloudasset.othercloudconnections.list

cloudasset.othercloudconnections.verify

cloudsql.instances.connect

cloudsql.users.list

compute.disks.useReadOnly

compute.globalOperations.get

compute.instances.get

compute.instances.list

compute.networkEndpointGroups.get

compute.projects.get

compute.regionOperations.get

compute.zoneOperations.get

container.clusters.get

iam.denypolicies.get

iam.denypolicies.list

iam.googleapis.com/workloadIdentityPoolProviders.list

iam.googleapis.com/workloadIdentityPools.list

logging.logEntries.list

monitoring.alertPolicies.list

monitoring.timeSeries.list

orgpolicy.policies.list

orgpolicy.policy.get

recommender.cloudAssetInsights.get

recommender.cloudAssetInsights.list

recommender.locations.*

recommender.locations.get
recommender.locations.list

resourcemanager.folders.get

resourcemanager.folders.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.list

resourcemanager.tagValues.get

securitycenter.assets.list

securitycenter.assetsecuritymarks.update

securitycenter.findings.list

securitycenter.notificationconfig.create

securitycenter.notificationconfig.delete

securitycenter.notificationconfig.update

securitycenter.organizationsettings.get

securitycenter.resourcevalueconfigs.get

securitycenter.resourcevalueconfigs.list

securitycenter.simulations.get

securitycenter.sources.list

securitycenter.valuedresources.list

securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.*

securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get
securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list

securitycentermanagement.securityHealthAnalyticsCustomModules.create

securitycentermanagement.securityHealthAnalyticsCustomModules.delete

securitycentermanagement.securityHealthAnalyticsCustomModules.get

securitycentermanagement.securityHealthAnalyticsCustomModules.list

securitycentermanagement.securityHealthAnalyticsCustomModules.simulate

securitycentermanagement.securityHealthAnalyticsCustomModules.update

serviceusage.consumerpolicy.*

serviceusage.consumerpolicy.analyze
serviceusage.consumerpolicy.get
serviceusage.consumerpolicy.update

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.operations.get

serviceusage.quotas.get

serviceusage.services.disable

serviceusage.services.enable

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

stackdriver.projects.get

storage.buckets.get

storage.buckets.getIamPolicy

storage.buckets.list

Peran Security Command Center Management API

Peran IAM berikut tersedia untuk Security Command Center Management API. Anda dapat memberikan peran ini di tingkat organisasi, folder, atau project.

Role Permissions

Role	Permissions
Security Center Management Admin (`roles/securitycentermanagement.admin`) Full access to manage Cloud Security Command Center services and custom modules configuration.	`resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list` `securitycenter.organizationsettings.` `securitycenter.organizationsettings.get` `securitycenter.organizationsettings.update` `securitycenter.securitycentersettings.` `securitycenter.securitycentersettings.get` `securitycenter.securitycentersettings.update` `securitycentermanagement.*` `securitycentermanagement.billingMetadata.get` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.get` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.list` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list` `securitycentermanagement.eventThreatDetectionCustomModules.create` `securitycentermanagement.eventThreatDetectionCustomModules.delete` `securitycentermanagement.eventThreatDetectionCustomModules.get` `securitycentermanagement.eventThreatDetectionCustomModules.list` `securitycentermanagement.eventThreatDetectionCustomModules.update` `securitycentermanagement.eventThreatDetectionCustomModules.validate` `securitycentermanagement.locations.get` `securitycentermanagement.locations.list` `securitycentermanagement.operations.cancel` `securitycentermanagement.operations.delete` `securitycentermanagement.operations.get` `securitycentermanagement.operations.list` `securitycentermanagement.securityCenter.get` `securitycentermanagement.securityCenter.migrate` `securitycentermanagement.securityCenter.update` `securitycentermanagement.securityCenterServices.get` `securitycentermanagement.securityCenterServices.list` `securitycentermanagement.securityCenterServices.update` `securitycentermanagement.securityCommandCenter.activate` `securitycentermanagement.securityCommandCenter.checkActivationOperation` `securitycentermanagement.securityCommandCenter.checkEligibility` `securitycentermanagement.securityCommandCenter.checkOnboardingStatus` `securitycentermanagement.securityCommandCenter.generateServiceAccounts` `securitycentermanagement.securityCommandCenter.get` `securitycentermanagement.securityCommandCenter.update` `securitycentermanagement.securityHealthAnalyticsCustomModules.create` `securitycentermanagement.securityHealthAnalyticsCustomModules.delete` `securitycentermanagement.securityHealthAnalyticsCustomModules.get` `securitycentermanagement.securityHealthAnalyticsCustomModules.list` `securitycentermanagement.securityHealthAnalyticsCustomModules.simulate` `securitycentermanagement.securityHealthAnalyticsCustomModules.test` `securitycentermanagement.securityHealthAnalyticsCustomModules.update`
Securitycentermanagement Editor (`roles/securitycentermanagement.editor`) Editor role for securitycentermanagement	`resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list` `securitycenter.organizationsettings.get` `securitycenter.securitycentersettings.get` `securitycentermanagement.billingMetadata.get` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.get` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.list` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list` `securitycentermanagement.eventThreatDetectionCustomModules.` `securitycentermanagement.eventThreatDetectionCustomModules.create` `securitycentermanagement.eventThreatDetectionCustomModules.delete` `securitycentermanagement.eventThreatDetectionCustomModules.get` `securitycentermanagement.eventThreatDetectionCustomModules.list` `securitycentermanagement.eventThreatDetectionCustomModules.update` `securitycentermanagement.eventThreatDetectionCustomModules.validate` `securitycentermanagement.locations.` `securitycentermanagement.locations.get` `securitycentermanagement.locations.list` `securitycentermanagement.operations.` `securitycentermanagement.operations.cancel` `securitycentermanagement.operations.delete` `securitycentermanagement.operations.get` `securitycentermanagement.operations.list` `securitycentermanagement.securityCenter.get` `securitycentermanagement.securityCenter.migrate` `securitycentermanagement.securityCenterServices.get` `securitycentermanagement.securityCenterServices.list` `securitycentermanagement.securityCommandCenter.` `securitycentermanagement.securityCommandCenter.activate` `securitycentermanagement.securityCommandCenter.checkActivationOperation` `securitycentermanagement.securityCommandCenter.checkEligibility` `securitycentermanagement.securityCommandCenter.checkOnboardingStatus` `securitycentermanagement.securityCommandCenter.generateServiceAccounts` `securitycentermanagement.securityCommandCenter.get` `securitycentermanagement.securityCommandCenter.update` `securitycentermanagement.securityHealthAnalyticsCustomModules.*` `securitycentermanagement.securityHealthAnalyticsCustomModules.create` `securitycentermanagement.securityHealthAnalyticsCustomModules.delete` `securitycentermanagement.securityHealthAnalyticsCustomModules.get` `securitycentermanagement.securityHealthAnalyticsCustomModules.list` `securitycentermanagement.securityHealthAnalyticsCustomModules.simulate` `securitycentermanagement.securityHealthAnalyticsCustomModules.test` `securitycentermanagement.securityHealthAnalyticsCustomModules.update`
Security Center Management Viewer (`roles/securitycentermanagement.viewer`) Readonly access to Cloud Security Command Center services and custom modules configuration.	`resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list` `securitycenter.organizationsettings.get` `securitycenter.securitycentersettings.get` `securitycentermanagement.billingMetadata.get` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.get` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.list` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list` `securitycentermanagement.eventThreatDetectionCustomModules.get` `securitycentermanagement.eventThreatDetectionCustomModules.list` `securitycentermanagement.eventThreatDetectionCustomModules.validate` `securitycentermanagement.locations.*` `securitycentermanagement.locations.get` `securitycentermanagement.locations.list` `securitycentermanagement.operations.get` `securitycentermanagement.operations.list` `securitycentermanagement.securityCenter.get` `securitycentermanagement.securityCenterServices.get` `securitycentermanagement.securityCenterServices.list` `securitycentermanagement.securityCommandCenter.checkActivationOperation` `securitycentermanagement.securityCommandCenter.checkOnboardingStatus` `securitycentermanagement.securityCommandCenter.get` `securitycentermanagement.securityHealthAnalyticsCustomModules.get` `securitycentermanagement.securityHealthAnalyticsCustomModules.list` `securitycentermanagement.securityHealthAnalyticsCustomModules.simulate` `securitycentermanagement.securityHealthAnalyticsCustomModules.test`
Security Center Management Custom Modules Editor (`roles/securitycentermanagement.customModulesEditor`) Full access to manage Cloud Security Command Center custom modules.	`resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.get` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.list` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list` `securitycentermanagement.eventThreatDetectionCustomModules.` `securitycentermanagement.eventThreatDetectionCustomModules.create` `securitycentermanagement.eventThreatDetectionCustomModules.delete` `securitycentermanagement.eventThreatDetectionCustomModules.get` `securitycentermanagement.eventThreatDetectionCustomModules.list` `securitycentermanagement.eventThreatDetectionCustomModules.update` `securitycentermanagement.eventThreatDetectionCustomModules.validate` `securitycentermanagement.locations.` `securitycentermanagement.locations.get` `securitycentermanagement.locations.list` `securitycentermanagement.securityHealthAnalyticsCustomModules.*` `securitycentermanagement.securityHealthAnalyticsCustomModules.create` `securitycentermanagement.securityHealthAnalyticsCustomModules.delete` `securitycentermanagement.securityHealthAnalyticsCustomModules.get` `securitycentermanagement.securityHealthAnalyticsCustomModules.list` `securitycentermanagement.securityHealthAnalyticsCustomModules.simulate` `securitycentermanagement.securityHealthAnalyticsCustomModules.test` `securitycentermanagement.securityHealthAnalyticsCustomModules.update`
Security Center Management Custom Modules Viewer (`roles/securitycentermanagement.customModulesViewer`) Readonly access to Cloud Security Command Center custom modules.	`resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.get` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.list` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list` `securitycentermanagement.eventThreatDetectionCustomModules.get` `securitycentermanagement.eventThreatDetectionCustomModules.list` `securitycentermanagement.eventThreatDetectionCustomModules.validate` `securitycentermanagement.locations.*` `securitycentermanagement.locations.get` `securitycentermanagement.locations.list` `securitycentermanagement.securityHealthAnalyticsCustomModules.get` `securitycentermanagement.securityHealthAnalyticsCustomModules.list` `securitycentermanagement.securityHealthAnalyticsCustomModules.simulate` `securitycentermanagement.securityHealthAnalyticsCustomModules.test`
Security Center Management Custom ETD Modules Editor (`roles/securitycentermanagement.etdCustomModulesEditor`) Full access to manage Cloud Security Command Center ETD custom modules.	`resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.get` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.list` `securitycentermanagement.eventThreatDetectionCustomModules.` `securitycentermanagement.eventThreatDetectionCustomModules.create` `securitycentermanagement.eventThreatDetectionCustomModules.delete` `securitycentermanagement.eventThreatDetectionCustomModules.get` `securitycentermanagement.eventThreatDetectionCustomModules.list` `securitycentermanagement.eventThreatDetectionCustomModules.update` `securitycentermanagement.eventThreatDetectionCustomModules.validate` `securitycentermanagement.locations.*` `securitycentermanagement.locations.get` `securitycentermanagement.locations.list`
Security Center Management ETD Custom Modules Viewer (`roles/securitycentermanagement.etdCustomModulesViewer`) Readonly access to Cloud Security Command Center ETD custom modules.	`resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.get` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.list` `securitycentermanagement.eventThreatDetectionCustomModules.get` `securitycentermanagement.eventThreatDetectionCustomModules.list` `securitycentermanagement.eventThreatDetectionCustomModules.validate` `securitycentermanagement.locations.` `securitycentermanagement.locations.get` `securitycentermanagement.locations.list`
Security Center Management Services Editor (`roles/securitycentermanagement.securityCenterServicesEditor`) Full access to manage Cloud Security Command Center services configuration.	`securitycentermanagement.securityCenterServices.*` `securitycentermanagement.securityCenterServices.get` `securitycentermanagement.securityCenterServices.list` `securitycentermanagement.securityCenterServices.update`
Security Center Management Services Viewer (`roles/securitycentermanagement.securityCenterServicesViewer`) Readonly access to Cloud Security Command Center services configuration.	`securitycentermanagement.securityCenterServices.get` `securitycentermanagement.securityCenterServices.list`
Security Center Management Settings Editor (`roles/securitycentermanagement.settingsEditor`) Full access to manage Cloud Security Command Center settings	`resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list` `securitycenter.organizationsettings.` `securitycenter.organizationsettings.get` `securitycenter.organizationsettings.update` `securitycenter.securitycentersettings.` `securitycenter.securitycentersettings.get` `securitycenter.securitycentersettings.update` `securitycentermanagement.billingMetadata.get` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.get` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.list` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list` `securitycentermanagement.eventThreatDetectionCustomModules.` `securitycentermanagement.eventThreatDetectionCustomModules.create` `securitycentermanagement.eventThreatDetectionCustomModules.delete` `securitycentermanagement.eventThreatDetectionCustomModules.get` `securitycentermanagement.eventThreatDetectionCustomModules.list` `securitycentermanagement.eventThreatDetectionCustomModules.update` `securitycentermanagement.eventThreatDetectionCustomModules.validate` `securitycentermanagement.locations.` `securitycentermanagement.locations.get` `securitycentermanagement.locations.list` `securitycentermanagement.securityCenterServices.` `securitycentermanagement.securityCenterServices.get` `securitycentermanagement.securityCenterServices.list` `securitycentermanagement.securityCenterServices.update` `securitycentermanagement.securityCommandCenter.` `securitycentermanagement.securityCommandCenter.activate` `securitycentermanagement.securityCommandCenter.checkActivationOperation` `securitycentermanagement.securityCommandCenter.checkEligibility` `securitycentermanagement.securityCommandCenter.checkOnboardingStatus` `securitycentermanagement.securityCommandCenter.generateServiceAccounts` `securitycentermanagement.securityCommandCenter.get` `securitycentermanagement.securityCommandCenter.update` `securitycentermanagement.securityHealthAnalyticsCustomModules.*` `securitycentermanagement.securityHealthAnalyticsCustomModules.create` `securitycentermanagement.securityHealthAnalyticsCustomModules.delete` `securitycentermanagement.securityHealthAnalyticsCustomModules.get` `securitycentermanagement.securityHealthAnalyticsCustomModules.list` `securitycentermanagement.securityHealthAnalyticsCustomModules.simulate` `securitycentermanagement.securityHealthAnalyticsCustomModules.test` `securitycentermanagement.securityHealthAnalyticsCustomModules.update`
Security Center Management Settings Viewer (`roles/securitycentermanagement.settingsViewer`) Readonly access to Cloud Security Command Center settings	`resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list` `securitycenter.organizationsettings.get` `securitycenter.securitycentersettings.get` `securitycentermanagement.billingMetadata.get` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.get` `securitycentermanagement.effectiveEventThreatDetectionCustomModules.list` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list` `securitycentermanagement.eventThreatDetectionCustomModules.get` `securitycentermanagement.eventThreatDetectionCustomModules.list` `securitycentermanagement.eventThreatDetectionCustomModules.validate` `securitycentermanagement.locations.*` `securitycentermanagement.locations.get` `securitycentermanagement.locations.list` `securitycentermanagement.securityCenterServices.get` `securitycentermanagement.securityCenterServices.list` `securitycentermanagement.securityCommandCenter.checkActivationOperation` `securitycentermanagement.securityCommandCenter.checkOnboardingStatus` `securitycentermanagement.securityCommandCenter.get` `securitycentermanagement.securityHealthAnalyticsCustomModules.get` `securitycentermanagement.securityHealthAnalyticsCustomModules.list` `securitycentermanagement.securityHealthAnalyticsCustomModules.simulate` `securitycentermanagement.securityHealthAnalyticsCustomModules.test`
Security Center Management SHA Custom Modules Editor (`roles/securitycentermanagement.shaCustomModulesEditor`) Full access to manage Cloud Security Command Center SHA custom modules.	`resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list` `securitycentermanagement.locations.` `securitycentermanagement.locations.get` `securitycentermanagement.locations.list` `securitycentermanagement.securityHealthAnalyticsCustomModules.*` `securitycentermanagement.securityHealthAnalyticsCustomModules.create` `securitycentermanagement.securityHealthAnalyticsCustomModules.delete` `securitycentermanagement.securityHealthAnalyticsCustomModules.get` `securitycentermanagement.securityHealthAnalyticsCustomModules.list` `securitycentermanagement.securityHealthAnalyticsCustomModules.simulate` `securitycentermanagement.securityHealthAnalyticsCustomModules.test` `securitycentermanagement.securityHealthAnalyticsCustomModules.update`
Security Center Management SHA Custom Modules Viewer (`roles/securitycentermanagement.shaCustomModulesViewer`) Readonly access to Cloud Security Command Center SHA custom modules.	`resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list` `securitycentermanagement.locations.` `securitycentermanagement.locations.get` `securitycentermanagement.locations.list` `securitycentermanagement.securityHealthAnalyticsCustomModules.get` `securitycentermanagement.securityHealthAnalyticsCustomModules.list` `securitycentermanagement.securityHealthAnalyticsCustomModules.simulate` `securitycentermanagement.securityHealthAnalyticsCustomModules.test`

Security Center Management Admin

(roles/securitycentermanagement.admin)

Full access to manage Cloud Security Command Center services and custom modules configuration.

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

securitycenter.organizationsettings.*

securitycenter.organizationsettings.get
securitycenter.organizationsettings.update

securitycenter.securitycentersettings.*

securitycenter.securitycentersettings.get
securitycenter.securitycentersettings.update

securitycentermanagement.*

securitycentermanagement.billingMetadata.get
securitycentermanagement.effectiveEventThreatDetectionCustomModules.get
securitycentermanagement.effectiveEventThreatDetectionCustomModules.list
securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get
securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list
securitycentermanagement.eventThreatDetectionCustomModules.create
securitycentermanagement.eventThreatDetectionCustomModules.delete
securitycentermanagement.eventThreatDetectionCustomModules.get
securitycentermanagement.eventThreatDetectionCustomModules.list
securitycentermanagement.eventThreatDetectionCustomModules.update
securitycentermanagement.eventThreatDetectionCustomModules.validate
securitycentermanagement.locations.get
securitycentermanagement.locations.list
securitycentermanagement.operations.cancel
securitycentermanagement.operations.delete
securitycentermanagement.operations.get
securitycentermanagement.operations.list
securitycentermanagement.securityCenter.get
securitycentermanagement.securityCenter.migrate
securitycentermanagement.securityCenter.update
securitycentermanagement.securityCenterServices.get
securitycentermanagement.securityCenterServices.list
securitycentermanagement.securityCenterServices.update
securitycentermanagement.securityCommandCenter.activate
securitycentermanagement.securityCommandCenter.checkActivationOperation
securitycentermanagement.securityCommandCenter.checkEligibility
securitycentermanagement.securityCommandCenter.checkOnboardingStatus
securitycentermanagement.securityCommandCenter.generateServiceAccounts
securitycentermanagement.securityCommandCenter.get
securitycentermanagement.securityCommandCenter.update
securitycentermanagement.securityHealthAnalyticsCustomModules.create
securitycentermanagement.securityHealthAnalyticsCustomModules.delete
securitycentermanagement.securityHealthAnalyticsCustomModules.get
securitycentermanagement.securityHealthAnalyticsCustomModules.list
securitycentermanagement.securityHealthAnalyticsCustomModules.simulate
securitycentermanagement.securityHealthAnalyticsCustomModules.test
securitycentermanagement.securityHealthAnalyticsCustomModules.update

Securitycentermanagement Editor

(roles/securitycentermanagement.editor)

Editor role for securitycentermanagement

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

securitycenter.organizationsettings.get

securitycenter.securitycentersettings.get

securitycentermanagement.billingMetadata.get

securitycentermanagement.effectiveEventThreatDetectionCustomModules.*

securitycentermanagement.effectiveEventThreatDetectionCustomModules.get
securitycentermanagement.effectiveEventThreatDetectionCustomModules.list

securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.*

securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get
securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list

securitycentermanagement.eventThreatDetectionCustomModules.*

securitycentermanagement.eventThreatDetectionCustomModules.create
securitycentermanagement.eventThreatDetectionCustomModules.delete
securitycentermanagement.eventThreatDetectionCustomModules.get
securitycentermanagement.eventThreatDetectionCustomModules.list
securitycentermanagement.eventThreatDetectionCustomModules.update
securitycentermanagement.eventThreatDetectionCustomModules.validate

securitycentermanagement.locations.*

securitycentermanagement.locations.get
securitycentermanagement.locations.list

securitycentermanagement.operations.*

securitycentermanagement.operations.cancel
securitycentermanagement.operations.delete
securitycentermanagement.operations.get
securitycentermanagement.operations.list

securitycentermanagement.securityCenter.get

securitycentermanagement.securityCenter.migrate

securitycentermanagement.securityCenterServices.get

securitycentermanagement.securityCenterServices.list

securitycentermanagement.securityCommandCenter.*

securitycentermanagement.securityCommandCenter.activate
securitycentermanagement.securityCommandCenter.checkActivationOperation
securitycentermanagement.securityCommandCenter.checkEligibility
securitycentermanagement.securityCommandCenter.checkOnboardingStatus
securitycentermanagement.securityCommandCenter.generateServiceAccounts
securitycentermanagement.securityCommandCenter.get
securitycentermanagement.securityCommandCenter.update

securitycentermanagement.securityHealthAnalyticsCustomModules.*

securitycentermanagement.securityHealthAnalyticsCustomModules.create
securitycentermanagement.securityHealthAnalyticsCustomModules.delete
securitycentermanagement.securityHealthAnalyticsCustomModules.get
securitycentermanagement.securityHealthAnalyticsCustomModules.list
securitycentermanagement.securityHealthAnalyticsCustomModules.simulate
securitycentermanagement.securityHealthAnalyticsCustomModules.test
securitycentermanagement.securityHealthAnalyticsCustomModules.update

Security Center Management Viewer

(roles/securitycentermanagement.viewer)

Readonly access to Cloud Security Command Center services and custom modules configuration.

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

securitycenter.organizationsettings.get

securitycenter.securitycentersettings.get

securitycentermanagement.billingMetadata.get

securitycentermanagement.effectiveEventThreatDetectionCustomModules.*

securitycentermanagement.effectiveEventThreatDetectionCustomModules.get
securitycentermanagement.effectiveEventThreatDetectionCustomModules.list

securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.*

securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get
securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list

securitycentermanagement.eventThreatDetectionCustomModules.get

securitycentermanagement.eventThreatDetectionCustomModules.list

securitycentermanagement.eventThreatDetectionCustomModules.validate

securitycentermanagement.locations.*

securitycentermanagement.locations.get
securitycentermanagement.locations.list

securitycentermanagement.operations.get

securitycentermanagement.operations.list

securitycentermanagement.securityCenter.get

securitycentermanagement.securityCenterServices.get

securitycentermanagement.securityCenterServices.list

securitycentermanagement.securityCommandCenter.checkActivationOperation

securitycentermanagement.securityCommandCenter.checkOnboardingStatus

securitycentermanagement.securityCommandCenter.get

securitycentermanagement.securityHealthAnalyticsCustomModules.get

securitycentermanagement.securityHealthAnalyticsCustomModules.list

securitycentermanagement.securityHealthAnalyticsCustomModules.simulate

securitycentermanagement.securityHealthAnalyticsCustomModules.test

Security Center Management Custom Modules Editor

(roles/securitycentermanagement.customModulesEditor)

Full access to manage Cloud Security Command Center custom modules.

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

securitycentermanagement.effectiveEventThreatDetectionCustomModules.*

securitycentermanagement.effectiveEventThreatDetectionCustomModules.get
securitycentermanagement.effectiveEventThreatDetectionCustomModules.list

securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.*

securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get
securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list

securitycentermanagement.eventThreatDetectionCustomModules.*

securitycentermanagement.eventThreatDetectionCustomModules.create
securitycentermanagement.eventThreatDetectionCustomModules.delete
securitycentermanagement.eventThreatDetectionCustomModules.get
securitycentermanagement.eventThreatDetectionCustomModules.list
securitycentermanagement.eventThreatDetectionCustomModules.update
securitycentermanagement.eventThreatDetectionCustomModules.validate

securitycentermanagement.locations.*

securitycentermanagement.locations.get
securitycentermanagement.locations.list

securitycentermanagement.securityHealthAnalyticsCustomModules.*

securitycentermanagement.securityHealthAnalyticsCustomModules.create
securitycentermanagement.securityHealthAnalyticsCustomModules.delete
securitycentermanagement.securityHealthAnalyticsCustomModules.get
securitycentermanagement.securityHealthAnalyticsCustomModules.list
securitycentermanagement.securityHealthAnalyticsCustomModules.simulate
securitycentermanagement.securityHealthAnalyticsCustomModules.test
securitycentermanagement.securityHealthAnalyticsCustomModules.update

Security Center Management Custom Modules Viewer

(roles/securitycentermanagement.customModulesViewer)

Readonly access to Cloud Security Command Center custom modules.

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

securitycentermanagement.effectiveEventThreatDetectionCustomModules.*

securitycentermanagement.effectiveEventThreatDetectionCustomModules.get
securitycentermanagement.effectiveEventThreatDetectionCustomModules.list

securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.*

securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get
securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list

securitycentermanagement.eventThreatDetectionCustomModules.get

securitycentermanagement.eventThreatDetectionCustomModules.list

securitycentermanagement.eventThreatDetectionCustomModules.validate

securitycentermanagement.locations.*

securitycentermanagement.locations.get
securitycentermanagement.locations.list

securitycentermanagement.securityHealthAnalyticsCustomModules.get

securitycentermanagement.securityHealthAnalyticsCustomModules.list

securitycentermanagement.securityHealthAnalyticsCustomModules.simulate

securitycentermanagement.securityHealthAnalyticsCustomModules.test

Security Center Management Custom ETD Modules Editor

(roles/securitycentermanagement.etdCustomModulesEditor)

Full access to manage Cloud Security Command Center ETD custom modules.

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

securitycentermanagement.effectiveEventThreatDetectionCustomModules.*

securitycentermanagement.effectiveEventThreatDetectionCustomModules.get
securitycentermanagement.effectiveEventThreatDetectionCustomModules.list

securitycentermanagement.eventThreatDetectionCustomModules.*

securitycentermanagement.eventThreatDetectionCustomModules.create
securitycentermanagement.eventThreatDetectionCustomModules.delete
securitycentermanagement.eventThreatDetectionCustomModules.get
securitycentermanagement.eventThreatDetectionCustomModules.list
securitycentermanagement.eventThreatDetectionCustomModules.update
securitycentermanagement.eventThreatDetectionCustomModules.validate

securitycentermanagement.locations.*

securitycentermanagement.locations.get
securitycentermanagement.locations.list

Security Center Management ETD Custom Modules Viewer

(roles/securitycentermanagement.etdCustomModulesViewer)

Readonly access to Cloud Security Command Center ETD custom modules.

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

securitycentermanagement.effectiveEventThreatDetectionCustomModules.*

securitycentermanagement.effectiveEventThreatDetectionCustomModules.get
securitycentermanagement.effectiveEventThreatDetectionCustomModules.list

securitycentermanagement.eventThreatDetectionCustomModules.get

securitycentermanagement.eventThreatDetectionCustomModules.list

securitycentermanagement.eventThreatDetectionCustomModules.validate

securitycentermanagement.locations.*

securitycentermanagement.locations.get
securitycentermanagement.locations.list

Security Center Management Services Editor

(roles/securitycentermanagement.securityCenterServicesEditor)

Full access to manage Cloud Security Command Center services configuration.

securitycentermanagement.securityCenterServices.*

securitycentermanagement.securityCenterServices.get
securitycentermanagement.securityCenterServices.list
securitycentermanagement.securityCenterServices.update

Security Center Management Services Viewer

(roles/securitycentermanagement.securityCenterServicesViewer)

Readonly access to Cloud Security Command Center services configuration.

securitycentermanagement.securityCenterServices.get

securitycentermanagement.securityCenterServices.list

Security Center Management Settings Editor

(roles/securitycentermanagement.settingsEditor)

Full access to manage Cloud Security Command Center settings

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

securitycenter.organizationsettings.*

securitycenter.organizationsettings.get
securitycenter.organizationsettings.update

securitycenter.securitycentersettings.*

securitycenter.securitycentersettings.get
securitycenter.securitycentersettings.update

securitycentermanagement.billingMetadata.get

securitycentermanagement.effectiveEventThreatDetectionCustomModules.*

securitycentermanagement.effectiveEventThreatDetectionCustomModules.get
securitycentermanagement.effectiveEventThreatDetectionCustomModules.list

securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.*

securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get
securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list

securitycentermanagement.eventThreatDetectionCustomModules.*

securitycentermanagement.eventThreatDetectionCustomModules.create
securitycentermanagement.eventThreatDetectionCustomModules.delete
securitycentermanagement.eventThreatDetectionCustomModules.get
securitycentermanagement.eventThreatDetectionCustomModules.list
securitycentermanagement.eventThreatDetectionCustomModules.update
securitycentermanagement.eventThreatDetectionCustomModules.validate

securitycentermanagement.locations.*

securitycentermanagement.locations.get
securitycentermanagement.locations.list

securitycentermanagement.securityCenterServices.*

securitycentermanagement.securityCenterServices.get
securitycentermanagement.securityCenterServices.list
securitycentermanagement.securityCenterServices.update

securitycentermanagement.securityCommandCenter.*

securitycentermanagement.securityCommandCenter.activate
securitycentermanagement.securityCommandCenter.checkActivationOperation
securitycentermanagement.securityCommandCenter.checkEligibility
securitycentermanagement.securityCommandCenter.checkOnboardingStatus
securitycentermanagement.securityCommandCenter.generateServiceAccounts
securitycentermanagement.securityCommandCenter.get
securitycentermanagement.securityCommandCenter.update

securitycentermanagement.securityHealthAnalyticsCustomModules.*

securitycentermanagement.securityHealthAnalyticsCustomModules.create
securitycentermanagement.securityHealthAnalyticsCustomModules.delete
securitycentermanagement.securityHealthAnalyticsCustomModules.get
securitycentermanagement.securityHealthAnalyticsCustomModules.list
securitycentermanagement.securityHealthAnalyticsCustomModules.simulate
securitycentermanagement.securityHealthAnalyticsCustomModules.test
securitycentermanagement.securityHealthAnalyticsCustomModules.update

Security Center Management Settings Viewer

(roles/securitycentermanagement.settingsViewer)

Readonly access to Cloud Security Command Center settings

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

securitycenter.organizationsettings.get

securitycenter.securitycentersettings.get

securitycentermanagement.billingMetadata.get

securitycentermanagement.effectiveEventThreatDetectionCustomModules.*

securitycentermanagement.effectiveEventThreatDetectionCustomModules.get
securitycentermanagement.effectiveEventThreatDetectionCustomModules.list

securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.*

securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get
securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list

securitycentermanagement.eventThreatDetectionCustomModules.get

securitycentermanagement.eventThreatDetectionCustomModules.list

securitycentermanagement.eventThreatDetectionCustomModules.validate

securitycentermanagement.locations.*

securitycentermanagement.locations.get
securitycentermanagement.locations.list

securitycentermanagement.securityCenterServices.get

securitycentermanagement.securityCenterServices.list

securitycentermanagement.securityCommandCenter.checkActivationOperation

securitycentermanagement.securityCommandCenter.checkOnboardingStatus

securitycentermanagement.securityCommandCenter.get

securitycentermanagement.securityHealthAnalyticsCustomModules.get

securitycentermanagement.securityHealthAnalyticsCustomModules.list

securitycentermanagement.securityHealthAnalyticsCustomModules.simulate

securitycentermanagement.securityHealthAnalyticsCustomModules.test

Security Center Management SHA Custom Modules Editor

(roles/securitycentermanagement.shaCustomModulesEditor)

Full access to manage Cloud Security Command Center SHA custom modules.

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.*

securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get
securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list

securitycentermanagement.locations.*

securitycentermanagement.locations.get
securitycentermanagement.locations.list

securitycentermanagement.securityHealthAnalyticsCustomModules.*

securitycentermanagement.securityHealthAnalyticsCustomModules.create
securitycentermanagement.securityHealthAnalyticsCustomModules.delete
securitycentermanagement.securityHealthAnalyticsCustomModules.get
securitycentermanagement.securityHealthAnalyticsCustomModules.list
securitycentermanagement.securityHealthAnalyticsCustomModules.simulate
securitycentermanagement.securityHealthAnalyticsCustomModules.test
securitycentermanagement.securityHealthAnalyticsCustomModules.update

Security Center Management SHA Custom Modules Viewer

(roles/securitycentermanagement.shaCustomModulesViewer)

Readonly access to Cloud Security Command Center SHA custom modules.

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.*

securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get
securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list

securitycentermanagement.locations.*

securitycentermanagement.locations.get
securitycentermanagement.locations.list

securitycentermanagement.securityHealthAnalyticsCustomModules.get

securitycentermanagement.securityHealthAnalyticsCustomModules.list

securitycentermanagement.securityHealthAnalyticsCustomModules.simulate

securitycentermanagement.securityHealthAnalyticsCustomModules.test

Peran IAM di Compliance Manager

Berikut adalah daftar peran dan izin IAM yang tersedia untuk layanan Compliance Manager. Anda dapat memberikan peran ini di tingkat organisasi, folder, atau project.

Role Permissions

Role	Permissions
Compliance Manager Admin (`roles/cloudsecuritycompliance.admin`) Full access to Compliance Manager resources.	`auditmanager.auditReports.` `auditmanager.auditReports.generate` `auditmanager.auditReports.get` `auditmanager.auditReports.list` `auditmanager.auditScopeReports.generate` `auditmanager.billingSettings.get` `auditmanager.controlReports.` `auditmanager.controlReports.get` `auditmanager.controlReports.list` `auditmanager.controls.list` `auditmanager.findings.list` `auditmanager.locations.` `auditmanager.locations.enrollResource` `auditmanager.locations.get` `auditmanager.locations.list` `auditmanager.operations.` `auditmanager.operations.get` `auditmanager.operations.list` `auditmanager.resourceEnrollmentStatuses.` `auditmanager.resourceEnrollmentStatuses.get` `auditmanager.resourceEnrollmentStatuses.list` `cloudsecuritycompliance.` `cloudsecuritycompliance.auditReports.generate` `cloudsecuritycompliance.auditReports.get` `cloudsecuritycompliance.auditReports.list` `cloudsecuritycompliance.auditScopeReports.generate` `cloudsecuritycompliance.billingSettings.get` `cloudsecuritycompliance.cloudControlDeployments.create` `cloudsecuritycompliance.cloudControlDeployments.delete` `cloudsecuritycompliance.cloudControlDeployments.get` `cloudsecuritycompliance.cloudControlDeployments.list` `cloudsecuritycompliance.cloudControlDeployments.update` `cloudsecuritycompliance.cloudControlPredictions.create` `cloudsecuritycompliance.cloudControlPredictions.get` `cloudsecuritycompliance.cloudControlPredictions.list` `cloudsecuritycompliance.cloudControls.create` `cloudsecuritycompliance.cloudControls.delete` `cloudsecuritycompliance.cloudControls.get` `cloudsecuritycompliance.cloudControls.list` `cloudsecuritycompliance.cloudControls.update` `cloudsecuritycompliance.cmEnrollments.get` `cloudsecuritycompliance.cmEnrollments.update` `cloudsecuritycompliance.controlComplianceSummaries.list` `cloudsecuritycompliance.controlReports.get` `cloudsecuritycompliance.controls.get` `cloudsecuritycompliance.controls.list` `cloudsecuritycompliance.findingSummaries.list` `cloudsecuritycompliance.findings.list` `cloudsecuritycompliance.frameworkAudits.create` `cloudsecuritycompliance.frameworkAudits.get` `cloudsecuritycompliance.frameworkAudits.list` `cloudsecuritycompliance.frameworkComplianceReports.aggregate` `cloudsecuritycompliance.frameworkComplianceReports.get` `cloudsecuritycompliance.frameworkComplianceSummaries.list` `cloudsecuritycompliance.frameworkDeployments.create` `cloudsecuritycompliance.frameworkDeployments.delete` `cloudsecuritycompliance.frameworkDeployments.get` `cloudsecuritycompliance.frameworkDeployments.list` `cloudsecuritycompliance.frameworkDeployments.update` `cloudsecuritycompliance.frameworks.create` `cloudsecuritycompliance.frameworks.delete` `cloudsecuritycompliance.frameworks.get` `cloudsecuritycompliance.frameworks.list` `cloudsecuritycompliance.frameworks.update` `cloudsecuritycompliance.locations.enrollResource` `cloudsecuritycompliance.locations.get` `cloudsecuritycompliance.locations.list` `cloudsecuritycompliance.operations.cancel` `cloudsecuritycompliance.operations.delete` `cloudsecuritycompliance.operations.get` `cloudsecuritycompliance.operations.list` `cloudsecuritycompliance.resourceEnrollmentStatuses.get` `cloudsecuritycompliance.resourceEnrollmentStatuses.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Compliance Manager Viewer (`roles/cloudsecuritycompliance.viewer`) Readonly access to Compliance Manager resources.	`auditmanager.auditReports.get` `auditmanager.auditReports.list` `auditmanager.billingSettings.get` `auditmanager.controlReports.` `auditmanager.controlReports.get` `auditmanager.controlReports.list` `auditmanager.controls.list` `auditmanager.findings.list` `auditmanager.locations.get` `auditmanager.locations.list` `auditmanager.operations.` `auditmanager.operations.get` `auditmanager.operations.list` `auditmanager.resourceEnrollmentStatuses.` `auditmanager.resourceEnrollmentStatuses.get` `auditmanager.resourceEnrollmentStatuses.list` `cloudsecuritycompliance.auditReports.get` `cloudsecuritycompliance.auditReports.list` `cloudsecuritycompliance.billingSettings.get` `cloudsecuritycompliance.cloudControlDeployments.get` `cloudsecuritycompliance.cloudControlDeployments.list` `cloudsecuritycompliance.cloudControlPredictions.get` `cloudsecuritycompliance.cloudControlPredictions.list` `cloudsecuritycompliance.cloudControls.get` `cloudsecuritycompliance.cloudControls.list` `cloudsecuritycompliance.cmEnrollments.get` `cloudsecuritycompliance.controlComplianceSummaries.list` `cloudsecuritycompliance.controlReports.get` `cloudsecuritycompliance.controls.` `cloudsecuritycompliance.controls.get` `cloudsecuritycompliance.controls.list` `cloudsecuritycompliance.findingSummaries.list` `cloudsecuritycompliance.findings.list` `cloudsecuritycompliance.frameworkAudits.get` `cloudsecuritycompliance.frameworkAudits.list` `cloudsecuritycompliance.frameworkComplianceReports.` `cloudsecuritycompliance.frameworkComplianceReports.aggregate` `cloudsecuritycompliance.frameworkComplianceReports.get` `cloudsecuritycompliance.frameworkComplianceSummaries.list` `cloudsecuritycompliance.frameworkDeployments.get` `cloudsecuritycompliance.frameworkDeployments.list` `cloudsecuritycompliance.frameworks.get` `cloudsecuritycompliance.frameworks.list` `cloudsecuritycompliance.locations.get` `cloudsecuritycompliance.locations.list` `cloudsecuritycompliance.operations.get` `cloudsecuritycompliance.operations.list` `cloudsecuritycompliance.resourceEnrollmentStatuses.` `cloudsecuritycompliance.resourceEnrollmentStatuses.get` `cloudsecuritycompliance.resourceEnrollmentStatuses.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

Compliance Manager Admin

(roles/cloudsecuritycompliance.admin)

Full access to Compliance Manager resources.

auditmanager.auditReports.*

auditmanager.auditReports.generate
auditmanager.auditReports.get
auditmanager.auditReports.list

auditmanager.auditScopeReports.generate

auditmanager.billingSettings.get

auditmanager.controlReports.*

auditmanager.controlReports.get
auditmanager.controlReports.list

auditmanager.controls.list

auditmanager.findings.list

auditmanager.locations.*

auditmanager.locations.enrollResource
auditmanager.locations.get
auditmanager.locations.list

auditmanager.operations.*

auditmanager.operations.get
auditmanager.operations.list

auditmanager.resourceEnrollmentStatuses.*

auditmanager.resourceEnrollmentStatuses.get
auditmanager.resourceEnrollmentStatuses.list

cloudsecuritycompliance.*

cloudsecuritycompliance.auditReports.generate
cloudsecuritycompliance.auditReports.get
cloudsecuritycompliance.auditReports.list
cloudsecuritycompliance.auditScopeReports.generate
cloudsecuritycompliance.billingSettings.get
cloudsecuritycompliance.cloudControlDeployments.create
cloudsecuritycompliance.cloudControlDeployments.delete
cloudsecuritycompliance.cloudControlDeployments.get
cloudsecuritycompliance.cloudControlDeployments.list
cloudsecuritycompliance.cloudControlDeployments.update
cloudsecuritycompliance.cloudControlPredictions.create
cloudsecuritycompliance.cloudControlPredictions.get
cloudsecuritycompliance.cloudControlPredictions.list
cloudsecuritycompliance.cloudControls.create
cloudsecuritycompliance.cloudControls.delete
cloudsecuritycompliance.cloudControls.get
cloudsecuritycompliance.cloudControls.list
cloudsecuritycompliance.cloudControls.update
cloudsecuritycompliance.cmEnrollments.get
cloudsecuritycompliance.cmEnrollments.update
cloudsecuritycompliance.controlComplianceSummaries.list
cloudsecuritycompliance.controlReports.get
cloudsecuritycompliance.controls.get
cloudsecuritycompliance.controls.list
cloudsecuritycompliance.findingSummaries.list
cloudsecuritycompliance.findings.list
cloudsecuritycompliance.frameworkAudits.create
cloudsecuritycompliance.frameworkAudits.get
cloudsecuritycompliance.frameworkAudits.list
cloudsecuritycompliance.frameworkComplianceReports.aggregate
cloudsecuritycompliance.frameworkComplianceReports.get
cloudsecuritycompliance.frameworkComplianceSummaries.list
cloudsecuritycompliance.frameworkDeployments.create
cloudsecuritycompliance.frameworkDeployments.delete
cloudsecuritycompliance.frameworkDeployments.get
cloudsecuritycompliance.frameworkDeployments.list
cloudsecuritycompliance.frameworkDeployments.update
cloudsecuritycompliance.frameworks.create
cloudsecuritycompliance.frameworks.delete
cloudsecuritycompliance.frameworks.get
cloudsecuritycompliance.frameworks.list
cloudsecuritycompliance.frameworks.update
cloudsecuritycompliance.locations.enrollResource
cloudsecuritycompliance.locations.get
cloudsecuritycompliance.locations.list
cloudsecuritycompliance.operations.cancel
cloudsecuritycompliance.operations.delete
cloudsecuritycompliance.operations.get
cloudsecuritycompliance.operations.list
cloudsecuritycompliance.resourceEnrollmentStatuses.get
cloudsecuritycompliance.resourceEnrollmentStatuses.list

resourcemanager.projects.get

resourcemanager.projects.list

Compliance Manager Viewer

(roles/cloudsecuritycompliance.viewer)

Readonly access to Compliance Manager resources.

auditmanager.auditReports.get

auditmanager.auditReports.list

auditmanager.billingSettings.get

auditmanager.controlReports.*

auditmanager.controlReports.get
auditmanager.controlReports.list

auditmanager.controls.list

auditmanager.findings.list

auditmanager.locations.get

auditmanager.locations.list

auditmanager.operations.*

auditmanager.operations.get
auditmanager.operations.list

auditmanager.resourceEnrollmentStatuses.*

auditmanager.resourceEnrollmentStatuses.get
auditmanager.resourceEnrollmentStatuses.list

cloudsecuritycompliance.auditReports.get

cloudsecuritycompliance.auditReports.list

cloudsecuritycompliance.billingSettings.get

cloudsecuritycompliance.cloudControlDeployments.get

cloudsecuritycompliance.cloudControlDeployments.list

cloudsecuritycompliance.cloudControlPredictions.get

cloudsecuritycompliance.cloudControlPredictions.list

cloudsecuritycompliance.cloudControls.get

cloudsecuritycompliance.cloudControls.list

cloudsecuritycompliance.cmEnrollments.get

cloudsecuritycompliance.controlComplianceSummaries.list

cloudsecuritycompliance.controlReports.get

cloudsecuritycompliance.controls.*

cloudsecuritycompliance.controls.get
cloudsecuritycompliance.controls.list

cloudsecuritycompliance.findingSummaries.list

cloudsecuritycompliance.findings.list

cloudsecuritycompliance.frameworkAudits.get

cloudsecuritycompliance.frameworkAudits.list

cloudsecuritycompliance.frameworkComplianceReports.*

cloudsecuritycompliance.frameworkComplianceReports.aggregate
cloudsecuritycompliance.frameworkComplianceReports.get

cloudsecuritycompliance.frameworkComplianceSummaries.list

cloudsecuritycompliance.frameworkDeployments.get

cloudsecuritycompliance.frameworkDeployments.list

cloudsecuritycompliance.frameworks.get

cloudsecuritycompliance.frameworks.list

cloudsecuritycompliance.locations.get

cloudsecuritycompliance.locations.list

cloudsecuritycompliance.operations.get

cloudsecuritycompliance.operations.list

cloudsecuritycompliance.resourceEnrollmentStatuses.*

cloudsecuritycompliance.resourceEnrollmentStatuses.get
cloudsecuritycompliance.resourceEnrollmentStatuses.list

resourcemanager.projects.get

resourcemanager.projects.list

Service agent roles

Service agent roles should only be granted to service agents.

Role Permissions

Role	Permissions
Cloud Security Compliance Service Agent (`roles/cloudsecuritycompliance.serviceAgent`) Gives CSC Service Account access to consumer resources. Warning: Do not grant service agent roles to any principals except service agents.	`accessapproval.settings.get` `aiplatform.customJobs.get` `aiplatform.customJobs.list` `aiplatform.datasets.get` `aiplatform.datasets.list` `aiplatform.endpoints.get` `aiplatform.endpoints.list` `aiplatform.featurestores.get` `aiplatform.featurestores.list` `aiplatform.hyperparameterTuningJobs.get` `aiplatform.hyperparameterTuningJobs.list` `aiplatform.metadataStores.get` `aiplatform.metadataStores.list` `aiplatform.models.get` `aiplatform.models.list` `aiplatform.notebookRuntimeTemplates.get` `aiplatform.notebookRuntimeTemplates.list` `aiplatform.tensorboards.get` `aiplatform.tensorboards.list` `aiplatform.trainingPipelines.get` `aiplatform.trainingPipelines.list` `artifactregistry.repositories.get` `artifactregistry.repositories.list` `axt.labels.get` `bigquery.datasets.get` `binaryauthorization.policy.get` `certificatemanager.certs.list` `certificatemanager.trustconfigs.list` `cloudasset.assets.analyzeIamPolicy` `cloudasset.assets.analyzeMove` `cloudasset.assets.analyzeOrgPolicy` `cloudasset.assets.exportAccessLevel` `cloudasset.assets.exportAccessPolicy` `cloudasset.assets.exportAiplatformBatchPredictionJobs` `cloudasset.assets.exportAiplatformCustomJobs` `cloudasset.assets.exportAiplatformDataLabelingJobs` `cloudasset.assets.exportAiplatformDatasets` `cloudasset.assets.exportAiplatformEndpoints` `cloudasset.assets.exportAiplatformHyperparameterTuningJobs` `cloudasset.assets.exportAiplatformMetadataStores` `cloudasset.assets.exportAiplatformModelDeploymentMonitoringJobs` `cloudasset.assets.exportAiplatformModels` `cloudasset.assets.exportAiplatformPipelineJobs` `cloudasset.assets.exportAiplatformSpecialistPools` `cloudasset.assets.exportAiplatformTrainingPipelines` `cloudasset.assets.exportAllAccessPolicy` `cloudasset.assets.exportAnthosConnectedCluster` `cloudasset.assets.exportAnthosedgeCluster` `cloudasset.assets.exportApigatewayApi` `cloudasset.assets.exportApigatewayApiConfig` `cloudasset.assets.exportApigatewayGateway` `cloudasset.assets.exportApikeysKeys` `cloudasset.assets.exportAppengineApplications` `cloudasset.assets.exportAppengineServices` `cloudasset.assets.exportAppengineVersions` `cloudasset.assets.exportArtifactregistryDockerImages` `cloudasset.assets.exportArtifactregistryRepositories` `cloudasset.assets.exportAssuredWorkloadsWorkloads` `cloudasset.assets.exportBeyondCorpApiGateways` `cloudasset.assets.exportBeyondCorpAppConnections` `cloudasset.assets.exportBeyondCorpAppConnectors` `cloudasset.assets.exportBeyondCorpAppGateways` `cloudasset.assets.exportBeyondCorpClientConnectorServices` `cloudasset.assets.exportBeyondCorpClientGateways` `cloudasset.assets.exportBigqueryDatasets` `cloudasset.assets.exportBigqueryModels` `cloudasset.assets.exportBigqueryTables` `cloudasset.assets.exportBigtableAppProfile` `cloudasset.assets.exportBigtableBackup` `cloudasset.assets.exportBigtableCluster` `cloudasset.assets.exportBigtableInstance` `cloudasset.assets.exportBigtableTable` `cloudasset.assets.exportCloudAssetFeeds` `cloudasset.assets.exportCloudDeployDeliveryPipelines` `cloudasset.assets.exportCloudDeployReleases` `cloudasset.assets.exportCloudDeployRollouts` `cloudasset.assets.exportCloudDeployTargets` `cloudasset.assets.exportCloudDocumentAIEvaluation` `cloudasset.assets.exportCloudDocumentAIHumanReviewConfig` `cloudasset.assets.exportCloudDocumentAILabelerPool` `cloudasset.assets.exportCloudDocumentAIProcessor` `cloudasset.assets.exportCloudDocumentAIProcessorVersion` `cloudasset.assets.exportCloudbillingBillingAccounts` `cloudasset.assets.exportCloudbillingProjectBillingInfos` `cloudasset.assets.exportCloudfunctionsFunctions` `cloudasset.assets.exportCloudfunctionsGen2Functions` `cloudasset.assets.exportCloudkmsCryptoKeyVersions` `cloudasset.assets.exportCloudkmsCryptoKeys` `cloudasset.assets.exportCloudkmsEkmConnections` `cloudasset.assets.exportCloudkmsImportJobs` `cloudasset.assets.exportCloudkmsKeyRings` `cloudasset.assets.exportCloudmemcacheInstances` `cloudasset.assets.exportCloudresourcemanagerFolders` `cloudasset.assets.exportCloudresourcemanagerOrganizations` `cloudasset.assets.exportCloudresourcemanagerProjects` `cloudasset.assets.exportCloudresourcemanagerTagBindings` `cloudasset.assets.exportCloudresourcemanagerTagKeys` `cloudasset.assets.exportCloudresourcemanagerTagValues` `cloudasset.assets.exportComposerEnvironments` `cloudasset.assets.exportComputeAddress` `cloudasset.assets.exportComputeAutoscalers` `cloudasset.assets.exportComputeBackendBuckets` `cloudasset.assets.exportComputeBackendServices` `cloudasset.assets.exportComputeCommitments` `cloudasset.assets.exportComputeDisks` `cloudasset.assets.exportComputeExternalVpnGateways` `cloudasset.assets.exportComputeFirewallPolicies` `cloudasset.assets.exportComputeFirewalls` `cloudasset.assets.exportComputeForwardingRules` `cloudasset.assets.exportComputeGlobalAddress` `cloudasset.assets.exportComputeGlobalForwardingRules` `cloudasset.assets.exportComputeHealthChecks` `cloudasset.assets.exportComputeHttpHealthChecks` `cloudasset.assets.exportComputeHttpsHealthChecks` `cloudasset.assets.exportComputeImages` `cloudasset.assets.exportComputeInstanceGroupManagers` `cloudasset.assets.exportComputeInstanceGroups` `cloudasset.assets.exportComputeInstanceTemplates` `cloudasset.assets.exportComputeInstances` `cloudasset.assets.exportComputeInterconnect` `cloudasset.assets.exportComputeInterconnectAttachment` `cloudasset.assets.exportComputeLicenses` `cloudasset.assets.exportComputeNetworkEndpointGroups` `cloudasset.assets.exportComputeNetworks` `cloudasset.assets.exportComputeNodeGroups` `cloudasset.assets.exportComputeNodeTemplates` `cloudasset.assets.exportComputePacketMirrorings` `cloudasset.assets.exportComputeProjects` `cloudasset.assets.exportComputeRegionAutoscaler` `cloudasset.assets.exportComputeRegionBackendServices` `cloudasset.assets.exportComputeRegionDisk` `cloudasset.assets.exportComputeRegionInstanceGroup` `cloudasset.assets.exportComputeRegionInstanceGroupManager` `cloudasset.assets.exportComputeReservations` `cloudasset.assets.exportComputeResourcePolicies` `cloudasset.assets.exportComputeRouters` `cloudasset.assets.exportComputeRoutes` `cloudasset.assets.exportComputeSecurityPolicy` `cloudasset.assets.exportComputeServiceAttachments` `cloudasset.assets.exportComputeSnapshots` `cloudasset.assets.exportComputeSslCertificates` `cloudasset.assets.exportComputeSslPolicies` `cloudasset.assets.exportComputeSubnetworks` `cloudasset.assets.exportComputeTargetHttpProxies` `cloudasset.assets.exportComputeTargetHttpsProxies` `cloudasset.assets.exportComputeTargetInstances` `cloudasset.assets.exportComputeTargetPools` `cloudasset.assets.exportComputeTargetSslProxies` `cloudasset.assets.exportComputeTargetTcpProxies` `cloudasset.assets.exportComputeTargetVpnGateways` `cloudasset.assets.exportComputeUrlMaps` `cloudasset.assets.exportComputeVpnGateways` `cloudasset.assets.exportComputeVpnTunnels` `cloudasset.assets.exportConnectorsConnections` `cloudasset.assets.exportConnectorsConnectorVersions` `cloudasset.assets.exportConnectorsConnectors` `cloudasset.assets.exportConnectorsProviders` `cloudasset.assets.exportConnectorsRuntimeConfigs` `cloudasset.assets.exportContainerAppsDeployment` `cloudasset.assets.exportContainerAppsReplicaSets` `cloudasset.assets.exportContainerBatchJobs` `cloudasset.assets.exportContainerClusterrole` `cloudasset.assets.exportContainerClusterrolebinding` `cloudasset.assets.exportContainerClusters` `cloudasset.assets.exportContainerExtensionsIngresses` `cloudasset.assets.exportContainerJobs` `cloudasset.assets.exportContainerNamespace` `cloudasset.assets.exportContainerNetworkingIngresses` `cloudasset.assets.exportContainerNetworkingNetworkPolicies` `cloudasset.assets.exportContainerNode` `cloudasset.assets.exportContainerNodepool` `cloudasset.assets.exportContainerPod` `cloudasset.assets.exportContainerReplicaSets` `cloudasset.assets.exportContainerRole` `cloudasset.assets.exportContainerRolebinding` `cloudasset.assets.exportContainerServices` `cloudasset.assets.exportContainerregistryImage` `cloudasset.assets.exportDataMigrationConnectionProfiles` `cloudasset.assets.exportDataMigrationMigrationJobs` `cloudasset.assets.exportDataflowJobs` `cloudasset.assets.exportDatafusionInstance` `cloudasset.assets.exportDataplexAssets` `cloudasset.assets.exportDataplexLakes` `cloudasset.assets.exportDataplexTasks` `cloudasset.assets.exportDataplexZones` `cloudasset.assets.exportDataprocAutoscalingPolicies` `cloudasset.assets.exportDataprocBatches` `cloudasset.assets.exportDataprocClusters` `cloudasset.assets.exportDataprocJobs` `cloudasset.assets.exportDataprocSessions` `cloudasset.assets.exportDataprocWorkflowTemplates` `cloudasset.assets.exportDatastreamConnectionProfile` `cloudasset.assets.exportDatastreamPrivateConnection` `cloudasset.assets.exportDatastreamStream` `cloudasset.assets.exportDialogflowAgents` `cloudasset.assets.exportDialogflowConversationProfiles` `cloudasset.assets.exportDialogflowKnowledgeBases` `cloudasset.assets.exportDialogflowLocationSettings` `cloudasset.assets.exportDlpDeidentifyTemplates` `cloudasset.assets.exportDlpDlpJobs` `cloudasset.assets.exportDlpInspectTemplates` `cloudasset.assets.exportDlpJobTriggers` `cloudasset.assets.exportDlpStoredInfoTypes` `cloudasset.assets.exportDnsManagedZones` `cloudasset.assets.exportDnsPolicies` `cloudasset.assets.exportDomainsRegistrations` `cloudasset.assets.exportEventarcTriggers` `cloudasset.assets.exportFileBackups` `cloudasset.assets.exportFileInstances` `cloudasset.assets.exportFirebaseAppInfos` `cloudasset.assets.exportFirebaseProjects` `cloudasset.assets.exportFirestoreDatabases` `cloudasset.assets.exportGKEHubFeatures` `cloudasset.assets.exportGKEHubMemberships` `cloudasset.assets.exportGameservicesGameServerClusters` `cloudasset.assets.exportGameservicesGameServerConfigs` `cloudasset.assets.exportGameservicesGameServerDeployments` `cloudasset.assets.exportGameservicesRealms` `cloudasset.assets.exportGkeBackupBackupPlans` `cloudasset.assets.exportGkeBackupBackups` `cloudasset.assets.exportGkeBackupRestorePlans` `cloudasset.assets.exportGkeBackupRestores` `cloudasset.assets.exportGkeBackupVolumeBackups` `cloudasset.assets.exportGkeBackupVolumeRestores` `cloudasset.assets.exportHealthcareConsentStores` `cloudasset.assets.exportHealthcareDatasets` `cloudasset.assets.exportHealthcareDicomStores` `cloudasset.assets.exportHealthcareFhirStores` `cloudasset.assets.exportHealthcareHl7V2Stores` `cloudasset.assets.exportIamPolicy` `cloudasset.assets.exportIamRoles` `cloudasset.assets.exportIamServiceAccountKeys` `cloudasset.assets.exportIamServiceAccounts` `cloudasset.assets.exportIapTunnel` `cloudasset.assets.exportIapTunnelInstances` `cloudasset.assets.exportIapTunnelZones` `cloudasset.assets.exportIapWeb` `cloudasset.assets.exportIapWebServiceVersion` `cloudasset.assets.exportIapWebServices` `cloudasset.assets.exportIapWebType` `cloudasset.assets.exportIdsEndpoints` `cloudasset.assets.exportIntegrationsAuthConfigs` `cloudasset.assets.exportIntegrationsCertificates` `cloudasset.assets.exportIntegrationsExecutions` `cloudasset.assets.exportIntegrationsIntegrationVersions` `cloudasset.assets.exportIntegrationsIntegrations` `cloudasset.assets.exportIntegrationsSfdcChannels` `cloudasset.assets.exportIntegrationsSfdcInstances` `cloudasset.assets.exportIntegrationsSuspensions` `cloudasset.assets.exportLoggingLogMetrics` `cloudasset.assets.exportLoggingLogSinks` `cloudasset.assets.exportManagedidentitiesDomain` `cloudasset.assets.exportMetastoreBackups` `cloudasset.assets.exportMetastoreMetadataImports` `cloudasset.assets.exportMetastoreServices` `cloudasset.assets.exportMonitoringAlertPolicies` `cloudasset.assets.exportNetworkConnectivityHubs` `cloudasset.assets.exportNetworkConnectivitySpokes` `cloudasset.assets.exportNetworkManagementConnectivityTests` `cloudasset.assets.exportNetworkServicesEndpointPolicies` `cloudasset.assets.exportNetworkServicesGateways` `cloudasset.assets.exportNetworkServicesGrpcRoutes` `cloudasset.assets.exportNetworkServicesHttpRoutes` `cloudasset.assets.exportNetworkServicesMeshes` `cloudasset.assets.exportNetworkServicesServiceBindings` `cloudasset.assets.exportNetworkServicesTcpRoutes` `cloudasset.assets.exportNetworkServicesTlsRoutes` `cloudasset.assets.exportOSConfigOSPolicyAssignmentReports` `cloudasset.assets.exportOSConfigOSPolicyAssignments` `cloudasset.assets.exportOSConfigVulnerabilityReports` `cloudasset.assets.exportOSInventories` `cloudasset.assets.exportOrgPolicy` `cloudasset.assets.exportPatchDeployments` `cloudasset.assets.exportPubsubSnapshots` `cloudasset.assets.exportPubsubSubscriptions` `cloudasset.assets.exportPubsubTopics` `cloudasset.assets.exportRedisInstances` `cloudasset.assets.exportResource` `cloudasset.assets.exportSecretManagerSecretVersions` `cloudasset.assets.exportSecretManagerSecrets` `cloudasset.assets.exportServiceDirectoryNamespaces` `cloudasset.assets.exportServicePerimeter` `cloudasset.assets.exportServiceconsumermanagementConsumerProperty` `cloudasset.assets.exportServiceconsumermanagementConsumerQuotaLimits` `cloudasset.assets.exportServiceconsumermanagementConsumers` `cloudasset.assets.exportServiceconsumermanagementProducerOverrides` `cloudasset.assets.exportServiceconsumermanagementTenancyUnits` `cloudasset.assets.exportServiceconsumermanagementVisibility` `cloudasset.assets.exportServicemanagementServices` `cloudasset.assets.exportServiceusageAdminOverrides` `cloudasset.assets.exportServiceusageConsumerOverrides` `cloudasset.assets.exportServiceusageServices` `cloudasset.assets.exportSpannerBackups` `cloudasset.assets.exportSpannerDatabases` `cloudasset.assets.exportSpannerInstances` `cloudasset.assets.exportSpeakerIdPhrases` `cloudasset.assets.exportSpeakerIdSettings` `cloudasset.assets.exportSpeakerIdSpeakers` `cloudasset.assets.exportSpeechCustomClasses` `cloudasset.assets.exportSpeechPhraseSets` `cloudasset.assets.exportSqladminBackupRuns` `cloudasset.assets.exportSqladminInstances` `cloudasset.assets.exportStorageBuckets` `cloudasset.assets.exportTpuNodes` `cloudasset.assets.exportVpcaccessConnector` `cloudasset.assets.listAccessLevel` `cloudasset.assets.listAccessPolicy` `cloudasset.assets.listAiplatformBatchPredictionJobs` `cloudasset.assets.listAiplatformCustomJobs` `cloudasset.assets.listAiplatformDataLabelingJobs` `cloudasset.assets.listAiplatformDatasets` `cloudasset.assets.listAiplatformEndpoints` `cloudasset.assets.listAiplatformHyperparameterTuningJobs` `cloudasset.assets.listAiplatformMetadataStores` `cloudasset.assets.listAiplatformModelDeploymentMonitoringJobs` `cloudasset.assets.listAiplatformModels` `cloudasset.assets.listAiplatformPipelineJobs` `cloudasset.assets.listAiplatformSpecialistPools` `cloudasset.assets.listAiplatformTrainingPipelines` `cloudasset.assets.listAllAccessPolicy` `cloudasset.assets.listAnthosConnectedCluster` `cloudasset.assets.listAnthosedgeCluster` `cloudasset.assets.listApigatewayApi` `cloudasset.assets.listApigatewayApiConfig` `cloudasset.assets.listApigatewayGateway` `cloudasset.assets.listApikeysKeys` `cloudasset.assets.listAppengineApplications` `cloudasset.assets.listAppengineServices` `cloudasset.assets.listAppengineVersions` `cloudasset.assets.listArtifactregistryDockerImages` `cloudasset.assets.listArtifactregistryRepositories` `cloudasset.assets.listAssuredWorkloadsWorkloads` `cloudasset.assets.listBeyondCorpApiGateways` `cloudasset.assets.listBeyondCorpAppConnections` `cloudasset.assets.listBeyondCorpAppConnectors` `cloudasset.assets.listBeyondCorpAppGateways` `cloudasset.assets.listBeyondCorpClientConnectorServices` `cloudasset.assets.listBeyondCorpClientGateways` `cloudasset.assets.listBigqueryDatasets` `cloudasset.assets.listBigqueryModels` `cloudasset.assets.listBigqueryTables` `cloudasset.assets.listBigtableAppProfile` `cloudasset.assets.listBigtableBackup` `cloudasset.assets.listBigtableCluster` `cloudasset.assets.listBigtableInstance` `cloudasset.assets.listBigtableTable` `cloudasset.assets.listCloudAssetFeeds` `cloudasset.assets.listCloudDeployDeliveryPipelines` `cloudasset.assets.listCloudDeployReleases` `cloudasset.assets.listCloudDeployRollouts` `cloudasset.assets.listCloudDeployTargets` `cloudasset.assets.listCloudDocumentAIEvaluation` `cloudasset.assets.listCloudDocumentAIHumanReviewConfig` `cloudasset.assets.listCloudDocumentAILabelerPool` `cloudasset.assets.listCloudDocumentAIProcessor` `cloudasset.assets.listCloudDocumentAIProcessorVersion` `cloudasset.assets.listCloudbillingBillingAccounts` `cloudasset.assets.listCloudbillingProjectBillingInfos` `cloudasset.assets.listCloudfunctionsFunctions` `cloudasset.assets.listCloudfunctionsGen2Functions` `cloudasset.assets.listCloudkmsCryptoKeyVersions` `cloudasset.assets.listCloudkmsCryptoKeys` `cloudasset.assets.listCloudkmsEkmConnections` `cloudasset.assets.listCloudkmsImportJobs` `cloudasset.assets.listCloudkmsKeyRings` `cloudasset.assets.listCloudmemcacheInstances` `cloudasset.assets.listCloudresourcemanagerFolders` `cloudasset.assets.listCloudresourcemanagerOrganizations` `cloudasset.assets.listCloudresourcemanagerProjects` `cloudasset.assets.listCloudresourcemanagerTagBindings` `cloudasset.assets.listCloudresourcemanagerTagKeys` `cloudasset.assets.listCloudresourcemanagerTagValues` `cloudasset.assets.listComposerEnvironments` `cloudasset.assets.listComputeAddress` `cloudasset.assets.listComputeAutoscalers` `cloudasset.assets.listComputeBackendBuckets` `cloudasset.assets.listComputeBackendServices` `cloudasset.assets.listComputeCommitments` `cloudasset.assets.listComputeDisks` `cloudasset.assets.listComputeExternalVpnGateways` `cloudasset.assets.listComputeFirewallPolicies` `cloudasset.assets.listComputeFirewalls` `cloudasset.assets.listComputeForwardingRules` `cloudasset.assets.listComputeGlobalAddress` `cloudasset.assets.listComputeGlobalForwardingRules` `cloudasset.assets.listComputeHealthChecks` `cloudasset.assets.listComputeHttpHealthChecks` `cloudasset.assets.listComputeHttpsHealthChecks` `cloudasset.assets.listComputeImages` `cloudasset.assets.listComputeInstanceGroupManagers` `cloudasset.assets.listComputeInstanceGroups` `cloudasset.assets.listComputeInstanceTemplates` `cloudasset.assets.listComputeInstances` `cloudasset.assets.listComputeInterconnect` `cloudasset.assets.listComputeInterconnectAttachment` `cloudasset.assets.listComputeLicenses` `cloudasset.assets.listComputeNetworkEndpointGroups` `cloudasset.assets.listComputeNetworks` `cloudasset.assets.listComputeNodeGroups` `cloudasset.assets.listComputeNodeTemplates` `cloudasset.assets.listComputePacketMirrorings` `cloudasset.assets.listComputeProjects` `cloudasset.assets.listComputeRegionAutoscaler` `cloudasset.assets.listComputeRegionBackendServices` `cloudasset.assets.listComputeRegionDisk` `cloudasset.assets.listComputeRegionInstanceGroup` `cloudasset.assets.listComputeRegionInstanceGroupManager` `cloudasset.assets.listComputeReservations` `cloudasset.assets.listComputeResourcePolicies` `cloudasset.assets.listComputeRouters` `cloudasset.assets.listComputeRoutes` `cloudasset.assets.listComputeSecurityPolicy` `cloudasset.assets.listComputeServiceAttachments` `cloudasset.assets.listComputeSnapshots` `cloudasset.assets.listComputeSslCertificates` `cloudasset.assets.listComputeSslPolicies` `cloudasset.assets.listComputeSubnetworks` `cloudasset.assets.listComputeTargetHttpProxies` `cloudasset.assets.listComputeTargetHttpsProxies` `cloudasset.assets.listComputeTargetInstances` `cloudasset.assets.listComputeTargetPools` `cloudasset.assets.listComputeTargetSslProxies` `cloudasset.assets.listComputeTargetTcpProxies` `cloudasset.assets.listComputeTargetVpnGateways` `cloudasset.assets.listComputeUrlMaps` `cloudasset.assets.listComputeVpnGateways` `cloudasset.assets.listComputeVpnTunnels` `cloudasset.assets.listConnectorsConnections` `cloudasset.assets.listConnectorsConnectorVersions` `cloudasset.assets.listConnectorsConnectors` `cloudasset.assets.listConnectorsProviders` `cloudasset.assets.listConnectorsRuntimeConfigs` `cloudasset.assets.listContainerAppsDeployment` `cloudasset.assets.listContainerAppsReplicaSets` `cloudasset.assets.listContainerBatchJobs` `cloudasset.assets.listContainerClusterrole` `cloudasset.assets.listContainerClusterrolebinding` `cloudasset.assets.listContainerClusters` `cloudasset.assets.listContainerExtensionsIngresses` `cloudasset.assets.listContainerJobs` `cloudasset.assets.listContainerNamespace` `cloudasset.assets.listContainerNetworkingIngresses` `cloudasset.assets.listContainerNetworkingNetworkPolicies` `cloudasset.assets.listContainerNode` `cloudasset.assets.listContainerNodepool` `cloudasset.assets.listContainerPod` `cloudasset.assets.listContainerReplicaSets` `cloudasset.assets.listContainerRole` `cloudasset.assets.listContainerRolebinding` `cloudasset.assets.listContainerServices` `cloudasset.assets.listContainerregistryImage` `cloudasset.assets.listDataMigrationConnectionProfiles` `cloudasset.assets.listDataMigrationMigrationJobs` `cloudasset.assets.listDataflowJobs` `cloudasset.assets.listDatafusionInstance` `cloudasset.assets.listDataplexAssets` `cloudasset.assets.listDataplexLakes` `cloudasset.assets.listDataplexTasks` `cloudasset.assets.listDataplexZones` `cloudasset.assets.listDataprocAutoscalingPolicies` `cloudasset.assets.listDataprocBatches` `cloudasset.assets.listDataprocClusters` `cloudasset.assets.listDataprocJobs` `cloudasset.assets.listDataprocSessions` `cloudasset.assets.listDataprocWorkflowTemplates` `cloudasset.assets.listDatastreamConnectionProfile` `cloudasset.assets.listDatastreamPrivateConnection` `cloudasset.assets.listDatastreamStream` `cloudasset.assets.listDialogflowAgents` `cloudasset.assets.listDialogflowConversationProfiles` `cloudasset.assets.listDialogflowKnowledgeBases` `cloudasset.assets.listDialogflowLocationSettings` `cloudasset.assets.listDlpDeidentifyTemplates` `cloudasset.assets.listDlpDlpJobs` `cloudasset.assets.listDlpInspectTemplates` `cloudasset.assets.listDlpJobTriggers` `cloudasset.assets.listDlpStoredInfoTypes` `cloudasset.assets.listDnsManagedZones` `cloudasset.assets.listDnsPolicies` `cloudasset.assets.listDomainsRegistrations` `cloudasset.assets.listEventarcTriggers` `cloudasset.assets.listFileBackups` `cloudasset.assets.listFileInstances` `cloudasset.assets.listFirebaseAppInfos` `cloudasset.assets.listFirebaseProjects` `cloudasset.assets.listFirestoreDatabases` `cloudasset.assets.listGKEHubFeatures` `cloudasset.assets.listGKEHubMemberships` `cloudasset.assets.listGameservicesGameServerClusters` `cloudasset.assets.listGameservicesGameServerConfigs` `cloudasset.assets.listGameservicesGameServerDeployments` `cloudasset.assets.listGameservicesRealms` `cloudasset.assets.listGkeBackupBackupPlans` `cloudasset.assets.listGkeBackupBackups` `cloudasset.assets.listGkeBackupRestorePlans` `cloudasset.assets.listGkeBackupRestores` `cloudasset.assets.listGkeBackupVolumeBackups` `cloudasset.assets.listGkeBackupVolumeRestores` `cloudasset.assets.listHealthcareConsentStores` `cloudasset.assets.listHealthcareDatasets` `cloudasset.assets.listHealthcareDicomStores` `cloudasset.assets.listHealthcareFhirStores` `cloudasset.assets.listHealthcareHl7V2Stores` `cloudasset.assets.listIamPolicy` `cloudasset.assets.listIamRoles` `cloudasset.assets.listIamServiceAccountKeys` `cloudasset.assets.listIamServiceAccounts` `cloudasset.assets.listIapTunnel` `cloudasset.assets.listIapTunnelInstances` `cloudasset.assets.listIapTunnelZones` `cloudasset.assets.listIapWeb` `cloudasset.assets.listIapWebServiceVersion` `cloudasset.assets.listIapWebServices` `cloudasset.assets.listIapWebType` `cloudasset.assets.listIdsEndpoints` `cloudasset.assets.listIntegrationsAuthConfigs` `cloudasset.assets.listIntegrationsCertificates` `cloudasset.assets.listIntegrationsExecutions` `cloudasset.assets.listIntegrationsIntegrationVersions` `cloudasset.assets.listIntegrationsIntegrations` `cloudasset.assets.listIntegrationsSfdcChannels` `cloudasset.assets.listIntegrationsSfdcInstances` `cloudasset.assets.listIntegrationsSuspensions` `cloudasset.assets.listLoggingLogMetrics` `cloudasset.assets.listLoggingLogSinks` `cloudasset.assets.listManagedidentitiesDomain` `cloudasset.assets.listMetastoreBackups` `cloudasset.assets.listMetastoreMetadataImports` `cloudasset.assets.listMetastoreServices` `cloudasset.assets.listMonitoringAlertPolicies` `cloudasset.assets.listNetworkConnectivityHubs` `cloudasset.assets.listNetworkConnectivitySpokes` `cloudasset.assets.listNetworkManagementConnectivityTests` `cloudasset.assets.listNetworkServicesEndpointPolicies` `cloudasset.assets.listNetworkServicesGateways` `cloudasset.assets.listNetworkServicesGrpcRoutes` `cloudasset.assets.listNetworkServicesHttpRoutes` `cloudasset.assets.listNetworkServicesMeshes` `cloudasset.assets.listNetworkServicesServiceBindings` `cloudasset.assets.listNetworkServicesTcpRoutes` `cloudasset.assets.listNetworkServicesTlsRoutes` `cloudasset.assets.listOSConfigOSPolicyAssignmentReports` `cloudasset.assets.listOSConfigOSPolicyAssignments` `cloudasset.assets.listOSConfigVulnerabilityReports` `cloudasset.assets.listOSInventories` `cloudasset.assets.listOrgPolicy` `cloudasset.assets.listPatchDeployments` `cloudasset.assets.listPubsubSnapshots` `cloudasset.assets.listPubsubSubscriptions` `cloudasset.assets.listPubsubTopics` `cloudasset.assets.listRedisInstances` `cloudasset.assets.listResource` `cloudasset.assets.listRunDomainMapping` `cloudasset.assets.listRunRevision` `cloudasset.assets.listRunService` `cloudasset.assets.listSecretManagerSecretVersions` `cloudasset.assets.listSecretManagerSecrets` `cloudasset.assets.listServiceDirectoryNamespaces` `cloudasset.assets.listServicePerimeter` `cloudasset.assets.listServiceconsumermanagementConsumerProperty` `cloudasset.assets.listServiceconsumermanagementConsumerQuotaLimits` `cloudasset.assets.listServiceconsumermanagementConsumers` `cloudasset.assets.listServiceconsumermanagementProducerOverrides` `cloudasset.assets.listServiceconsumermanagementTenancyUnits` `cloudasset.assets.listServiceconsumermanagementVisibility` `cloudasset.assets.listServicemanagementServices` `cloudasset.assets.listServiceusageAdminOverrides` `cloudasset.assets.listServiceusageConsumerOverrides` `cloudasset.assets.listServiceusageServices` `cloudasset.assets.listSpannerBackups` `cloudasset.assets.listSpannerDatabases` `cloudasset.assets.listSpannerInstances` `cloudasset.assets.listSpeakerIdPhrases` `cloudasset.assets.listSpeakerIdSettings` `cloudasset.assets.listSpeakerIdSpeakers` `cloudasset.assets.listSpeechCustomClasses` `cloudasset.assets.listSpeechPhraseSets` `cloudasset.assets.listSqladminBackupRuns` `cloudasset.assets.listSqladminInstances` `cloudasset.assets.listStorageBuckets` `cloudasset.assets.listTpuNodes` `cloudasset.assets.listVpcaccessConnector` `cloudasset.assets.queryAccessPolicy` `cloudasset.assets.queryIamPolicy` `cloudasset.assets.queryOSInventories` `cloudasset.assets.queryResource` `cloudasset.assets.searchAllIamPolicies` `cloudasset.assets.searchAllResources` `cloudasset.feeds.create` `cloudasset.feeds.delete` `cloudasset.feeds.get` `cloudasset.othercloudconnections.get` `cloudasset.othercloudconnections.list` `cloudasset.othercloudconnections.verify` `cloudkms.cryptoKeys.get` `cloudkms.cryptoKeys.list` `cloudkms.keyRings.list` `cloudsecuritycompliance.cloudControlDeployments.create` `cloudsecuritycompliance.cloudControlDeployments.delete` `cloudsecuritycompliance.cloudControlDeployments.get` `cloudsecuritycompliance.cloudControls.get` `cloudsecuritycompliance.cloudControls.list` `cloudsecuritycompliance.frameworkDeployments.create` `cloudsecuritycompliance.frameworkDeployments.delete` `cloudsecuritycompliance.frameworkDeployments.get` `cloudsecuritycompliance.frameworkDeployments.list` `cloudsecuritycompliance.frameworks.create` `cloudsecuritycompliance.frameworks.get` `cloudsecuritycompliance.frameworks.list` `cloudsecuritycompliance.operations.get` `cloudsecurityscanner.scans.get` `cloudsecurityscanner.scans.list` `cloudsql.instances.get` `cloudsql.instances.list` `cloudsql.users.list` `compute.autoscalers.list` `compute.backendServices.list` `compute.disks.list` `compute.firewallPolicies.list` `compute.firewalls.list` `compute.forwardingRules.list` `compute.globalForwardingRules.list` `compute.instanceGroupManagers.list` `compute.instanceGroups.list` `compute.instances.get` `compute.instances.list` `compute.networks.list` `compute.regionSslPolicies.list` `compute.regionTargetHttpProxies.list` `compute.regionUrlMaps.list` `compute.routers.list` `compute.securityPolicies.list` `compute.sslCertificates.list` `compute.sslPolicies.list` `compute.subnetworks.list` `compute.targetHttpProxies.list` `compute.targetSslProxies.list` `compute.urlMaps.list` `compute.vpnGateways.list` `compute.zones.list` `container.clusters.get` `container.clusters.list` `dlp.fileStoreProfiles.list` `dlp.inspectTemplates.list` `dlp.jobTriggers.list` `dlp.jobs.list` `dlp.tableDataProfiles.get` `dns.managedZones.list` `iam.serviceAccounts.get` `iam.serviceAccounts.getIamPolicy` `logging.buckets.list` `logging.settings.update` `monitoring.alertPolicies.list` `monitoring.timeSeries.list` `notebooks.instances.get` `notebooks.instances.list` `orgpolicy.constraints.list` `orgpolicy.policy.get` `privateca.certificates.list` `recommender.cloudAssetInsights.get` `recommender.cloudAssetInsights.list` `recommender.locations.` `recommender.locations.get` `recommender.locations.list` `resourcemanager.folders.get` `resourcemanager.folders.getIamPolicy` `resourcemanager.folders.list` `resourcemanager.hierarchyNodes.listEffectiveTags` `resourcemanager.hierarchyNodes.listTagBindings` `resourcemanager.organizations.get` `resourcemanager.organizations.getIamPolicy` `resourcemanager.projects.get` `resourcemanager.projects.getIamPolicy` `resourcemanager.projects.list` `resourcemanager.tagHolds.list` `resourcemanager.tagKeys.get` `resourcemanager.tagKeys.list` `resourcemanager.tagValues.get` `resourcemanager.tagValues.list` `securitycentermanagement.securityCenterServices.get` `securitycentermanagement.securityCenterServices.update` `serviceusage.consumerpolicy.` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.consumerpolicy.update` `serviceusage.contentsecuritypolicy.get` `serviceusage.effectivemcppolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.*` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.mcppolicy.get` `serviceusage.operations.get` `serviceusage.quotas.get` `serviceusage.services.enable` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test` `storage.buckets.get` `storage.buckets.getIamPolicy` `storage.buckets.list`

Cloud Security Compliance Service Agent

(roles/cloudsecuritycompliance.serviceAgent)

Gives CSC Service Account access to consumer resources.

accessapproval.settings.get

aiplatform.customJobs.get

aiplatform.customJobs.list

aiplatform.datasets.get

aiplatform.datasets.list

aiplatform.endpoints.get

aiplatform.endpoints.list

aiplatform.featurestores.get

aiplatform.featurestores.list

aiplatform.hyperparameterTuningJobs.get

aiplatform.hyperparameterTuningJobs.list

aiplatform.metadataStores.get

aiplatform.metadataStores.list

aiplatform.models.get

aiplatform.models.list

aiplatform.notebookRuntimeTemplates.get

aiplatform.notebookRuntimeTemplates.list

aiplatform.tensorboards.get

aiplatform.tensorboards.list

aiplatform.trainingPipelines.get

aiplatform.trainingPipelines.list

artifactregistry.repositories.get

artifactregistry.repositories.list

axt.labels.get

bigquery.datasets.get

binaryauthorization.policy.get

certificatemanager.certs.list

certificatemanager.trustconfigs.list

cloudasset.assets.analyzeIamPolicy

cloudasset.assets.analyzeMove

cloudasset.assets.analyzeOrgPolicy

cloudasset.assets.exportAccessLevel

cloudasset.assets.exportAccessPolicy

cloudasset.assets.exportAiplatformBatchPredictionJobs

cloudasset.assets.exportAiplatformCustomJobs

cloudasset.assets.exportAiplatformDataLabelingJobs

cloudasset.assets.exportAiplatformDatasets

cloudasset.assets.exportAiplatformEndpoints

cloudasset.assets.exportAiplatformHyperparameterTuningJobs

cloudasset.assets.exportAiplatformMetadataStores

cloudasset.assets.exportAiplatformModelDeploymentMonitoringJobs

cloudasset.assets.exportAiplatformModels

cloudasset.assets.exportAiplatformPipelineJobs

cloudasset.assets.exportAiplatformSpecialistPools

cloudasset.assets.exportAiplatformTrainingPipelines

cloudasset.assets.exportAllAccessPolicy

cloudasset.assets.exportAnthosConnectedCluster

cloudasset.assets.exportAnthosedgeCluster

cloudasset.assets.exportApigatewayApi

cloudasset.assets.exportApigatewayApiConfig

cloudasset.assets.exportApigatewayGateway

cloudasset.assets.exportApikeysKeys

cloudasset.assets.exportAppengineApplications

cloudasset.assets.exportAppengineServices

cloudasset.assets.exportAppengineVersions

cloudasset.assets.exportArtifactregistryDockerImages

cloudasset.assets.exportArtifactregistryRepositories

cloudasset.assets.exportAssuredWorkloadsWorkloads

cloudasset.assets.exportBeyondCorpApiGateways

cloudasset.assets.exportBeyondCorpAppConnections

cloudasset.assets.exportBeyondCorpAppConnectors

cloudasset.assets.exportBeyondCorpAppGateways

cloudasset.assets.exportBeyondCorpClientConnectorServices

cloudasset.assets.exportBeyondCorpClientGateways

cloudasset.assets.exportBigqueryDatasets

cloudasset.assets.exportBigqueryModels

cloudasset.assets.exportBigqueryTables

cloudasset.assets.exportBigtableAppProfile

cloudasset.assets.exportBigtableBackup

cloudasset.assets.exportBigtableCluster

cloudasset.assets.exportBigtableInstance

cloudasset.assets.exportBigtableTable

cloudasset.assets.exportCloudAssetFeeds

cloudasset.assets.exportCloudDeployDeliveryPipelines

cloudasset.assets.exportCloudDeployReleases

cloudasset.assets.exportCloudDeployRollouts

cloudasset.assets.exportCloudDeployTargets

cloudasset.assets.exportCloudDocumentAIEvaluation

cloudasset.assets.exportCloudDocumentAIHumanReviewConfig

cloudasset.assets.exportCloudDocumentAILabelerPool

cloudasset.assets.exportCloudDocumentAIProcessor

cloudasset.assets.exportCloudDocumentAIProcessorVersion

cloudasset.assets.exportCloudbillingBillingAccounts

cloudasset.assets.exportCloudbillingProjectBillingInfos

cloudasset.assets.exportCloudfunctionsFunctions

cloudasset.assets.exportCloudfunctionsGen2Functions

cloudasset.assets.exportCloudkmsCryptoKeyVersions

cloudasset.assets.exportCloudkmsCryptoKeys

cloudasset.assets.exportCloudkmsEkmConnections

cloudasset.assets.exportCloudkmsImportJobs

cloudasset.assets.exportCloudkmsKeyRings

cloudasset.assets.exportCloudmemcacheInstances

cloudasset.assets.exportCloudresourcemanagerFolders

cloudasset.assets.exportCloudresourcemanagerOrganizations

cloudasset.assets.exportCloudresourcemanagerProjects

cloudasset.assets.exportCloudresourcemanagerTagBindings

cloudasset.assets.exportCloudresourcemanagerTagKeys

cloudasset.assets.exportCloudresourcemanagerTagValues

cloudasset.assets.exportComposerEnvironments

cloudasset.assets.exportComputeAddress

cloudasset.assets.exportComputeAutoscalers

cloudasset.assets.exportComputeBackendBuckets

cloudasset.assets.exportComputeBackendServices

cloudasset.assets.exportComputeCommitments

cloudasset.assets.exportComputeDisks

cloudasset.assets.exportComputeExternalVpnGateways

cloudasset.assets.exportComputeFirewallPolicies

cloudasset.assets.exportComputeFirewalls

cloudasset.assets.exportComputeForwardingRules

cloudasset.assets.exportComputeGlobalAddress

cloudasset.assets.exportComputeGlobalForwardingRules

cloudasset.assets.exportComputeHealthChecks

cloudasset.assets.exportComputeHttpHealthChecks

cloudasset.assets.exportComputeHttpsHealthChecks

cloudasset.assets.exportComputeImages

cloudasset.assets.exportComputeInstanceGroupManagers

cloudasset.assets.exportComputeInstanceGroups

cloudasset.assets.exportComputeInstanceTemplates

cloudasset.assets.exportComputeInstances

cloudasset.assets.exportComputeInterconnect

cloudasset.assets.exportComputeInterconnectAttachment

cloudasset.assets.exportComputeLicenses

cloudasset.assets.exportComputeNetworkEndpointGroups

cloudasset.assets.exportComputeNetworks

cloudasset.assets.exportComputeNodeGroups

cloudasset.assets.exportComputeNodeTemplates

cloudasset.assets.exportComputePacketMirrorings

cloudasset.assets.exportComputeProjects

cloudasset.assets.exportComputeRegionAutoscaler

cloudasset.assets.exportComputeRegionBackendServices

cloudasset.assets.exportComputeRegionDisk

cloudasset.assets.exportComputeRegionInstanceGroup

cloudasset.assets.exportComputeRegionInstanceGroupManager

cloudasset.assets.exportComputeReservations

cloudasset.assets.exportComputeResourcePolicies

cloudasset.assets.exportComputeRouters

cloudasset.assets.exportComputeRoutes

cloudasset.assets.exportComputeSecurityPolicy

cloudasset.assets.exportComputeServiceAttachments

cloudasset.assets.exportComputeSnapshots

cloudasset.assets.exportComputeSslCertificates

cloudasset.assets.exportComputeSslPolicies

cloudasset.assets.exportComputeSubnetworks

cloudasset.assets.exportComputeTargetHttpProxies

cloudasset.assets.exportComputeTargetHttpsProxies

cloudasset.assets.exportComputeTargetInstances

cloudasset.assets.exportComputeTargetPools

cloudasset.assets.exportComputeTargetSslProxies

cloudasset.assets.exportComputeTargetTcpProxies

cloudasset.assets.exportComputeTargetVpnGateways

cloudasset.assets.exportComputeUrlMaps

cloudasset.assets.exportComputeVpnGateways

cloudasset.assets.exportComputeVpnTunnels

cloudasset.assets.exportConnectorsConnections

cloudasset.assets.exportConnectorsConnectorVersions

cloudasset.assets.exportConnectorsConnectors

cloudasset.assets.exportConnectorsProviders

cloudasset.assets.exportConnectorsRuntimeConfigs

cloudasset.assets.exportContainerAppsDeployment

cloudasset.assets.exportContainerAppsReplicaSets

cloudasset.assets.exportContainerBatchJobs

cloudasset.assets.exportContainerClusterrole

cloudasset.assets.exportContainerClusterrolebinding

cloudasset.assets.exportContainerClusters

cloudasset.assets.exportContainerExtensionsIngresses

cloudasset.assets.exportContainerJobs

cloudasset.assets.exportContainerNamespace

cloudasset.assets.exportContainerNetworkingIngresses

cloudasset.assets.exportContainerNetworkingNetworkPolicies

cloudasset.assets.exportContainerNode

cloudasset.assets.exportContainerNodepool

cloudasset.assets.exportContainerPod

cloudasset.assets.exportContainerReplicaSets

cloudasset.assets.exportContainerRole

cloudasset.assets.exportContainerRolebinding

cloudasset.assets.exportContainerServices

cloudasset.assets.exportContainerregistryImage

cloudasset.assets.exportDataMigrationConnectionProfiles

cloudasset.assets.exportDataMigrationMigrationJobs

cloudasset.assets.exportDataflowJobs

cloudasset.assets.exportDatafusionInstance

cloudasset.assets.exportDataplexAssets

cloudasset.assets.exportDataplexLakes

cloudasset.assets.exportDataplexTasks

cloudasset.assets.exportDataplexZones

cloudasset.assets.exportDataprocAutoscalingPolicies

cloudasset.assets.exportDataprocBatches

cloudasset.assets.exportDataprocClusters

cloudasset.assets.exportDataprocJobs

cloudasset.assets.exportDataprocSessions

cloudasset.assets.exportDataprocWorkflowTemplates

cloudasset.assets.exportDatastreamConnectionProfile

cloudasset.assets.exportDatastreamPrivateConnection

cloudasset.assets.exportDatastreamStream

cloudasset.assets.exportDialogflowAgents

cloudasset.assets.exportDialogflowConversationProfiles

cloudasset.assets.exportDialogflowKnowledgeBases

cloudasset.assets.exportDialogflowLocationSettings

cloudasset.assets.exportDlpDeidentifyTemplates

cloudasset.assets.exportDlpDlpJobs

cloudasset.assets.exportDlpInspectTemplates

cloudasset.assets.exportDlpJobTriggers

cloudasset.assets.exportDlpStoredInfoTypes

cloudasset.assets.exportDnsManagedZones

cloudasset.assets.exportDnsPolicies

cloudasset.assets.exportDomainsRegistrations

cloudasset.assets.exportEventarcTriggers

cloudasset.assets.exportFileBackups

cloudasset.assets.exportFileInstances

cloudasset.assets.exportFirebaseAppInfos

cloudasset.assets.exportFirebaseProjects

cloudasset.assets.exportFirestoreDatabases

cloudasset.assets.exportGKEHubFeatures

cloudasset.assets.exportGKEHubMemberships

cloudasset.assets.exportGameservicesGameServerClusters

cloudasset.assets.exportGameservicesGameServerConfigs

cloudasset.assets.exportGameservicesGameServerDeployments

cloudasset.assets.exportGameservicesRealms

cloudasset.assets.exportGkeBackupBackupPlans

cloudasset.assets.exportGkeBackupBackups

cloudasset.assets.exportGkeBackupRestorePlans

cloudasset.assets.exportGkeBackupRestores

cloudasset.assets.exportGkeBackupVolumeBackups

cloudasset.assets.exportGkeBackupVolumeRestores

cloudasset.assets.exportHealthcareConsentStores

cloudasset.assets.exportHealthcareDatasets

cloudasset.assets.exportHealthcareDicomStores

cloudasset.assets.exportHealthcareFhirStores

cloudasset.assets.exportHealthcareHl7V2Stores

cloudasset.assets.exportIamPolicy

cloudasset.assets.exportIamRoles

cloudasset.assets.exportIamServiceAccountKeys

cloudasset.assets.exportIamServiceAccounts

cloudasset.assets.exportIapTunnel

cloudasset.assets.exportIapTunnelInstances

cloudasset.assets.exportIapTunnelZones

cloudasset.assets.exportIapWeb

cloudasset.assets.exportIapWebServiceVersion

cloudasset.assets.exportIapWebServices

cloudasset.assets.exportIapWebType

cloudasset.assets.exportIdsEndpoints

cloudasset.assets.exportIntegrationsAuthConfigs

cloudasset.assets.exportIntegrationsCertificates

cloudasset.assets.exportIntegrationsExecutions

cloudasset.assets.exportIntegrationsIntegrationVersions

cloudasset.assets.exportIntegrationsIntegrations

cloudasset.assets.exportIntegrationsSfdcChannels

cloudasset.assets.exportIntegrationsSfdcInstances

cloudasset.assets.exportIntegrationsSuspensions

cloudasset.assets.exportLoggingLogMetrics

cloudasset.assets.exportLoggingLogSinks

cloudasset.assets.exportManagedidentitiesDomain

cloudasset.assets.exportMetastoreBackups

cloudasset.assets.exportMetastoreMetadataImports

cloudasset.assets.exportMetastoreServices

cloudasset.assets.exportMonitoringAlertPolicies

cloudasset.assets.exportNetworkConnectivityHubs

cloudasset.assets.exportNetworkConnectivitySpokes

cloudasset.assets.exportNetworkManagementConnectivityTests

cloudasset.assets.exportNetworkServicesEndpointPolicies

cloudasset.assets.exportNetworkServicesGateways

cloudasset.assets.exportNetworkServicesGrpcRoutes

cloudasset.assets.exportNetworkServicesHttpRoutes

cloudasset.assets.exportNetworkServicesMeshes

cloudasset.assets.exportNetworkServicesServiceBindings

cloudasset.assets.exportNetworkServicesTcpRoutes

cloudasset.assets.exportNetworkServicesTlsRoutes

cloudasset.assets.exportOSConfigOSPolicyAssignmentReports

cloudasset.assets.exportOSConfigOSPolicyAssignments

cloudasset.assets.exportOSConfigVulnerabilityReports

cloudasset.assets.exportOSInventories

cloudasset.assets.exportOrgPolicy

cloudasset.assets.exportPatchDeployments

cloudasset.assets.exportPubsubSnapshots

cloudasset.assets.exportPubsubSubscriptions

cloudasset.assets.exportPubsubTopics

cloudasset.assets.exportRedisInstances

cloudasset.assets.exportResource

cloudasset.assets.exportSecretManagerSecretVersions

cloudasset.assets.exportSecretManagerSecrets

cloudasset.assets.exportServiceDirectoryNamespaces

cloudasset.assets.exportServicePerimeter

cloudasset.assets.exportServiceconsumermanagementConsumerProperty

cloudasset.assets.exportServiceconsumermanagementConsumerQuotaLimits

cloudasset.assets.exportServiceconsumermanagementConsumers

cloudasset.assets.exportServiceconsumermanagementProducerOverrides

cloudasset.assets.exportServiceconsumermanagementTenancyUnits

cloudasset.assets.exportServiceconsumermanagementVisibility

cloudasset.assets.exportServicemanagementServices

cloudasset.assets.exportServiceusageAdminOverrides

cloudasset.assets.exportServiceusageConsumerOverrides

cloudasset.assets.exportServiceusageServices

cloudasset.assets.exportSpannerBackups

cloudasset.assets.exportSpannerDatabases

cloudasset.assets.exportSpannerInstances

cloudasset.assets.exportSpeakerIdPhrases

cloudasset.assets.exportSpeakerIdSettings

cloudasset.assets.exportSpeakerIdSpeakers

cloudasset.assets.exportSpeechCustomClasses

cloudasset.assets.exportSpeechPhraseSets

cloudasset.assets.exportSqladminBackupRuns

cloudasset.assets.exportSqladminInstances

cloudasset.assets.exportStorageBuckets

cloudasset.assets.exportTpuNodes

cloudasset.assets.exportVpcaccessConnector

cloudasset.assets.listAccessLevel

cloudasset.assets.listAccessPolicy

cloudasset.assets.listAiplatformBatchPredictionJobs

cloudasset.assets.listAiplatformCustomJobs

cloudasset.assets.listAiplatformDataLabelingJobs

cloudasset.assets.listAiplatformDatasets

cloudasset.assets.listAiplatformEndpoints

cloudasset.assets.listAiplatformHyperparameterTuningJobs

cloudasset.assets.listAiplatformMetadataStores

cloudasset.assets.listAiplatformModelDeploymentMonitoringJobs

cloudasset.assets.listAiplatformModels

cloudasset.assets.listAiplatformPipelineJobs

cloudasset.assets.listAiplatformSpecialistPools

cloudasset.assets.listAiplatformTrainingPipelines

cloudasset.assets.listAllAccessPolicy

cloudasset.assets.listAnthosConnectedCluster

cloudasset.assets.listAnthosedgeCluster

cloudasset.assets.listApigatewayApi

cloudasset.assets.listApigatewayApiConfig

cloudasset.assets.listApigatewayGateway

cloudasset.assets.listApikeysKeys

cloudasset.assets.listAppengineApplications

cloudasset.assets.listAppengineServices

cloudasset.assets.listAppengineVersions

cloudasset.assets.listArtifactregistryDockerImages

cloudasset.assets.listArtifactregistryRepositories

cloudasset.assets.listAssuredWorkloadsWorkloads

cloudasset.assets.listBeyondCorpApiGateways

cloudasset.assets.listBeyondCorpAppConnections

cloudasset.assets.listBeyondCorpAppConnectors

cloudasset.assets.listBeyondCorpAppGateways

cloudasset.assets.listBeyondCorpClientConnectorServices

cloudasset.assets.listBeyondCorpClientGateways

cloudasset.assets.listBigqueryDatasets

cloudasset.assets.listBigqueryModels

cloudasset.assets.listBigqueryTables

cloudasset.assets.listBigtableAppProfile

cloudasset.assets.listBigtableBackup

cloudasset.assets.listBigtableCluster

cloudasset.assets.listBigtableInstance

cloudasset.assets.listBigtableTable

cloudasset.assets.listCloudAssetFeeds

cloudasset.assets.listCloudDeployDeliveryPipelines

cloudasset.assets.listCloudDeployReleases

cloudasset.assets.listCloudDeployRollouts

cloudasset.assets.listCloudDeployTargets

cloudasset.assets.listCloudDocumentAIEvaluation

cloudasset.assets.listCloudDocumentAIHumanReviewConfig

cloudasset.assets.listCloudDocumentAILabelerPool

cloudasset.assets.listCloudDocumentAIProcessor

cloudasset.assets.listCloudDocumentAIProcessorVersion

cloudasset.assets.listCloudbillingBillingAccounts

cloudasset.assets.listCloudbillingProjectBillingInfos

cloudasset.assets.listCloudfunctionsFunctions

cloudasset.assets.listCloudfunctionsGen2Functions

cloudasset.assets.listCloudkmsCryptoKeyVersions

cloudasset.assets.listCloudkmsCryptoKeys

cloudasset.assets.listCloudkmsEkmConnections

cloudasset.assets.listCloudkmsImportJobs

cloudasset.assets.listCloudkmsKeyRings

cloudasset.assets.listCloudmemcacheInstances

cloudasset.assets.listCloudresourcemanagerFolders

cloudasset.assets.listCloudresourcemanagerOrganizations

cloudasset.assets.listCloudresourcemanagerProjects

cloudasset.assets.listCloudresourcemanagerTagBindings

cloudasset.assets.listCloudresourcemanagerTagKeys

cloudasset.assets.listCloudresourcemanagerTagValues

cloudasset.assets.listComposerEnvironments

cloudasset.assets.listComputeAddress

cloudasset.assets.listComputeAutoscalers

cloudasset.assets.listComputeBackendBuckets

cloudasset.assets.listComputeBackendServices

cloudasset.assets.listComputeCommitments

cloudasset.assets.listComputeDisks

cloudasset.assets.listComputeExternalVpnGateways

cloudasset.assets.listComputeFirewallPolicies

cloudasset.assets.listComputeFirewalls

cloudasset.assets.listComputeForwardingRules

cloudasset.assets.listComputeGlobalAddress

cloudasset.assets.listComputeGlobalForwardingRules

cloudasset.assets.listComputeHealthChecks

cloudasset.assets.listComputeHttpHealthChecks

cloudasset.assets.listComputeHttpsHealthChecks

cloudasset.assets.listComputeImages

cloudasset.assets.listComputeInstanceGroupManagers

cloudasset.assets.listComputeInstanceGroups

cloudasset.assets.listComputeInstanceTemplates

cloudasset.assets.listComputeInstances

cloudasset.assets.listComputeInterconnect

cloudasset.assets.listComputeInterconnectAttachment

cloudasset.assets.listComputeLicenses

cloudasset.assets.listComputeNetworkEndpointGroups

cloudasset.assets.listComputeNetworks

cloudasset.assets.listComputeNodeGroups

cloudasset.assets.listComputeNodeTemplates

cloudasset.assets.listComputePacketMirrorings

cloudasset.assets.listComputeProjects

cloudasset.assets.listComputeRegionAutoscaler

cloudasset.assets.listComputeRegionBackendServices

cloudasset.assets.listComputeRegionDisk

cloudasset.assets.listComputeRegionInstanceGroup

cloudasset.assets.listComputeRegionInstanceGroupManager

cloudasset.assets.listComputeReservations

cloudasset.assets.listComputeResourcePolicies

cloudasset.assets.listComputeRouters

cloudasset.assets.listComputeRoutes

cloudasset.assets.listComputeSecurityPolicy

cloudasset.assets.listComputeServiceAttachments

cloudasset.assets.listComputeSnapshots

cloudasset.assets.listComputeSslCertificates

cloudasset.assets.listComputeSslPolicies

cloudasset.assets.listComputeSubnetworks

cloudasset.assets.listComputeTargetHttpProxies

cloudasset.assets.listComputeTargetHttpsProxies

cloudasset.assets.listComputeTargetInstances

cloudasset.assets.listComputeTargetPools

cloudasset.assets.listComputeTargetSslProxies

cloudasset.assets.listComputeTargetTcpProxies

cloudasset.assets.listComputeTargetVpnGateways

cloudasset.assets.listComputeUrlMaps

cloudasset.assets.listComputeVpnGateways

cloudasset.assets.listComputeVpnTunnels

cloudasset.assets.listConnectorsConnections

cloudasset.assets.listConnectorsConnectorVersions

cloudasset.assets.listConnectorsConnectors

cloudasset.assets.listConnectorsProviders

cloudasset.assets.listConnectorsRuntimeConfigs

cloudasset.assets.listContainerAppsDeployment

cloudasset.assets.listContainerAppsReplicaSets

cloudasset.assets.listContainerBatchJobs

cloudasset.assets.listContainerClusterrole

cloudasset.assets.listContainerClusterrolebinding

cloudasset.assets.listContainerClusters

cloudasset.assets.listContainerExtensionsIngresses

cloudasset.assets.listContainerJobs

cloudasset.assets.listContainerNamespace

cloudasset.assets.listContainerNetworkingIngresses

cloudasset.assets.listContainerNetworkingNetworkPolicies

cloudasset.assets.listContainerNode

cloudasset.assets.listContainerNodepool

cloudasset.assets.listContainerPod

cloudasset.assets.listContainerReplicaSets

cloudasset.assets.listContainerRole

cloudasset.assets.listContainerRolebinding

cloudasset.assets.listContainerServices

cloudasset.assets.listContainerregistryImage

cloudasset.assets.listDataMigrationConnectionProfiles

cloudasset.assets.listDataMigrationMigrationJobs

cloudasset.assets.listDataflowJobs

cloudasset.assets.listDatafusionInstance

cloudasset.assets.listDataplexAssets

cloudasset.assets.listDataplexLakes

cloudasset.assets.listDataplexTasks

cloudasset.assets.listDataplexZones

cloudasset.assets.listDataprocAutoscalingPolicies

cloudasset.assets.listDataprocBatches

cloudasset.assets.listDataprocClusters

cloudasset.assets.listDataprocJobs

cloudasset.assets.listDataprocSessions

cloudasset.assets.listDataprocWorkflowTemplates

cloudasset.assets.listDatastreamConnectionProfile

cloudasset.assets.listDatastreamPrivateConnection

cloudasset.assets.listDatastreamStream

cloudasset.assets.listDialogflowAgents

cloudasset.assets.listDialogflowConversationProfiles

cloudasset.assets.listDialogflowKnowledgeBases

cloudasset.assets.listDialogflowLocationSettings

cloudasset.assets.listDlpDeidentifyTemplates

cloudasset.assets.listDlpDlpJobs

cloudasset.assets.listDlpInspectTemplates

cloudasset.assets.listDlpJobTriggers

cloudasset.assets.listDlpStoredInfoTypes

cloudasset.assets.listDnsManagedZones

cloudasset.assets.listDnsPolicies

cloudasset.assets.listDomainsRegistrations

cloudasset.assets.listEventarcTriggers

cloudasset.assets.listFileBackups

cloudasset.assets.listFileInstances

cloudasset.assets.listFirebaseAppInfos

cloudasset.assets.listFirebaseProjects

cloudasset.assets.listFirestoreDatabases

cloudasset.assets.listGKEHubFeatures

cloudasset.assets.listGKEHubMemberships

cloudasset.assets.listGameservicesGameServerClusters

cloudasset.assets.listGameservicesGameServerConfigs

cloudasset.assets.listGameservicesGameServerDeployments

cloudasset.assets.listGameservicesRealms

cloudasset.assets.listGkeBackupBackupPlans

cloudasset.assets.listGkeBackupBackups

cloudasset.assets.listGkeBackupRestorePlans

cloudasset.assets.listGkeBackupRestores

cloudasset.assets.listGkeBackupVolumeBackups

cloudasset.assets.listGkeBackupVolumeRestores

cloudasset.assets.listHealthcareConsentStores

cloudasset.assets.listHealthcareDatasets

cloudasset.assets.listHealthcareDicomStores

cloudasset.assets.listHealthcareFhirStores

cloudasset.assets.listHealthcareHl7V2Stores

cloudasset.assets.listIamPolicy

cloudasset.assets.listIamRoles

cloudasset.assets.listIamServiceAccountKeys

cloudasset.assets.listIamServiceAccounts

cloudasset.assets.listIapTunnel

cloudasset.assets.listIapTunnelInstances

cloudasset.assets.listIapTunnelZones

cloudasset.assets.listIapWeb

cloudasset.assets.listIapWebServiceVersion

cloudasset.assets.listIapWebServices

cloudasset.assets.listIapWebType

cloudasset.assets.listIdsEndpoints

cloudasset.assets.listIntegrationsAuthConfigs

cloudasset.assets.listIntegrationsCertificates

cloudasset.assets.listIntegrationsExecutions

cloudasset.assets.listIntegrationsIntegrationVersions

cloudasset.assets.listIntegrationsIntegrations

cloudasset.assets.listIntegrationsSfdcChannels

cloudasset.assets.listIntegrationsSfdcInstances

cloudasset.assets.listIntegrationsSuspensions

cloudasset.assets.listLoggingLogMetrics

cloudasset.assets.listLoggingLogSinks

cloudasset.assets.listManagedidentitiesDomain

cloudasset.assets.listMetastoreBackups

cloudasset.assets.listMetastoreMetadataImports

cloudasset.assets.listMetastoreServices

cloudasset.assets.listMonitoringAlertPolicies

cloudasset.assets.listNetworkConnectivityHubs

cloudasset.assets.listNetworkConnectivitySpokes

cloudasset.assets.listNetworkManagementConnectivityTests

cloudasset.assets.listNetworkServicesEndpointPolicies

cloudasset.assets.listNetworkServicesGateways

cloudasset.assets.listNetworkServicesGrpcRoutes

cloudasset.assets.listNetworkServicesHttpRoutes

cloudasset.assets.listNetworkServicesMeshes

cloudasset.assets.listNetworkServicesServiceBindings

cloudasset.assets.listNetworkServicesTcpRoutes

cloudasset.assets.listNetworkServicesTlsRoutes

cloudasset.assets.listOSConfigOSPolicyAssignmentReports

cloudasset.assets.listOSConfigOSPolicyAssignments

cloudasset.assets.listOSConfigVulnerabilityReports

cloudasset.assets.listOSInventories

cloudasset.assets.listOrgPolicy

cloudasset.assets.listPatchDeployments

cloudasset.assets.listPubsubSnapshots

cloudasset.assets.listPubsubSubscriptions

cloudasset.assets.listPubsubTopics

cloudasset.assets.listRedisInstances

cloudasset.assets.listResource

cloudasset.assets.listRunDomainMapping

cloudasset.assets.listRunRevision

cloudasset.assets.listRunService

cloudasset.assets.listSecretManagerSecretVersions

cloudasset.assets.listSecretManagerSecrets

cloudasset.assets.listServiceDirectoryNamespaces

cloudasset.assets.listServicePerimeter

cloudasset.assets.listServiceconsumermanagementConsumerProperty

cloudasset.assets.listServiceconsumermanagementConsumerQuotaLimits

cloudasset.assets.listServiceconsumermanagementConsumers

cloudasset.assets.listServiceconsumermanagementProducerOverrides

cloudasset.assets.listServiceconsumermanagementTenancyUnits

cloudasset.assets.listServiceconsumermanagementVisibility

cloudasset.assets.listServicemanagementServices

cloudasset.assets.listServiceusageAdminOverrides

cloudasset.assets.listServiceusageConsumerOverrides

cloudasset.assets.listServiceusageServices

cloudasset.assets.listSpannerBackups

cloudasset.assets.listSpannerDatabases

cloudasset.assets.listSpannerInstances

cloudasset.assets.listSpeakerIdPhrases

cloudasset.assets.listSpeakerIdSettings

cloudasset.assets.listSpeakerIdSpeakers

cloudasset.assets.listSpeechCustomClasses

cloudasset.assets.listSpeechPhraseSets

cloudasset.assets.listSqladminBackupRuns

cloudasset.assets.listSqladminInstances

cloudasset.assets.listStorageBuckets

cloudasset.assets.listTpuNodes

cloudasset.assets.listVpcaccessConnector

cloudasset.assets.queryAccessPolicy

cloudasset.assets.queryIamPolicy

cloudasset.assets.queryOSInventories

cloudasset.assets.queryResource

cloudasset.assets.searchAllIamPolicies

cloudasset.assets.searchAllResources

cloudasset.feeds.create

cloudasset.feeds.delete

cloudasset.feeds.get

cloudasset.othercloudconnections.get

cloudasset.othercloudconnections.list

cloudasset.othercloudconnections.verify

cloudkms.cryptoKeys.get

cloudkms.cryptoKeys.list

cloudkms.keyRings.list

cloudsecuritycompliance.cloudControlDeployments.create

cloudsecuritycompliance.cloudControlDeployments.delete

cloudsecuritycompliance.cloudControlDeployments.get

cloudsecuritycompliance.cloudControls.get

cloudsecuritycompliance.cloudControls.list

cloudsecuritycompliance.frameworkDeployments.create

cloudsecuritycompliance.frameworkDeployments.delete

cloudsecuritycompliance.frameworkDeployments.get

cloudsecuritycompliance.frameworkDeployments.list

cloudsecuritycompliance.frameworks.create

cloudsecuritycompliance.frameworks.get

cloudsecuritycompliance.frameworks.list

cloudsecuritycompliance.operations.get

cloudsecurityscanner.scans.get

cloudsecurityscanner.scans.list

cloudsql.instances.get

cloudsql.instances.list

cloudsql.users.list

compute.autoscalers.list

compute.backendServices.list

compute.disks.list

compute.firewallPolicies.list

compute.firewalls.list

compute.forwardingRules.list

compute.globalForwardingRules.list

compute.instanceGroupManagers.list

compute.instanceGroups.list

compute.instances.get

compute.instances.list

compute.networks.list

compute.regionSslPolicies.list

compute.regionTargetHttpProxies.list

compute.regionUrlMaps.list

compute.routers.list

compute.securityPolicies.list

compute.sslCertificates.list

compute.sslPolicies.list

compute.subnetworks.list

compute.targetHttpProxies.list

compute.targetSslProxies.list

compute.urlMaps.list

compute.vpnGateways.list

compute.zones.list

container.clusters.get

container.clusters.list

dlp.fileStoreProfiles.list

dlp.inspectTemplates.list

dlp.jobTriggers.list

dlp.jobs.list

dlp.tableDataProfiles.get

dns.managedZones.list

iam.serviceAccounts.get

iam.serviceAccounts.getIamPolicy

logging.buckets.list

logging.settings.update

monitoring.alertPolicies.list

monitoring.timeSeries.list

notebooks.instances.get

notebooks.instances.list

orgpolicy.constraints.list

orgpolicy.policy.get

privateca.certificates.list

recommender.cloudAssetInsights.get

recommender.cloudAssetInsights.list

recommender.locations.*

recommender.locations.get
recommender.locations.list

resourcemanager.folders.get

resourcemanager.folders.getIamPolicy

resourcemanager.folders.list

resourcemanager.hierarchyNodes.listEffectiveTags

resourcemanager.hierarchyNodes.listTagBindings

resourcemanager.organizations.get

resourcemanager.organizations.getIamPolicy

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.list

resourcemanager.tagHolds.list

resourcemanager.tagKeys.get

resourcemanager.tagKeys.list

resourcemanager.tagValues.get

resourcemanager.tagValues.list

securitycentermanagement.securityCenterServices.get

securitycentermanagement.securityCenterServices.update

serviceusage.consumerpolicy.*

serviceusage.consumerpolicy.analyze
serviceusage.consumerpolicy.get
serviceusage.consumerpolicy.update

serviceusage.contentsecuritypolicy.get

serviceusage.effectivemcppolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.mcppolicy.get

serviceusage.operations.get

serviceusage.quotas.get

serviceusage.services.enable

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

storage.buckets.get

storage.buckets.getIamPolicy

storage.buckets.list

Peran Security Posture API

Peran IAM berikut tersedia untuk Security Posture API dan fitur validasi infrastructure as code (IaC). Kecuali jika disebutkan, Anda dapat memberikan peran ini di tingkat organisasi, folder, atau project.

Role Permissions

Role	Permissions
Security Posture Admin (`roles/securityposture.admin`) Full access to Security Posture service APIs. Lowest-level resources where you can grant this role: Organization	`orgpolicy.` `orgpolicy.constraints.list` `orgpolicy.customConstraints.create` `orgpolicy.customConstraints.delete` `orgpolicy.customConstraints.get` `orgpolicy.customConstraints.list` `orgpolicy.customConstraints.update` `orgpolicy.policies.create` `orgpolicy.policies.delete` `orgpolicy.policies.list` `orgpolicy.policies.update` `orgpolicy.policy.get` `orgpolicy.policy.set` `resourcemanager.organizations.get` `securitycenter.securityhealthanalyticssettings.` `securitycenter.securityhealthanalyticssettings.calculate` `securitycenter.securityhealthanalyticssettings.get` `securitycenter.securityhealthanalyticssettings.update` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list` `securitycentermanagement.securityHealthAnalyticsCustomModules.create` `securitycentermanagement.securityHealthAnalyticsCustomModules.delete` `securitycentermanagement.securityHealthAnalyticsCustomModules.get` `securitycentermanagement.securityHealthAnalyticsCustomModules.list` `securitycentermanagement.securityHealthAnalyticsCustomModules.update` `securityposture.` `securityposture.locations.get` `securityposture.locations.list` `securityposture.operations.delete` `securityposture.operations.get` `securityposture.operations.list` `securityposture.postureDeployments.create` `securityposture.postureDeployments.delete` `securityposture.postureDeployments.get` `securityposture.postureDeployments.list` `securityposture.postureDeployments.update` `securityposture.postureTemplates.get` `securityposture.postureTemplates.list` `securityposture.postures.create` `securityposture.postures.delete` `securityposture.postures.extract` `securityposture.postures.get` `securityposture.postures.list` `securityposture.postures.update` `securityposture.reports.create` `securityposture.reports.get` `securityposture.reports.list`
Security Posture Viewer (`roles/securityposture.viewer`) Read only access to all the SecurityPosture Service resources.	`resourcemanager.organizations.get` `securityposture.operations.get` `securityposture.postureDeployments.get` `securityposture.postureDeployments.list` `securityposture.postureTemplates.*` `securityposture.postureTemplates.get` `securityposture.postureTemplates.list` `securityposture.postures.get` `securityposture.postures.list`
Security Posture Deployer (`roles/securityposture.postureDeployer`) Mutate and read permissions to the Posture Deployment resource.	`orgpolicy.` `orgpolicy.constraints.list` `orgpolicy.customConstraints.create` `orgpolicy.customConstraints.delete` `orgpolicy.customConstraints.get` `orgpolicy.customConstraints.list` `orgpolicy.customConstraints.update` `orgpolicy.policies.create` `orgpolicy.policies.delete` `orgpolicy.policies.list` `orgpolicy.policies.update` `orgpolicy.policy.get` `orgpolicy.policy.set` `resourcemanager.organizations.get` `securitycenter.securityhealthanalyticssettings.` `securitycenter.securityhealthanalyticssettings.calculate` `securitycenter.securityhealthanalyticssettings.get` `securitycenter.securityhealthanalyticssettings.update` `securitycentermanagement.securityHealthAnalyticsCustomModules.create` `securitycentermanagement.securityHealthAnalyticsCustomModules.delete` `securitycentermanagement.securityHealthAnalyticsCustomModules.update` `securityposture.operations.get` `securityposture.postureDeployments.*` `securityposture.postureDeployments.create` `securityposture.postureDeployments.delete` `securityposture.postureDeployments.get` `securityposture.postureDeployments.list` `securityposture.postureDeployments.update`
Security Posture Deployments Viewer (`roles/securityposture.postureDeploymentsViewer`) Read only access to the Posture Deployment resource.	`resourcemanager.organizations.get` `securityposture.operations.get` `securityposture.postureDeployments.get` `securityposture.postureDeployments.list`
Security Posture Resource Editor (`roles/securityposture.postureEditor`) Mutate and read permissions to the Posture resource.	`securityposture.operations.get` `securityposture.postures.*` `securityposture.postures.create` `securityposture.postures.delete` `securityposture.postures.extract` `securityposture.postures.get` `securityposture.postures.list` `securityposture.postures.update`
Security Posture Resource Viewer (`roles/securityposture.postureViewer`) Read only access to the Posture resource.	`resourcemanager.organizations.get` `securityposture.operations.get` `securityposture.postures.get` `securityposture.postures.list`
Security Posture Shift-Left Validator (`roles/securityposture.reportCreator`) Create access for Reports, e.g. IaC Validation Report.	`securityposture.operations.get` `securityposture.reports.*` `securityposture.reports.create` `securityposture.reports.get` `securityposture.reports.list`

Security Posture Admin

(roles/securityposture.admin)

Full access to Security Posture service APIs.

Lowest-level resources where you can grant this role:

Organization

orgpolicy.*

orgpolicy.constraints.list
orgpolicy.customConstraints.create
orgpolicy.customConstraints.delete
orgpolicy.customConstraints.get
orgpolicy.customConstraints.list
orgpolicy.customConstraints.update
orgpolicy.policies.create
orgpolicy.policies.delete
orgpolicy.policies.list
orgpolicy.policies.update
orgpolicy.policy.get
orgpolicy.policy.set

resourcemanager.organizations.get

securitycenter.securityhealthanalyticssettings.*

securitycenter.securityhealthanalyticssettings.calculate
securitycenter.securityhealthanalyticssettings.get
securitycenter.securityhealthanalyticssettings.update

securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.*

securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get
securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list

securitycentermanagement.securityHealthAnalyticsCustomModules.create

securitycentermanagement.securityHealthAnalyticsCustomModules.delete

securitycentermanagement.securityHealthAnalyticsCustomModules.get

securitycentermanagement.securityHealthAnalyticsCustomModules.list

securitycentermanagement.securityHealthAnalyticsCustomModules.update

securityposture.*

securityposture.locations.get
securityposture.locations.list
securityposture.operations.delete
securityposture.operations.get
securityposture.operations.list
securityposture.postureDeployments.create
securityposture.postureDeployments.delete
securityposture.postureDeployments.get
securityposture.postureDeployments.list
securityposture.postureDeployments.update
securityposture.postureTemplates.get
securityposture.postureTemplates.list
securityposture.postures.create
securityposture.postures.delete
securityposture.postures.extract
securityposture.postures.get
securityposture.postures.list
securityposture.postures.update
securityposture.reports.create
securityposture.reports.get
securityposture.reports.list

Security Posture Viewer

(roles/securityposture.viewer)

Read only access to all the SecurityPosture Service resources.

resourcemanager.organizations.get

securityposture.operations.get

securityposture.postureDeployments.get

securityposture.postureDeployments.list

securityposture.postureTemplates.*

securityposture.postureTemplates.get
securityposture.postureTemplates.list

securityposture.postures.get

securityposture.postures.list

Security Posture Deployer

(roles/securityposture.postureDeployer)

Mutate and read permissions to the Posture Deployment resource.

orgpolicy.*

orgpolicy.constraints.list
orgpolicy.customConstraints.create
orgpolicy.customConstraints.delete
orgpolicy.customConstraints.get
orgpolicy.customConstraints.list
orgpolicy.customConstraints.update
orgpolicy.policies.create
orgpolicy.policies.delete
orgpolicy.policies.list
orgpolicy.policies.update
orgpolicy.policy.get
orgpolicy.policy.set

resourcemanager.organizations.get

securitycenter.securityhealthanalyticssettings.*

securitycenter.securityhealthanalyticssettings.calculate
securitycenter.securityhealthanalyticssettings.get
securitycenter.securityhealthanalyticssettings.update

securitycentermanagement.securityHealthAnalyticsCustomModules.create

securitycentermanagement.securityHealthAnalyticsCustomModules.delete

securitycentermanagement.securityHealthAnalyticsCustomModules.update

securityposture.operations.get

securityposture.postureDeployments.*

securityposture.postureDeployments.create
securityposture.postureDeployments.delete
securityposture.postureDeployments.get
securityposture.postureDeployments.list
securityposture.postureDeployments.update

Security Posture Deployments Viewer

(roles/securityposture.postureDeploymentsViewer)

Read only access to the Posture Deployment resource.

resourcemanager.organizations.get

securityposture.operations.get

securityposture.postureDeployments.get

securityposture.postureDeployments.list

Security Posture Resource Editor

(roles/securityposture.postureEditor)

Mutate and read permissions to the Posture resource.

securityposture.operations.get

securityposture.postures.*

securityposture.postures.create
securityposture.postures.delete
securityposture.postures.extract
securityposture.postures.get
securityposture.postures.list
securityposture.postures.update

Security Posture Resource Viewer

(roles/securityposture.postureViewer)

Read only access to the Posture resource.

resourcemanager.organizations.get

securityposture.operations.get

securityposture.postures.get

securityposture.postures.list

Security Posture Shift-Left Validator

(roles/securityposture.reportCreator)

Create access for Reports, e.g. IaC Validation Report.

securityposture.operations.get

securityposture.reports.*

securityposture.reports.create
securityposture.reports.get
securityposture.reports.list

Peran IAM di Data Security Posture Management

Berikut adalah daftar peran dan izin IAM yang tersedia untuk layanan Data Security Posture Management (DSPM). Anda dapat memberikan peran ini di tingkat organisasi, folder, atau project.

Role Permissions

Role	Permissions
Data Security Posture Management Admin (`roles/dspm.admin`) Full access to Data Security Posture Management resources.	`dspm.*` `dspm.locations.computeAggregation` `dspm.locations.fetchDataGovernanceAnalytics` `dspm.locations.fetchDspmGovernedProjects` `dspm.locations.fetchGovernedResourceMetrics` `dspm.locations.fetchLineageConnections` `dspm.locations.get` `dspm.locations.list` `dspm.operations.cancel` `dspm.operations.delete` `dspm.operations.get` `dspm.operations.list` `resourcemanager.organizations.get`
Data Security Posture Management Viewer (`roles/dspm.viewer`) Readonly access to Data Security Posture Management resources.	`dspm.locations.*` `dspm.locations.computeAggregation` `dspm.locations.fetchDataGovernanceAnalytics` `dspm.locations.fetchDspmGovernedProjects` `dspm.locations.fetchGovernedResourceMetrics` `dspm.locations.fetchLineageConnections` `dspm.locations.get` `dspm.locations.list` `dspm.operations.get` `dspm.operations.list` `resourcemanager.organizations.get`

Data Security Posture Management Admin

(roles/dspm.admin)

Full access to Data Security Posture Management resources.

dspm.*

dspm.locations.computeAggregation
dspm.locations.fetchDataGovernanceAnalytics
dspm.locations.fetchDspmGovernedProjects
dspm.locations.fetchGovernedResourceMetrics
dspm.locations.fetchLineageConnections
dspm.locations.get
dspm.locations.list
dspm.operations.cancel
dspm.operations.delete
dspm.operations.get
dspm.operations.list

resourcemanager.organizations.get

Data Security Posture Management Viewer

(roles/dspm.viewer)

Readonly access to Data Security Posture Management resources.

dspm.locations.*

dspm.locations.computeAggregation
dspm.locations.fetchDataGovernanceAnalytics
dspm.locations.fetchDspmGovernedProjects
dspm.locations.fetchGovernedResourceMetrics
dspm.locations.fetchLineageConnections
dspm.locations.get
dspm.locations.list

dspm.operations.get

dspm.operations.list

resourcemanager.organizations.get

Service agent roles

Service agent roles should only be granted to service agents.

Role Permissions

Role	Permissions
DSPM Service Agent (`roles/dspm.serviceAgent`) Gives DSPM Service Account access to consumer resources. Warning: Do not grant service agent roles to any principals except service agents.	`aiplatform.artifacts.list` `aiplatform.contexts.list` `aiplatform.dataItems.list` `aiplatform.datasets.get` `aiplatform.datasets.list` `aiplatform.endpoints.list` `aiplatform.entityTypes.list` `aiplatform.executions.list` `aiplatform.metadataSchemas.list` `aiplatform.modelEvaluations.list` `aiplatform.models.list` `aiplatform.trainingPipelines.list` `aiplatform.tuningJobs.list` `bigquery.datasets.createTagBinding` `bigquery.datasets.deleteTagBinding` `bigquery.datasets.listEffectiveTags` `bigquery.datasets.listTagBindings` `bigquery.jobs.create` `bigquery.tables.createTagBinding` `bigquery.tables.deleteTagBinding` `bigquery.tables.getData` `bigquery.tables.list` `bigquery.tables.listEffectiveTags` `bigquery.tables.listTagBindings` `cloudasset.assets.exportResource` `cloudasset.assets.listResource` `cloudasset.assets.queryResource` `cloudasset.assets.searchAllResources` `cloudasset.feeds.create` `cloudasset.feeds.delete` `cloudasset.feeds.get` `cloudasset.feeds.update` `cloudsecuritycompliance.cloudControlDeployments.create` `cloudsecuritycompliance.cloudControlDeployments.delete` `cloudsecuritycompliance.cloudControlDeployments.get` `cloudsecuritycompliance.cloudControlDeployments.list` `cloudsecuritycompliance.cloudControls.get` `cloudsecuritycompliance.cloudControls.list` `cloudsecuritycompliance.frameworkDeployments.create` `cloudsecuritycompliance.frameworkDeployments.delete` `cloudsecuritycompliance.frameworkDeployments.get` `cloudsecuritycompliance.frameworkDeployments.list` `cloudsecuritycompliance.frameworks.get` `resourcemanager.folders.getIamPolicy` `resourcemanager.hierarchyNodes.` `resourcemanager.hierarchyNodes.createTagBinding` `resourcemanager.hierarchyNodes.deleteTagBinding` `resourcemanager.hierarchyNodes.listEffectiveTags` `resourcemanager.hierarchyNodes.listTagBindings` `resourcemanager.organizations.getIamPolicy` `resourcemanager.projects.getIamPolicy` `resourcemanager.tagKeys.create` `resourcemanager.tagKeys.delete` `resourcemanager.tagKeys.get` `resourcemanager.tagKeys.getIamPolicy` `resourcemanager.tagKeys.list` `resourcemanager.tagKeys.update` `resourcemanager.tagValueBindings.` `resourcemanager.tagValueBindings.create` `resourcemanager.tagValueBindings.delete` `resourcemanager.tagValues.create` `resourcemanager.tagValues.delete` `resourcemanager.tagValues.get` `resourcemanager.tagValues.getIamPolicy` `resourcemanager.tagValues.list` `resourcemanager.tagValues.update` `securitycenter.securityhealthanalyticssettings.*` `securitycenter.securityhealthanalyticssettings.calculate` `securitycenter.securityhealthanalyticssettings.get` `securitycenter.securityhealthanalyticssettings.update` `securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get` `securitycentermanagement.securityCenterServices.get` `securitycentermanagement.securityCenterServices.update` `securitycentermanagement.securityHealthAnalyticsCustomModules.create` `securitycentermanagement.securityHealthAnalyticsCustomModules.get` `securityposture.operations.get` `securityposture.postureDeployments.create` `securityposture.postureDeployments.delete` `securityposture.postureDeployments.get` `securityposture.postureDeployments.list` `securityposture.postures.create` `securityposture.postures.get` `serviceusage.services.enable` `serviceusage.services.get` `serviceusage.services.list` `storage.buckets.createTagBinding` `storage.buckets.deleteTagBinding` `storage.buckets.listEffectiveTags` `storage.buckets.listTagBindings` `storage.intelligenceConfigs.get`

DSPM Service Agent

(roles/dspm.serviceAgent)

Gives DSPM Service Account access to consumer resources.

aiplatform.artifacts.list

aiplatform.contexts.list

aiplatform.dataItems.list

aiplatform.datasets.get

aiplatform.datasets.list

aiplatform.endpoints.list

aiplatform.entityTypes.list

aiplatform.executions.list

aiplatform.metadataSchemas.list

aiplatform.modelEvaluations.list

aiplatform.models.list

aiplatform.trainingPipelines.list

aiplatform.tuningJobs.list

bigquery.datasets.createTagBinding

bigquery.datasets.deleteTagBinding

bigquery.datasets.listEffectiveTags

bigquery.datasets.listTagBindings

bigquery.jobs.create

bigquery.tables.createTagBinding

bigquery.tables.deleteTagBinding

bigquery.tables.getData

bigquery.tables.list

bigquery.tables.listEffectiveTags

bigquery.tables.listTagBindings

cloudasset.assets.exportResource

cloudasset.assets.listResource

cloudasset.assets.queryResource

cloudasset.assets.searchAllResources

cloudasset.feeds.create

cloudasset.feeds.delete

cloudasset.feeds.get

cloudasset.feeds.update

cloudsecuritycompliance.cloudControlDeployments.create

cloudsecuritycompliance.cloudControlDeployments.delete

cloudsecuritycompliance.cloudControlDeployments.get

cloudsecuritycompliance.cloudControlDeployments.list

cloudsecuritycompliance.cloudControls.get

cloudsecuritycompliance.cloudControls.list

cloudsecuritycompliance.frameworkDeployments.create

cloudsecuritycompliance.frameworkDeployments.delete

cloudsecuritycompliance.frameworkDeployments.get

cloudsecuritycompliance.frameworkDeployments.list

cloudsecuritycompliance.frameworks.get

resourcemanager.folders.getIamPolicy

resourcemanager.hierarchyNodes.*

resourcemanager.hierarchyNodes.createTagBinding
resourcemanager.hierarchyNodes.deleteTagBinding
resourcemanager.hierarchyNodes.listEffectiveTags
resourcemanager.hierarchyNodes.listTagBindings

resourcemanager.organizations.getIamPolicy

resourcemanager.projects.getIamPolicy

resourcemanager.tagKeys.create

resourcemanager.tagKeys.delete

resourcemanager.tagKeys.get

resourcemanager.tagKeys.getIamPolicy

resourcemanager.tagKeys.list

resourcemanager.tagKeys.update

resourcemanager.tagValueBindings.*

resourcemanager.tagValueBindings.create
resourcemanager.tagValueBindings.delete

resourcemanager.tagValues.create

resourcemanager.tagValues.delete

resourcemanager.tagValues.get

resourcemanager.tagValues.getIamPolicy

resourcemanager.tagValues.list

resourcemanager.tagValues.update

securitycenter.securityhealthanalyticssettings.*

securitycenter.securityhealthanalyticssettings.calculate
securitycenter.securityhealthanalyticssettings.get
securitycenter.securityhealthanalyticssettings.update

securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get

securitycentermanagement.securityCenterServices.get

securitycentermanagement.securityCenterServices.update

securitycentermanagement.securityHealthAnalyticsCustomModules.create

securitycentermanagement.securityHealthAnalyticsCustomModules.get

securityposture.operations.get

securityposture.postureDeployments.create

securityposture.postureDeployments.delete

securityposture.postureDeployments.get

securityposture.postureDeployments.list

securityposture.postures.create

securityposture.postures.get

serviceusage.services.enable

serviceusage.services.get

serviceusage.services.list

storage.buckets.createTagBinding

storage.buckets.deleteTagBinding

storage.buckets.listEffectiveTags

storage.buckets.listTagBindings

storage.intelligenceConfigs.get

Peran agen layanan

Agen layanan memungkinkan layanan mengakses resource Anda.

Setelah Anda mengaktifkan Security Command Center, agen layanan berikut akan dibuat untuk Anda:

service-org-ORGANIZATION_ID@security-center-api.iam.gserviceaccount.com.

Agen layanan ini memerlukan peran IAM roles/securitycenter.serviceAgent.
service-org-ORGANIZATION_ID@gcp-sa-ktd-hpsa.iam.gserviceaccount.com.

Agen layanan ini memerlukan peran IAM roles/containerthreatdetection.serviceAgent.
service-org-ORGANIZATION_ID@gcp-sa-csc-hpsa.iam.gserviceaccount.com (khusus paket Premium)

Agen layanan ini memerlukan peran IAM roles/cloudsecuritycompliance.serviceAgent.
service-org-ORGANIZATION_ID@gcp-sa-dspm-hpsa.iam.gserviceaccount.com (khusus paket Premium)

Agen layanan ini digunakan oleh Data Security Posture Management (DSPM) dan memerlukan peran IAM roles/dspm.serviceAgent.

Selama proses aktivasi Security Command Center, Anda akan diminta untuk memberikan satu atau beberapa peran IAM yang diperlukan kepada setiap agen layanan. Memberikan peran kepada setiap agen layanan diperlukan agar Security Command Center dapat berfungsi.

Untuk melihat izin untuk setiap peran, lihat hal berikut:

Untuk memberikan peran, Anda harus memiliki peran roles/resourcemanager.organizationAdmin.

Jika Anda tidak memiliki peran roles/resourcemanager.organizationAdmin, administrator organisasi Anda dapat memberikan peran kepada agen layanan untuk Anda dengan perintah gcloud CLI berikut:

gcloud organizations add-iam-policy-binding ORGANIZATION_ID \
    --member="SERVICE_AGENT_NAME" \
    --role="IAM_ROLE"

Ganti kode berikut:

ORGANIZATION_ID: ID organisasi Anda
SERVICE_AGENT_NAME: nama agen layanan yang Anda berikan perannya. Nama tersebut adalah salah satu nama agen layanan berikut:
- service-org-ORGANIZATION_ID@security-center-api.iam.gserviceaccount.com
- service-org-ORGANIZATION_ID@gcp-sa-ktd-hpsa.iam.gserviceaccount.com
IAM_ROLE: peran yang diperlukan berikut yang sesuai dengan agen layanan yang ditentukan:
- roles/securitycenter.serviceAgent
- roles/containerthreatdetection.serviceAgent

Untuk mengetahui informasi selengkapnya tentang peran IAM, lihat memahami peran.

Peran Web Security Scanner

Peran IAM berikut tersedia untuk Web Security Scanner. Anda dapat memberikan peran ini di tingkat project.

Role Permissions

Role	Permissions
Web Security Scanner Admin (`roles/cloudsecurityscanner.admin`) Full access to all Web Security Scanner resources	`appengine.applications.get` `cloudsecurityscanner.` `cloudsecurityscanner.crawledurls.list` `cloudsecurityscanner.results.get` `cloudsecurityscanner.results.list` `cloudsecurityscanner.scanruns.get` `cloudsecurityscanner.scanruns.getSummary` `cloudsecurityscanner.scanruns.list` `cloudsecurityscanner.scanruns.stop` `cloudsecurityscanner.scans.create` `cloudsecurityscanner.scans.delete` `cloudsecurityscanner.scans.get` `cloudsecurityscanner.scans.list` `cloudsecurityscanner.scans.run` `cloudsecurityscanner.scans.update` `compute.addresses.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Web Security Scanner Editor (`roles/cloudsecurityscanner.editor`) Full access to all Web Security Scanner resources Lowest-level resources where you can grant this role: Project	`appengine.applications.get` `cloudsecurityscanner.` `cloudsecurityscanner.crawledurls.list` `cloudsecurityscanner.results.get` `cloudsecurityscanner.results.list` `cloudsecurityscanner.scanruns.get` `cloudsecurityscanner.scanruns.getSummary` `cloudsecurityscanner.scanruns.list` `cloudsecurityscanner.scanruns.stop` `cloudsecurityscanner.scans.create` `cloudsecurityscanner.scans.delete` `cloudsecurityscanner.scans.get` `cloudsecurityscanner.scans.list` `cloudsecurityscanner.scans.run` `cloudsecurityscanner.scans.update` `compute.addresses.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Web Security Scanner Viewer (`roles/cloudsecurityscanner.viewer`) Read access to all Web Security Scanner resources Lowest-level resources where you can grant this role: Project	`cloudsecurityscanner.crawledurls.list` `cloudsecurityscanner.results.` `cloudsecurityscanner.results.get` `cloudsecurityscanner.results.list` `cloudsecurityscanner.scanruns.get` `cloudsecurityscanner.scanruns.getSummary` `cloudsecurityscanner.scanruns.list` `cloudsecurityscanner.scans.get` `cloudsecurityscanner.scans.list` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.values.test`
Web Security Scanner Runner (`roles/cloudsecurityscanner.runner`) Read access to Scan and ScanRun, plus the ability to start scans Lowest-level resources where you can grant this role: Project	`cloudsecurityscanner.crawledurls.list` `cloudsecurityscanner.scanruns.get` `cloudsecurityscanner.scanruns.list` `cloudsecurityscanner.scanruns.stop` `cloudsecurityscanner.scans.get` `cloudsecurityscanner.scans.list` `cloudsecurityscanner.scans.run`

Web Security Scanner Admin

(roles/cloudsecurityscanner.admin)

Full access to all Web Security Scanner resources

appengine.applications.get

cloudsecurityscanner.*

cloudsecurityscanner.crawledurls.list
cloudsecurityscanner.results.get
cloudsecurityscanner.results.list
cloudsecurityscanner.scanruns.get
cloudsecurityscanner.scanruns.getSummary
cloudsecurityscanner.scanruns.list
cloudsecurityscanner.scanruns.stop
cloudsecurityscanner.scans.create
cloudsecurityscanner.scans.delete
cloudsecurityscanner.scans.get
cloudsecurityscanner.scans.list
cloudsecurityscanner.scans.run
cloudsecurityscanner.scans.update

compute.addresses.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Web Security Scanner Editor

(roles/cloudsecurityscanner.editor)

Full access to all Web Security Scanner resources

Lowest-level resources where you can grant this role:

Project

appengine.applications.get

cloudsecurityscanner.*

cloudsecurityscanner.crawledurls.list
cloudsecurityscanner.results.get
cloudsecurityscanner.results.list
cloudsecurityscanner.scanruns.get
cloudsecurityscanner.scanruns.getSummary
cloudsecurityscanner.scanruns.list
cloudsecurityscanner.scanruns.stop
cloudsecurityscanner.scans.create
cloudsecurityscanner.scans.delete
cloudsecurityscanner.scans.get
cloudsecurityscanner.scans.list
cloudsecurityscanner.scans.run
cloudsecurityscanner.scans.update

compute.addresses.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Web Security Scanner Viewer

(roles/cloudsecurityscanner.viewer)

Read access to all Web Security Scanner resources

Lowest-level resources where you can grant this role:

Project

cloudsecurityscanner.crawledurls.list

cloudsecurityscanner.results.*

cloudsecurityscanner.results.get
cloudsecurityscanner.results.list

cloudsecurityscanner.scanruns.get

cloudsecurityscanner.scanruns.getSummary

cloudsecurityscanner.scanruns.list

cloudsecurityscanner.scans.get

cloudsecurityscanner.scans.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Web Security Scanner Runner

(roles/cloudsecurityscanner.runner)

Read access to Scan and ScanRun, plus the ability to start scans

Lowest-level resources where you can grant this role:

Project

cloudsecurityscanner.crawledurls.list

cloudsecurityscanner.scanruns.get

cloudsecurityscanner.scanruns.list

cloudsecurityscanner.scanruns.stop

cloudsecurityscanner.scans.get

cloudsecurityscanner.scans.list

cloudsecurityscanner.scans.run

Service agent roles

Service agent roles should only be granted to service agents.

Role Permissions

Role	Permissions
Cloud Web Security Scanner Service Agent (`roles/websecurityscanner.serviceAgent`) Gives the Cloud Web Security Scanner service account access to compute engine details and app engine details. Warning: Do not grant service agent roles to any principals except service agents.	`appengine.applications.get` `cloudasset.assets.listResource` `compute.addresses.list` `compute.backendServices.get` `compute.forwardingRules.get` `compute.globalForwardingRules.get` `compute.sslCertificates.list` `compute.targetHttpProxies.get` `compute.targetHttpsProxies.get` `compute.urlMaps.get`

Cloud Web Security Scanner Service Agent

(roles/websecurityscanner.serviceAgent)

Gives the Cloud Web Security Scanner service account access to compute engine details and app engine details.

appengine.applications.get

cloudasset.assets.listResource

compute.addresses.list

compute.backendServices.get

compute.forwardingRules.get

compute.globalForwardingRules.get

compute.sslCertificates.list

compute.targetHttpProxies.get

compute.targetHttpsProxies.get

compute.urlMaps.get

IAM untuk aktivasi tingkat organisasi Tetap teratur dengan koleksi Simpan dan kategorikan konten berdasarkan preferensi Anda.

Izin

Diperlukan untuk aktivasi

Diperlukan untuk administrasi dan penggunaan berkelanjutan

Peran tingkat organisasi

Peran tingkat folder dan project

Batasan peran

Fungsi Security Command Center

Resource induk untuk temuan

Peran Security Command Center

Security Center Admin

Security Center Admin Editor

Security Center Admin Viewer

Security Center Asset Security Marks Writer

Security Center Assets Discovery Runner

Security Center Assets Viewer

Security Center Attack Paths Reader

Security Center BigQuery Exports Editor

Security Center BigQuery Exports Viewer

Security Center Compliance Reports Viewer Beta

Security Center Compliance Snapshots Viewer Beta

Security Center External Systems Editor

Security Center Finding Security Marks Writer

Security Center Findings Bulk Mute Editor

Security Center Findings Editor

Security Center Findings Mute Setter

Security Center Findings State Setter

Security Center Findings Viewer

Security Center Findings Workflow State Setter Beta

Security Center Issues Editor

Security Center Issues Viewer

Security Center Mute Configurations Editor

Security Center Mute Configurations Viewer

Security Center Notification Configurations Editor

Security Center Notification Configurations Viewer

Security Center Resource Value Configurations Editor

Security Center Resource Value Configurations Viewer

Security Center Risk Reports Viewer

Security Health Analytics Custom Modules Tester

Security Center Settings Admin

Security Center Settings Editor

Security Center Settings Viewer

Security Center Simulations Reader

Security Center Sources Admin

Security Center Sources Editor

Security Center Sources Viewer

Security Center Valued Resources Reader

Service agent roles

Attack Surface Management Scanner Service Agent

Security Center Automation Service Agent

Security Center Control Service Agent

Security Center Integration Executor Service Agent

Security Center Notification Service Agent

Security Health Analytics Service Agent

Google Cloud Security Response Service Agent

Security Center Service Agent

Peran Security Command Center Management API

Security Center Management Admin

Securitycentermanagement Editor

Security Center Management Viewer

Security Center Management Custom Modules Editor

Security Center Management Custom Modules Viewer

Security Center Management Custom ETD Modules Editor

Security Center Management ETD Custom Modules Viewer

Security Center Management Services Editor

Security Center Management Services Viewer

Security Center Management Settings Editor

Security Center Management Settings Viewer

Security Center Management SHA Custom Modules Editor

Security Center Management SHA Custom Modules Viewer

Peran IAM di Compliance Manager

Compliance Manager Admin

Compliance Manager Viewer

Service agent roles

Cloud Security Compliance Service Agent

Peran Security Posture API

Security Posture Admin

Security Posture Viewer

Security Posture Deployer

Security Posture Deployments Viewer

IAM untuk aktivasi tingkat organisasi

Security Center Compliance Reports Viewer ^Beta

Security Center Compliance Snapshots Viewer ^Beta

Security Center Findings Workflow State Setter ^Beta