Work with permission groups

Supported in:

Google Security Operations lets you create different sets of user groups and assign them different levels of permission to different modules.
There are seven predefined sets of permission groups:

  • Readers
  • Admins
  • Basic
  • View-Only
  • Collaborators
  • Managed User
  • Managed-Plus User

The built-in administrator group automatically has edit access to all environments, meaning its members can view data from every environment in the system. When creating a new permission group, carefully consider whether to grant edit access to all environments.

Edit a permission group

To edit an existing permission group:

  1. Go to to Settings > Organizations > Permissions.
  2. Select the permission group you want.
  3. Each module appears with a toggle to allow or deny a user access. If the toggle is off, the module doesn't appear. If the toggle is on, configure permissions for each feature you want the user to have.
  4. When finished, click Save.

Add a new permission group

To add a new Permission Group:

  1. Go to Settings > Organizations > Permissions.
  2. Click Add Permission Group.
  3. Complete the following areas on the screen:
    1. Your cursor is automatically placed next to the title of New Group. Delete the words New Group and enter your own name for the new Group. For example, Tier One.
    2. From the list, select the License Type you want.
    3. Select the Landing Page that you want this User Group to be directed to when they first sign in.
    4. Select the permissions you want for each module.
  4. When finished, click Save; the new permission group is added to the list. Note that at any time, you can make changes and click Save again. To simplify editing, click content_copy Duplicate to create a copy of the permission group.

Restrict Actions

You can apply Restrict Actions to a permission group to prevent access to certain types of actions. For example, as a Managed Security Service Provider (MSSP), you might have separate SOC Manager groups for separate environments.

  1. Click the permission group you want.
  2. In the Restrict Actions section, click Add, and select the actions to restrict for this permission group.
  3. Click Add and then click Save.
For more information on permission groups, see Control access to the platform.

Need more help? Get answers from Community members and Google SecOps professionals.