Google Security Operations Service Management roles and permissions

This page lists the IAM roles and permissions for Google Security Operations Service Management. To search through all roles and permissions, see the role and permission index.

Google Security Operations Service Management roles

Role Permissions

Role	Permissions
Chronicle Service Admin (`roles/chroniclesm.admin`) Admins can view and modify Chronicle service details.	`chroniclesm.*` `chroniclesm.gcpAssociations.create` `chroniclesm.gcpAssociations.delete` `chroniclesm.gcpAssociations.get` `chroniclesm.gcpAssociations.list` `chroniclesm.gcpLogFlowFilters.get` `chroniclesm.gcpLogFlowFilters.update` `chroniclesm.gcpSettings.get` `chroniclesm.gcpSettings.update`
Chronicle Service Viewer (`roles/chroniclesm.viewer`) Viewers can see Chronicle service details but not change them.	`chroniclesm.gcpAssociations.get` `chroniclesm.gcpAssociations.list` `chroniclesm.gcpLogFlowFilters.get` `chroniclesm.gcpSettings.get`

Chronicle Service Admin

(roles/chroniclesm.admin)

Admins can view and modify Chronicle service details.

chroniclesm.*

chroniclesm.gcpAssociations.create
chroniclesm.gcpAssociations.delete
chroniclesm.gcpAssociations.get
chroniclesm.gcpAssociations.list
chroniclesm.gcpLogFlowFilters.get
chroniclesm.gcpLogFlowFilters.update
chroniclesm.gcpSettings.get
chroniclesm.gcpSettings.update

Chronicle Service Viewer

(roles/chroniclesm.viewer)

Viewers can see Chronicle service details but not change them.

chroniclesm.gcpAssociations.get

chroniclesm.gcpAssociations.list

chroniclesm.gcpLogFlowFilters.get

chroniclesm.gcpSettings.get

Google Security Operations Service Management permissions

Permission	Included in roles
`chroniclesm.gcpAssociations.create`	Owner (`roles/owner`) Chronicle Service Admin (`roles/chroniclesm.admin`)
`chroniclesm.gcpAssociations.delete`	Owner (`roles/owner`) Chronicle Service Admin (`roles/chroniclesm.admin`)
`chroniclesm.gcpAssociations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle Service Admin (`roles/chroniclesm.admin`) Chronicle Service Viewer (`roles/chroniclesm.viewer`) Support User (`roles/iam.supportUser`)
`chroniclesm.gcpAssociations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle Service Admin (`roles/chroniclesm.admin`) Chronicle Service Viewer (`roles/chroniclesm.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chroniclesm.gcpLogFlowFilters.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle Service Admin (`roles/chroniclesm.admin`) Chronicle Service Viewer (`roles/chroniclesm.viewer`) Support User (`roles/iam.supportUser`)
`chroniclesm.gcpLogFlowFilters.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle Service Admin (`roles/chroniclesm.admin`)
`chroniclesm.gcpSettings.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle Service Admin (`roles/chroniclesm.admin`) Chronicle Service Viewer (`roles/chroniclesm.viewer`) Support User (`roles/iam.supportUser`)
`chroniclesm.gcpSettings.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle Service Admin (`roles/chroniclesm.admin`)

Google Security Operations Service Management roles and permissions