This page lists the IAM roles and permissions for Web Security Scanner. To search through all roles and permissions, see the role and permission index .
Web Security Scanner roles
Web Security Scanner Admin
( roles/
)
Full access to all Web Security Scanner resources
appengine.applications.get
cloudsecurityscanner.*
-
cloudsecurityscanner.crawledurls. list -
cloudsecurityscanner.results. get -
cloudsecurityscanner.results. list -
cloudsecurityscanner.scanruns. get -
cloudsecurityscanner.scanruns. getSummary -
cloudsecurityscanner.scanruns. list -
cloudsecurityscanner.scanruns. stop -
cloudsecurityscanner.scans. create -
cloudsecurityscanner.scans. delete -
cloudsecurityscanner.scans.get -
cloudsecurityscanner.scans. list -
cloudsecurityscanner.scans.run -
cloudsecurityscanner.scans. update
compute.addresses.list
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.
serviceusage.
serviceusage.
serviceusage.groups.*
-
serviceusage.groups.list -
serviceusage.groups. listExpandedMembers -
serviceusage.groups. listMembers
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
serviceusage.values.test
Web Security Scanner Editor
( roles/
)
Full access to all Web Security Scanner resources
Lowest-level resources where you can grant this role:
- Project
appengine.applications.get
cloudsecurityscanner.*
-
cloudsecurityscanner.crawledurls. list -
cloudsecurityscanner.results. get -
cloudsecurityscanner.results. list -
cloudsecurityscanner.scanruns. get -
cloudsecurityscanner.scanruns. getSummary -
cloudsecurityscanner.scanruns. list -
cloudsecurityscanner.scanruns. stop -
cloudsecurityscanner.scans. create -
cloudsecurityscanner.scans. delete -
cloudsecurityscanner.scans.get -
cloudsecurityscanner.scans. list -
cloudsecurityscanner.scans.run -
cloudsecurityscanner.scans. update
compute.addresses.list
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.
serviceusage.
serviceusage.
serviceusage.groups.*
-
serviceusage.groups.list -
serviceusage.groups. listExpandedMembers -
serviceusage.groups. listMembers
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
serviceusage.values.test
Web Security Scanner Viewer
( roles/
)
Read access to all Web Security Scanner resources
Lowest-level resources where you can grant this role:
- Project
cloudsecurityscanner.
cloudsecurityscanner.results.*
-
cloudsecurityscanner.results. get -
cloudsecurityscanner.results. list
cloudsecurityscanner.
cloudsecurityscanner.
cloudsecurityscanner.
cloudsecurityscanner.scans.get
cloudsecurityscanner.
serviceusage.
serviceusage.
serviceusage.
serviceusage.groups.*
-
serviceusage.groups.list -
serviceusage.groups. listExpandedMembers -
serviceusage.groups. listMembers
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
serviceusage.values.test
Web Security Scanner Runner
( roles/
)
Read access to Scan and ScanRun, plus the ability to start scans
Lowest-level resources where you can grant this role:
- Project
cloudsecurityscanner.
cloudsecurityscanner.
cloudsecurityscanner.
cloudsecurityscanner.
cloudsecurityscanner.scans.get
cloudsecurityscanner.
cloudsecurityscanner.scans.run
Service agent roles
Service agent roles should only be granted to service agents .
| Role | Permissions |
|---|---|
Cloud Web Security Scanner Service Agent( Gives the Cloud Web Security Scanner service account access to compute engine details and app engine details. |
|
Web Security Scanner permissions
cloudsecurityscanner.
Owner
( roles/
)
Editor
( roles/
)
Web Security Scanner Admin
( roles/
)
Web Security Scanner Editor
( roles/
)
Web Security Scanner Viewer
( roles/
)
Security Admin
( roles/
)
Security Reviewer
( roles/
)
Security Center Admin
( roles/
)
Web Security Scanner Runner
( roles/
)
Security Auditor
( roles/
)
Security Center Admin Editor
( roles/
)
Security Center Admin Viewer
( roles/
)
cloudsecurityscanner.
Owner
( roles/
)
Editor
( roles/
)
Web Security Scanner Admin
( roles/
)
Web Security Scanner Editor
( roles/
)
Web Security Scanner Viewer
( roles/
)
Security Center Admin
( roles/
)
Security Auditor
( roles/
)
Security Center Admin Editor
( roles/
)
Security Center Admin Viewer
( roles/
)
cloudsecurityscanner.
Owner
( roles/
)
Editor
( roles/
)
Web Security Scanner Admin
( roles/
)
Web Security Scanner Editor
( roles/
)
Web Security Scanner Viewer
( roles/
)
Security Admin
( roles/
)
Security Reviewer
( roles/
)
Security Center Admin
( roles/
)
Security Auditor
( roles/
)
Security Center Admin Editor
( roles/
)
Security Center Admin Viewer
( roles/
)
cloudsecurityscanner.
Owner
( roles/
)
Editor
( roles/
)
Web Security Scanner Admin
( roles/
)
Web Security Scanner Editor
( roles/
)
Web Security Scanner Viewer
( roles/
)
Security Center Admin
( roles/
)
Web Security Scanner Runner
( roles/
)
Security Auditor
( roles/
)
Security Center Admin Editor
( roles/
)
Security Center Admin Viewer
( roles/
)
cloudsecurityscanner.
Owner
( roles/
)
Editor
( roles/
)
Web Security Scanner Admin
( roles/
)
Web Security Scanner Editor
( roles/
)
Web Security Scanner Viewer
( roles/
)
Security Center Admin
( roles/
)
Security Auditor
( roles/
)
Security Center Admin Editor
( roles/
)
Security Center Admin Viewer
( roles/
)
cloudsecurityscanner.
Owner
( roles/
)
Editor
( roles/
)
Web Security Scanner Admin
( roles/
)
Web Security Scanner Editor
( roles/
)
Web Security Scanner Viewer
( roles/
)
Security Admin
( roles/
)
Security Reviewer
( roles/
)
Security Center Admin
( roles/
)
Web Security Scanner Runner
( roles/
)
Security Auditor
( roles/
)
Security Center Admin Editor
( roles/
)
Security Center Admin Viewer
( roles/
)
cloudsecurityscanner.
Owner
( roles/
)
Editor
( roles/
)
Web Security Scanner Admin
( roles/
)
Web Security Scanner Editor
( roles/
)
Security Center Admin
( roles/
)
Web Security Scanner Runner
( roles/
)
Security Center Admin Editor
( roles/
)
cloudsecurityscanner.
Owner
( roles/
)
Editor
( roles/
)
Web Security Scanner Admin
( roles/
)
Web Security Scanner Editor
( roles/
)
Security Center Admin
( roles/
)
Security Center Admin Editor
( roles/
)
cloudsecurityscanner.
Owner
( roles/
)
Editor
( roles/
)
Web Security Scanner Admin
( roles/
)
Web Security Scanner Editor
( roles/
)
Security Center Admin
( roles/
)
Security Center Admin Editor
( roles/
)
cloudsecurityscanner.scans.get
Owner
( roles/
)
Editor
( roles/
)
Web Security Scanner Admin
( roles/
)
Web Security Scanner Editor
( roles/
)
Web Security Scanner Viewer
( roles/
)
Security Center Admin
( roles/
)
Web Security Scanner Runner
( roles/
)
Security Auditor
( roles/
)
Security Center Admin Editor
( roles/
)
Security Center Admin Viewer
( roles/
)
Service agent roles
- Audit Manager Auditing Service Agent
(
roles/)auditmanager.serviceAgent - Cloud Security Compliance Service Agent
(
roles/)cloudsecuritycompliance.serviceAgent
cloudsecurityscanner.
Owner
( roles/
)
Editor
( roles/
)
Web Security Scanner Admin
( roles/
)
Web Security Scanner Editor
( roles/
)
Web Security Scanner Viewer
( roles/
)
Security Admin
( roles/
)
Security Reviewer
( roles/
)
Security Center Admin
( roles/
)
Web Security Scanner Runner
( roles/
)
Security Auditor
( roles/
)
Security Center Admin Editor
( roles/
)
Security Center Admin Viewer
( roles/
)
Service agent roles
- Audit Manager Auditing Service Agent
(
roles/)auditmanager.serviceAgent - Cloud Security Compliance Service Agent
(
roles/)cloudsecuritycompliance.serviceAgent
cloudsecurityscanner.scans.run
Owner
( roles/
)
Editor
( roles/
)
Web Security Scanner Admin
( roles/
)
Web Security Scanner Editor
( roles/
)
Security Center Admin
( roles/
)
Web Security Scanner Runner
( roles/
)
Security Center Admin Editor
( roles/
)
cloudsecurityscanner.
Owner
( roles/
)
Editor
( roles/
)
Web Security Scanner Admin
( roles/
)
Web Security Scanner Editor
( roles/
)
Security Center Admin
( roles/
)
Security Center Admin Editor
( roles/
)
