Console
    Contact Us Start free

    Security Posture API roles and permissions

    This page lists the IAM roles and permissions for Security Posture API. To search through all roles and permissions, see the role and permission index .

    Security Posture API roles

    Role
    Permissions

    ( roles/ securityposture.admin )

    Full access to Security Posture service APIs.

    Lowest-level resources where you can grant this role:

    • Organization

    orgpolicy.*

    • orgpolicy.constraints.list
    • orgpolicy. customConstraints. create
    • orgpolicy. customConstraints. delete
    • orgpolicy. customConstraints. get
    • orgpolicy. customConstraints. list
    • orgpolicy. customConstraints. update
    • orgpolicy.policies.create
    • orgpolicy.policies.delete
    • orgpolicy.policies.list
    • orgpolicy.policies.update
    • orgpolicy.policy.get
    • orgpolicy.policy.set

    resourcemanager. organizations. get

    securitycenter. securityhealthanalyticssettings.*

    • securitycenter. securityhealthanalyticssettings. calculate
    • securitycenter. securityhealthanalyticssettings. get
    • securitycenter. securityhealthanalyticssettings. update

    securitycentermanagement. effectiveSecurityHealthAnalyticsCustomModules.*

    • securitycentermanagement. effectiveSecurityHealthAnalyticsCustomModules. get
    • securitycentermanagement. effectiveSecurityHealthAnalyticsCustomModules. list

    securitycentermanagement. securityHealthAnalyticsCustomModules. create

    securitycentermanagement. securityHealthAnalyticsCustomModules. delete

    securitycentermanagement. securityHealthAnalyticsCustomModules. get

    securitycentermanagement. securityHealthAnalyticsCustomModules. list

    securitycentermanagement. securityHealthAnalyticsCustomModules. update

    securityposture.*

    • securityposture.locations.get
    • securityposture.locations.list
    • securityposture. operations. delete
    • securityposture.operations.get
    • securityposture. operations. list
    • securityposture. postureDeployments. create
    • securityposture. postureDeployments. delete
    • securityposture. postureDeployments. get
    • securityposture. postureDeployments. list
    • securityposture. postureDeployments. update
    • securityposture. postureTemplates. get
    • securityposture. postureTemplates. list
    • securityposture. postures. create
    • securityposture. postures. delete
    • securityposture. postures. extract
    • securityposture.postures.get
    • securityposture.postures.list
    • securityposture. postures. update
    • securityposture.reports.create
    • securityposture.reports.get
    • securityposture.reports.list

    ( roles/ securityposture.postureDeployer )

    Mutate and read permissions to the Posture Deployment resource.

    orgpolicy.*

    • orgpolicy.constraints.list
    • orgpolicy. customConstraints. create
    • orgpolicy. customConstraints. delete
    • orgpolicy. customConstraints. get
    • orgpolicy. customConstraints. list
    • orgpolicy. customConstraints. update
    • orgpolicy.policies.create
    • orgpolicy.policies.delete
    • orgpolicy.policies.list
    • orgpolicy.policies.update
    • orgpolicy.policy.get
    • orgpolicy.policy.set

    resourcemanager. organizations. get

    securitycenter. securityhealthanalyticssettings.*

    • securitycenter. securityhealthanalyticssettings. calculate
    • securitycenter. securityhealthanalyticssettings. get
    • securitycenter. securityhealthanalyticssettings. update

    securitycentermanagement. securityHealthAnalyticsCustomModules. create

    securitycentermanagement. securityHealthAnalyticsCustomModules. delete

    securitycentermanagement. securityHealthAnalyticsCustomModules. update

    securityposture.operations.get

    securityposture. postureDeployments.*

    • securityposture. postureDeployments. create
    • securityposture. postureDeployments. delete
    • securityposture. postureDeployments. get
    • securityposture. postureDeployments. list
    • securityposture. postureDeployments. update

    ( roles/ securityposture.postureDeploymentsViewer )

    Read only access to the Posture Deployment resource.

    resourcemanager. organizations. get

    securityposture.operations.get

    securityposture. postureDeployments. get

    securityposture. postureDeployments. list

    ( roles/ securityposture.postureEditor )

    Mutate and read permissions to the Posture resource.

    securityposture.operations.get

    securityposture.postures.*

    • securityposture. postures. create
    • securityposture. postures. delete
    • securityposture. postures. extract
    • securityposture.postures.get
    • securityposture.postures.list
    • securityposture. postures. update

    ( roles/ securityposture.postureViewer )

    Read only access to the Posture resource.

    resourcemanager. organizations. get

    securityposture.operations.get

    securityposture.postures.get

    securityposture.postures.list

    ( roles/ securityposture.reportCreator )

    Create access for Reports, e.g. IaC Validation Report.

    securityposture.operations.get

    securityposture.reports.*

    • securityposture.reports.create
    • securityposture.reports.get
    • securityposture.reports.list

    ( roles/ securityposture.viewer )

    Read only access to all the SecurityPosture Service resources.

    resourcemanager. organizations. get

    securityposture.operations.get

    securityposture. postureDeployments. get

    securityposture. postureDeployments. list

    securityposture. postureTemplates.*

    • securityposture. postureTemplates. get
    • securityposture. postureTemplates. list

    securityposture.postures.get

    securityposture.postures.list

    Security Posture API permissions

    Permission
    Included in roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Support User ( roles/ iam.supportUser )

    Security Posture Admin ( roles/ securityposture.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Security Posture Admin ( roles/ securityposture.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Security Posture Admin ( roles/ securityposture.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Security Center Admin ( roles/ securitycenter.admin )

    Security Center Admin Editor ( roles/ securitycenter.adminEditor )

    Security Center Admin Viewer ( roles/ securitycenter.adminViewer )

    Security Posture Admin ( roles/ securityposture.admin )

    Security Posture Deployer ( roles/ securityposture.postureDeployer )

    Security Posture Deployments Viewer ( roles/ securityposture.postureDeploymentsViewer )

    Security Posture Resource Editor ( roles/ securityposture.postureEditor )

    Security Posture Resource Viewer ( roles/ securityposture.postureViewer )

    Security Posture Shift-Left Validator ( roles/ securityposture.reportCreator )

    Security Posture Viewer ( roles/ securityposture.viewer )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Security Posture Admin ( roles/ securityposture.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Security Posture Admin ( roles/ securityposture.admin )

    Security Posture Deployer ( roles/ securityposture.postureDeployer )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Security Posture Admin ( roles/ securityposture.admin )

    Security Posture Deployer ( roles/ securityposture.postureDeployer )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Security Center Admin ( roles/ securitycenter.admin )

    Security Center Admin Editor ( roles/ securitycenter.adminEditor )

    Security Center Admin Viewer ( roles/ securitycenter.adminViewer )

    Security Posture Admin ( roles/ securityposture.admin )

    Security Posture Deployer ( roles/ securityposture.postureDeployer )

    Security Posture Deployments Viewer ( roles/ securityposture.postureDeploymentsViewer )

    Security Posture Viewer ( roles/ securityposture.viewer )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Security Center Admin ( roles/ securitycenter.admin )

    Security Center Admin Editor ( roles/ securitycenter.adminEditor )

    Security Center Admin Viewer ( roles/ securitycenter.adminViewer )

    Security Posture Admin ( roles/ securityposture.admin )

    Security Posture Deployer ( roles/ securityposture.postureDeployer )

    Security Posture Deployments Viewer ( roles/ securityposture.postureDeploymentsViewer )

    Security Posture Viewer ( roles/ securityposture.viewer )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Security Posture Admin ( roles/ securityposture.admin )

    Security Posture Deployer ( roles/ securityposture.postureDeployer )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Security Center Admin ( roles/ securitycenter.admin )

    Security Center Admin Editor ( roles/ securitycenter.adminEditor )

    Security Center Admin Viewer ( roles/ securitycenter.adminViewer )

    Security Posture Admin ( roles/ securityposture.admin )

    Security Posture Viewer ( roles/ securityposture.viewer )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Security Center Admin ( roles/ securitycenter.admin )

    Security Center Admin Editor ( roles/ securitycenter.adminEditor )

    Security Center Admin Viewer ( roles/ securitycenter.adminViewer )

    Security Posture Admin ( roles/ securityposture.admin )

    Security Posture Viewer ( roles/ securityposture.viewer )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Security Posture Admin ( roles/ securityposture.admin )

    Security Posture Resource Editor ( roles/ securityposture.postureEditor )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Security Posture Admin ( roles/ securityposture.admin )

    Security Posture Resource Editor ( roles/ securityposture.postureEditor )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Security Posture Admin ( roles/ securityposture.admin )

    Security Posture Resource Editor ( roles/ securityposture.postureEditor )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Security Center Admin ( roles/ securitycenter.admin )

    Security Center Admin Editor ( roles/ securitycenter.adminEditor )

    Security Center Admin Viewer ( roles/ securitycenter.adminViewer )

    Security Posture Admin ( roles/ securityposture.admin )

    Security Posture Resource Editor ( roles/ securityposture.postureEditor )

    Security Posture Resource Viewer ( roles/ securityposture.postureViewer )

    Security Posture Viewer ( roles/ securityposture.viewer )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Security Center Admin ( roles/ securitycenter.admin )

    Security Center Admin Editor ( roles/ securitycenter.adminEditor )

    Security Center Admin Viewer ( roles/ securitycenter.adminViewer )

    Security Posture Admin ( roles/ securityposture.admin )

    Security Posture Resource Editor ( roles/ securityposture.postureEditor )

    Security Posture Resource Viewer ( roles/ securityposture.postureViewer )

    Security Posture Viewer ( roles/ securityposture.viewer )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Security Posture Admin ( roles/ securityposture.admin )

    Security Posture Resource Editor ( roles/ securityposture.postureEditor )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Security Posture Admin ( roles/ securityposture.admin )

    Security Posture Shift-Left Validator ( roles/ securityposture.reportCreator )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Support User ( roles/ iam.supportUser )

    Security Posture Admin ( roles/ securityposture.admin )

    Security Posture Shift-Left Validator ( roles/ securityposture.reportCreator )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Security Posture Admin ( roles/ securityposture.admin )

    Security Posture Shift-Left Validator ( roles/ securityposture.reportCreator )
    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: