Cyber Insurance Hub roles and permissions

This page lists the IAM roles and permissions for Cyber Insurance Hub. Tosearch through all roles and permissions, see therole andpermission index.

Cyber Insurance Hub roles

RolePermissions

Risk Manager AdminBeta

(roles/riskmanager.admin)

Grants all Risk Manager permissions

resourcemanager.projects.get

resourcemanager.projects.list

riskmanager.*

  • riskmanager.controlScoreBreakdowns.get
  • riskmanager.controlScoreBreakdowns.list
  • riskmanager.operations.delete
  • riskmanager.operations.get
  • riskmanager.operations.list
  • riskmanager.policies.get
  • riskmanager.policies.list
  • riskmanager.reports.create
  • riskmanager.reports.delete
  • riskmanager.reports.get
  • riskmanager.reports.list
  • riskmanager.reports.review
  • riskmanager.reports.share
  • riskmanager.serviceAccount.create
  • riskmanager.settings.get
  • riskmanager.settings.update

Risk Manager EditorBeta

(roles/riskmanager.editor)

Access to edit Risk Manager resources

resourcemanager.projects.get

resourcemanager.projects.list

riskmanager.controlScoreBreakdowns.*

  • riskmanager.controlScoreBreakdowns.get
  • riskmanager.controlScoreBreakdowns.list

riskmanager.operations.*

  • riskmanager.operations.delete
  • riskmanager.operations.get
  • riskmanager.operations.list

riskmanager.policies.*

  • riskmanager.policies.get
  • riskmanager.policies.list

riskmanager.reports.create

riskmanager.reports.delete

riskmanager.reports.get

riskmanager.reports.list

riskmanager.serviceAccount.create

riskmanager.settings.*

  • riskmanager.settings.get
  • riskmanager.settings.update

Risk Manager Report ReviewerBeta

(roles/riskmanager.reviewer)

Access to review Risk Manager reports

resourcemanager.projects.get

resourcemanager.projects.list

riskmanager.controlScoreBreakdowns.*

  • riskmanager.controlScoreBreakdowns.get
  • riskmanager.controlScoreBreakdowns.list

riskmanager.operations.get

riskmanager.operations.list

riskmanager.reports.get

riskmanager.reports.list

riskmanager.reports.review

Risk Manager Service Agent

(roles/riskmanager.serviceAgent)

Service agent that grants Risk Manager service access to fetch findings for generating Reports

Warning: Do not grant service agent roles to any principals exceptservice agents.

cloudasset.assets.*

  • cloudasset.assets.analyzeIamPolicy
  • cloudasset.assets.analyzeMove
  • cloudasset.assets.analyzeOrgPolicy
  • cloudasset.assets.exportAccessLevel
  • cloudasset.assets.exportAccessPolicy
  • cloudasset.assets.exportAiplatformBatchPredictionJobs
  • cloudasset.assets.exportAiplatformCustomJobs
  • cloudasset.assets.exportAiplatformDataLabelingJobs
  • cloudasset.assets.exportAiplatformDatasets
  • cloudasset.assets.exportAiplatformEndpoints
  • cloudasset.assets.exportAiplatformHyperparameterTuningJobs
  • cloudasset.assets.exportAiplatformMetadataStores
  • cloudasset.assets.exportAiplatformModelDeploymentMonitoringJobs
  • cloudasset.assets.exportAiplatformModels
  • cloudasset.assets.exportAiplatformPipelineJobs
  • cloudasset.assets.exportAiplatformSpecialistPools
  • cloudasset.assets.exportAiplatformTrainingPipelines
  • cloudasset.assets.exportAllAccessPolicy
  • cloudasset.assets.exportAnthosConnectedCluster
  • cloudasset.assets.exportAnthosedgeCluster
  • cloudasset.assets.exportApigatewayApi
  • cloudasset.assets.exportApigatewayApiConfig
  • cloudasset.assets.exportApigatewayGateway
  • cloudasset.assets.exportApikeysKeys
  • cloudasset.assets.exportAppengineApplications
  • cloudasset.assets.exportAppengineServices
  • cloudasset.assets.exportAppengineVersions
  • cloudasset.assets.exportArtifactregistryDockerImages
  • cloudasset.assets.exportArtifactregistryRepositories
  • cloudasset.assets.exportAssuredWorkloadsWorkloads
  • cloudasset.assets.exportBeyondCorpApiGateways
  • cloudasset.assets.exportBeyondCorpAppConnections
  • cloudasset.assets.exportBeyondCorpAppConnectors
  • cloudasset.assets.exportBeyondCorpAppGateways
  • cloudasset.assets.exportBeyondCorpClientConnectorServices
  • cloudasset.assets.exportBeyondCorpClientGateways
  • cloudasset.assets.exportBigqueryDatasets
  • cloudasset.assets.exportBigqueryModels
  • cloudasset.assets.exportBigqueryTables
  • cloudasset.assets.exportBigtableAppProfile
  • cloudasset.assets.exportBigtableBackup
  • cloudasset.assets.exportBigtableCluster
  • cloudasset.assets.exportBigtableInstance
  • cloudasset.assets.exportBigtableTable
  • cloudasset.assets.exportCloudAssetFeeds
  • cloudasset.assets.exportCloudDeployDeliveryPipelines
  • cloudasset.assets.exportCloudDeployReleases
  • cloudasset.assets.exportCloudDeployRollouts
  • cloudasset.assets.exportCloudDeployTargets
  • cloudasset.assets.exportCloudDocumentAIEvaluation
  • cloudasset.assets.exportCloudDocumentAIHumanReviewConfig
  • cloudasset.assets.exportCloudDocumentAILabelerPool
  • cloudasset.assets.exportCloudDocumentAIProcessor
  • cloudasset.assets.exportCloudDocumentAIProcessorVersion
  • cloudasset.assets.exportCloudbillingBillingAccounts
  • cloudasset.assets.exportCloudbillingProjectBillingInfos
  • cloudasset.assets.exportCloudfunctionsFunctions
  • cloudasset.assets.exportCloudfunctionsGen2Functions
  • cloudasset.assets.exportCloudkmsCryptoKeyVersions
  • cloudasset.assets.exportCloudkmsCryptoKeys
  • cloudasset.assets.exportCloudkmsEkmConnections
  • cloudasset.assets.exportCloudkmsImportJobs
  • cloudasset.assets.exportCloudkmsKeyRings
  • cloudasset.assets.exportCloudmemcacheInstances
  • cloudasset.assets.exportCloudresourcemanagerFolders
  • cloudasset.assets.exportCloudresourcemanagerOrganizations
  • cloudasset.assets.exportCloudresourcemanagerProjects
  • cloudasset.assets.exportCloudresourcemanagerTagBindings
  • cloudasset.assets.exportCloudresourcemanagerTagKeys
  • cloudasset.assets.exportCloudresourcemanagerTagValues
  • cloudasset.assets.exportComposerEnvironments
  • cloudasset.assets.exportComputeAddress
  • cloudasset.assets.exportComputeAutoscalers
  • cloudasset.assets.exportComputeBackendBuckets
  • cloudasset.assets.exportComputeBackendServices
  • cloudasset.assets.exportComputeCommitments
  • cloudasset.assets.exportComputeDisks
  • cloudasset.assets.exportComputeExternalVpnGateways
  • cloudasset.assets.exportComputeFirewallPolicies
  • cloudasset.assets.exportComputeFirewalls
  • cloudasset.assets.exportComputeForwardingRules
  • cloudasset.assets.exportComputeGlobalAddress
  • cloudasset.assets.exportComputeGlobalForwardingRules
  • cloudasset.assets.exportComputeHealthChecks
  • cloudasset.assets.exportComputeHttpHealthChecks
  • cloudasset.assets.exportComputeHttpsHealthChecks
  • cloudasset.assets.exportComputeImages
  • cloudasset.assets.exportComputeInstanceGroupManagers
  • cloudasset.assets.exportComputeInstanceGroups
  • cloudasset.assets.exportComputeInstanceTemplates
  • cloudasset.assets.exportComputeInstances
  • cloudasset.assets.exportComputeInterconnect
  • cloudasset.assets.exportComputeInterconnectAttachment
  • cloudasset.assets.exportComputeLicenses
  • cloudasset.assets.exportComputeNetworkEndpointGroups
  • cloudasset.assets.exportComputeNetworks
  • cloudasset.assets.exportComputeNodeGroups
  • cloudasset.assets.exportComputeNodeTemplates
  • cloudasset.assets.exportComputePacketMirrorings
  • cloudasset.assets.exportComputeProjects
  • cloudasset.assets.exportComputeRegionAutoscaler
  • cloudasset.assets.exportComputeRegionBackendServices
  • cloudasset.assets.exportComputeRegionDisk
  • cloudasset.assets.exportComputeRegionInstanceGroup
  • cloudasset.assets.exportComputeRegionInstanceGroupManager
  • cloudasset.assets.exportComputeReservations
  • cloudasset.assets.exportComputeResourcePolicies
  • cloudasset.assets.exportComputeRouters
  • cloudasset.assets.exportComputeRoutes
  • cloudasset.assets.exportComputeSecurityPolicy
  • cloudasset.assets.exportComputeServiceAttachments
  • cloudasset.assets.exportComputeSnapshots
  • cloudasset.assets.exportComputeSslCertificates
  • cloudasset.assets.exportComputeSslPolicies
  • cloudasset.assets.exportComputeSubnetworks
  • cloudasset.assets.exportComputeTargetHttpProxies
  • cloudasset.assets.exportComputeTargetHttpsProxies
  • cloudasset.assets.exportComputeTargetInstances
  • cloudasset.assets.exportComputeTargetPools
  • cloudasset.assets.exportComputeTargetSslProxies
  • cloudasset.assets.exportComputeTargetTcpProxies
  • cloudasset.assets.exportComputeTargetVpnGateways
  • cloudasset.assets.exportComputeUrlMaps
  • cloudasset.assets.exportComputeVpnGateways
  • cloudasset.assets.exportComputeVpnTunnels
  • cloudasset.assets.exportConnectorsConnections
  • cloudasset.assets.exportConnectorsConnectorVersions
  • cloudasset.assets.exportConnectorsConnectors
  • cloudasset.assets.exportConnectorsProviders
  • cloudasset.assets.exportConnectorsRuntimeConfigs
  • cloudasset.assets.exportContainerAppsDeployment
  • cloudasset.assets.exportContainerAppsReplicaSets
  • cloudasset.assets.exportContainerBatchJobs
  • cloudasset.assets.exportContainerClusterrole
  • cloudasset.assets.exportContainerClusterrolebinding
  • cloudasset.assets.exportContainerClusters
  • cloudasset.assets.exportContainerExtensionsIngresses
  • cloudasset.assets.exportContainerJobs
  • cloudasset.assets.exportContainerNamespace
  • cloudasset.assets.exportContainerNetworkingIngresses
  • cloudasset.assets.exportContainerNetworkingNetworkPolicies
  • cloudasset.assets.exportContainerNode
  • cloudasset.assets.exportContainerNodepool
  • cloudasset.assets.exportContainerPod
  • cloudasset.assets.exportContainerReplicaSets
  • cloudasset.assets.exportContainerRole
  • cloudasset.assets.exportContainerRolebinding
  • cloudasset.assets.exportContainerServices
  • cloudasset.assets.exportContainerregistryImage
  • cloudasset.assets.exportDataMigrationConnectionProfiles
  • cloudasset.assets.exportDataMigrationMigrationJobs
  • cloudasset.assets.exportDataflowJobs
  • cloudasset.assets.exportDatafusionInstance
  • cloudasset.assets.exportDataplexAssets
  • cloudasset.assets.exportDataplexLakes
  • cloudasset.assets.exportDataplexTasks
  • cloudasset.assets.exportDataplexZones
  • cloudasset.assets.exportDataprocAutoscalingPolicies
  • cloudasset.assets.exportDataprocBatches
  • cloudasset.assets.exportDataprocClusters
  • cloudasset.assets.exportDataprocJobs
  • cloudasset.assets.exportDataprocSessions
  • cloudasset.assets.exportDataprocWorkflowTemplates
  • cloudasset.assets.exportDatastreamConnectionProfile
  • cloudasset.assets.exportDatastreamPrivateConnection
  • cloudasset.assets.exportDatastreamStream
  • cloudasset.assets.exportDialogflowAgents
  • cloudasset.assets.exportDialogflowConversationProfiles
  • cloudasset.assets.exportDialogflowKnowledgeBases
  • cloudasset.assets.exportDialogflowLocationSettings
  • cloudasset.assets.exportDlpDeidentifyTemplates
  • cloudasset.assets.exportDlpDlpJobs
  • cloudasset.assets.exportDlpInspectTemplates
  • cloudasset.assets.exportDlpJobTriggers
  • cloudasset.assets.exportDlpStoredInfoTypes
  • cloudasset.assets.exportDnsManagedZones
  • cloudasset.assets.exportDnsPolicies
  • cloudasset.assets.exportDomainsRegistrations
  • cloudasset.assets.exportEventarcTriggers
  • cloudasset.assets.exportFileBackups
  • cloudasset.assets.exportFileInstances
  • cloudasset.assets.exportFirebaseAppInfos
  • cloudasset.assets.exportFirebaseProjects
  • cloudasset.assets.exportFirestoreDatabases
  • cloudasset.assets.exportGKEHubFeatures
  • cloudasset.assets.exportGKEHubMemberships
  • cloudasset.assets.exportGameservicesGameServerClusters
  • cloudasset.assets.exportGameservicesGameServerConfigs
  • cloudasset.assets.exportGameservicesGameServerDeployments
  • cloudasset.assets.exportGameservicesRealms
  • cloudasset.assets.exportGkeBackupBackupPlans
  • cloudasset.assets.exportGkeBackupBackups
  • cloudasset.assets.exportGkeBackupRestorePlans
  • cloudasset.assets.exportGkeBackupRestores
  • cloudasset.assets.exportGkeBackupVolumeBackups
  • cloudasset.assets.exportGkeBackupVolumeRestores
  • cloudasset.assets.exportHealthcareConsentStores
  • cloudasset.assets.exportHealthcareDatasets
  • cloudasset.assets.exportHealthcareDicomStores
  • cloudasset.assets.exportHealthcareFhirStores
  • cloudasset.assets.exportHealthcareHl7V2Stores
  • cloudasset.assets.exportIamPolicy
  • cloudasset.assets.exportIamRoles
  • cloudasset.assets.exportIamServiceAccountKeys
  • cloudasset.assets.exportIamServiceAccounts
  • cloudasset.assets.exportIapTunnel
  • cloudasset.assets.exportIapTunnelInstances
  • cloudasset.assets.exportIapTunnelZones
  • cloudasset.assets.exportIapWeb
  • cloudasset.assets.exportIapWebServiceVersion
  • cloudasset.assets.exportIapWebServices
  • cloudasset.assets.exportIapWebType
  • cloudasset.assets.exportIdsEndpoints
  • cloudasset.assets.exportIntegrationsAuthConfigs
  • cloudasset.assets.exportIntegrationsCertificates
  • cloudasset.assets.exportIntegrationsExecutions
  • cloudasset.assets.exportIntegrationsIntegrationVersions
  • cloudasset.assets.exportIntegrationsIntegrations
  • cloudasset.assets.exportIntegrationsSfdcChannels
  • cloudasset.assets.exportIntegrationsSfdcInstances
  • cloudasset.assets.exportIntegrationsSuspensions
  • cloudasset.assets.exportLoggingLogMetrics
  • cloudasset.assets.exportLoggingLogSinks
  • cloudasset.assets.exportManagedidentitiesDomain
  • cloudasset.assets.exportMetastoreBackups
  • cloudasset.assets.exportMetastoreMetadataImports
  • cloudasset.assets.exportMetastoreServices
  • cloudasset.assets.exportMonitoringAlertPolicies
  • cloudasset.assets.exportNetworkConnectivityHubs
  • cloudasset.assets.exportNetworkConnectivitySpokes
  • cloudasset.assets.exportNetworkManagementConnectivityTests
  • cloudasset.assets.exportNetworkServicesEndpointPolicies
  • cloudasset.assets.exportNetworkServicesGateways
  • cloudasset.assets.exportNetworkServicesGrpcRoutes
  • cloudasset.assets.exportNetworkServicesHttpRoutes
  • cloudasset.assets.exportNetworkServicesMeshes
  • cloudasset.assets.exportNetworkServicesServiceBindings
  • cloudasset.assets.exportNetworkServicesTcpRoutes
  • cloudasset.assets.exportNetworkServicesTlsRoutes
  • cloudasset.assets.exportOSConfigOSPolicyAssignmentReports
  • cloudasset.assets.exportOSConfigOSPolicyAssignments
  • cloudasset.assets.exportOSConfigVulnerabilityReports
  • cloudasset.assets.exportOSInventories
  • cloudasset.assets.exportOrgPolicy
  • cloudasset.assets.exportPatchDeployments
  • cloudasset.assets.exportPubsubSnapshots
  • cloudasset.assets.exportPubsubSubscriptions
  • cloudasset.assets.exportPubsubTopics
  • cloudasset.assets.exportRedisInstances
  • cloudasset.assets.exportResource
  • cloudasset.assets.exportSecretManagerSecretVersions
  • cloudasset.assets.exportSecretManagerSecrets
  • cloudasset.assets.exportServiceDirectoryNamespaces
  • cloudasset.assets.exportServicePerimeter
  • cloudasset.assets.exportServiceconsumermanagementConsumerProperty
  • cloudasset.assets.exportServiceconsumermanagementConsumerQuotaLimits
  • cloudasset.assets.exportServiceconsumermanagementConsumers
  • cloudasset.assets.exportServiceconsumermanagementProducerOverrides
  • cloudasset.assets.exportServiceconsumermanagementTenancyUnits
  • cloudasset.assets.exportServiceconsumermanagementVisibility
  • cloudasset.assets.exportServicemanagementServices
  • cloudasset.assets.exportServiceusageAdminOverrides
  • cloudasset.assets.exportServiceusageConsumerOverrides
  • cloudasset.assets.exportServiceusageServices
  • cloudasset.assets.exportSpannerBackups
  • cloudasset.assets.exportSpannerDatabases
  • cloudasset.assets.exportSpannerInstances
  • cloudasset.assets.exportSpeakerIdPhrases
  • cloudasset.assets.exportSpeakerIdSettings
  • cloudasset.assets.exportSpeakerIdSpeakers
  • cloudasset.assets.exportSpeechCustomClasses
  • cloudasset.assets.exportSpeechPhraseSets
  • cloudasset.assets.exportSqladminBackupRuns
  • cloudasset.assets.exportSqladminInstances
  • cloudasset.assets.exportStorageBuckets
  • cloudasset.assets.exportTpuNodes
  • cloudasset.assets.exportVpcaccessConnector
  • cloudasset.assets.listAccessLevel
  • cloudasset.assets.listAccessPolicy
  • cloudasset.assets.listAiplatformBatchPredictionJobs
  • cloudasset.assets.listAiplatformCustomJobs
  • cloudasset.assets.listAiplatformDataLabelingJobs
  • cloudasset.assets.listAiplatformDatasets
  • cloudasset.assets.listAiplatformEndpoints
  • cloudasset.assets.listAiplatformHyperparameterTuningJobs
  • cloudasset.assets.listAiplatformMetadataStores
  • cloudasset.assets.listAiplatformModelDeploymentMonitoringJobs
  • cloudasset.assets.listAiplatformModels
  • cloudasset.assets.listAiplatformPipelineJobs
  • cloudasset.assets.listAiplatformSpecialistPools
  • cloudasset.assets.listAiplatformTrainingPipelines
  • cloudasset.assets.listAllAccessPolicy
  • cloudasset.assets.listAnthosConnectedCluster
  • cloudasset.assets.listAnthosedgeCluster
  • cloudasset.assets.listApigatewayApi
  • cloudasset.assets.listApigatewayApiConfig
  • cloudasset.assets.listApigatewayGateway
  • cloudasset.assets.listApikeysKeys
  • cloudasset.assets.listAppengineApplications
  • cloudasset.assets.listAppengineServices
  • cloudasset.assets.listAppengineVersions
  • cloudasset.assets.listArtifactregistryDockerImages
  • cloudasset.assets.listArtifactregistryRepositories
  • cloudasset.assets.listAssuredWorkloadsWorkloads
  • cloudasset.assets.listBeyondCorpApiGateways
  • cloudasset.assets.listBeyondCorpAppConnections
  • cloudasset.assets.listBeyondCorpAppConnectors
  • cloudasset.assets.listBeyondCorpAppGateways
  • cloudasset.assets.listBeyondCorpClientConnectorServices
  • cloudasset.assets.listBeyondCorpClientGateways
  • cloudasset.assets.listBigqueryDatasets
  • cloudasset.assets.listBigqueryModels
  • cloudasset.assets.listBigqueryTables
  • cloudasset.assets.listBigtableAppProfile
  • cloudasset.assets.listBigtableBackup
  • cloudasset.assets.listBigtableCluster
  • cloudasset.assets.listBigtableInstance
  • cloudasset.assets.listBigtableTable
  • cloudasset.assets.listCloudAssetFeeds
  • cloudasset.assets.listCloudDeployDeliveryPipelines
  • cloudasset.assets.listCloudDeployReleases
  • cloudasset.assets.listCloudDeployRollouts
  • cloudasset.assets.listCloudDeployTargets
  • cloudasset.assets.listCloudDocumentAIEvaluation
  • cloudasset.assets.listCloudDocumentAIHumanReviewConfig
  • cloudasset.assets.listCloudDocumentAILabelerPool
  • cloudasset.assets.listCloudDocumentAIProcessor
  • cloudasset.assets.listCloudDocumentAIProcessorVersion
  • cloudasset.assets.listCloudbillingBillingAccounts
  • cloudasset.assets.listCloudbillingProjectBillingInfos
  • cloudasset.assets.listCloudfunctionsFunctions
  • cloudasset.assets.listCloudfunctionsGen2Functions
  • cloudasset.assets.listCloudkmsCryptoKeyVersions
  • cloudasset.assets.listCloudkmsCryptoKeys
  • cloudasset.assets.listCloudkmsEkmConnections
  • cloudasset.assets.listCloudkmsImportJobs
  • cloudasset.assets.listCloudkmsKeyRings
  • cloudasset.assets.listCloudmemcacheInstances
  • cloudasset.assets.listCloudresourcemanagerFolders
  • cloudasset.assets.listCloudresourcemanagerOrganizations
  • cloudasset.assets.listCloudresourcemanagerProjects
  • cloudasset.assets.listCloudresourcemanagerTagBindings
  • cloudasset.assets.listCloudresourcemanagerTagKeys
  • cloudasset.assets.listCloudresourcemanagerTagValues
  • cloudasset.assets.listComposerEnvironments
  • cloudasset.assets.listComputeAddress
  • cloudasset.assets.listComputeAutoscalers
  • cloudasset.assets.listComputeBackendBuckets
  • cloudasset.assets.listComputeBackendServices
  • cloudasset.assets.listComputeCommitments
  • cloudasset.assets.listComputeDisks
  • cloudasset.assets.listComputeExternalVpnGateways
  • cloudasset.assets.listComputeFirewallPolicies
  • cloudasset.assets.listComputeFirewalls
  • cloudasset.assets.listComputeForwardingRules
  • cloudasset.assets.listComputeGlobalAddress
  • cloudasset.assets.listComputeGlobalForwardingRules
  • cloudasset.assets.listComputeHealthChecks
  • cloudasset.assets.listComputeHttpHealthChecks
  • cloudasset.assets.listComputeHttpsHealthChecks
  • cloudasset.assets.listComputeImages
  • cloudasset.assets.listComputeInstanceGroupManagers
  • cloudasset.assets.listComputeInstanceGroups
  • cloudasset.assets.listComputeInstanceTemplates
  • cloudasset.assets.listComputeInstances
  • cloudasset.assets.listComputeInterconnect
  • cloudasset.assets.listComputeInterconnectAttachment
  • cloudasset.assets.listComputeLicenses
  • cloudasset.assets.listComputeNetworkEndpointGroups
  • cloudasset.assets.listComputeNetworks
  • cloudasset.assets.listComputeNodeGroups
  • cloudasset.assets.listComputeNodeTemplates
  • cloudasset.assets.listComputePacketMirrorings
  • cloudasset.assets.listComputeProjects
  • cloudasset.assets.listComputeRegionAutoscaler
  • cloudasset.assets.listComputeRegionBackendServices
  • cloudasset.assets.listComputeRegionDisk
  • cloudasset.assets.listComputeRegionInstanceGroup
  • cloudasset.assets.listComputeRegionInstanceGroupManager
  • cloudasset.assets.listComputeReservations
  • cloudasset.assets.listComputeResourcePolicies
  • cloudasset.assets.listComputeRouters
  • cloudasset.assets.listComputeRoutes
  • cloudasset.assets.listComputeSecurityPolicy
  • cloudasset.assets.listComputeServiceAttachments
  • cloudasset.assets.listComputeSnapshots
  • cloudasset.assets.listComputeSslCertificates
  • cloudasset.assets.listComputeSslPolicies
  • cloudasset.assets.listComputeSubnetworks
  • cloudasset.assets.listComputeTargetHttpProxies
  • cloudasset.assets.listComputeTargetHttpsProxies
  • cloudasset.assets.listComputeTargetInstances
  • cloudasset.assets.listComputeTargetPools
  • cloudasset.assets.listComputeTargetSslProxies
  • cloudasset.assets.listComputeTargetTcpProxies
  • cloudasset.assets.listComputeTargetVpnGateways
  • cloudasset.assets.listComputeUrlMaps
  • cloudasset.assets.listComputeVpnGateways
  • cloudasset.assets.listComputeVpnTunnels
  • cloudasset.assets.listConnectorsConnections
  • cloudasset.assets.listConnectorsConnectorVersions
  • cloudasset.assets.listConnectorsConnectors
  • cloudasset.assets.listConnectorsProviders
  • cloudasset.assets.listConnectorsRuntimeConfigs
  • cloudasset.assets.listContainerAppsDeployment
  • cloudasset.assets.listContainerAppsReplicaSets
  • cloudasset.assets.listContainerBatchJobs
  • cloudasset.assets.listContainerClusterrole
  • cloudasset.assets.listContainerClusterrolebinding
  • cloudasset.assets.listContainerClusters
  • cloudasset.assets.listContainerExtensionsIngresses
  • cloudasset.assets.listContainerJobs
  • cloudasset.assets.listContainerNamespace
  • cloudasset.assets.listContainerNetworkingIngresses
  • cloudasset.assets.listContainerNetworkingNetworkPolicies
  • cloudasset.assets.listContainerNode
  • cloudasset.assets.listContainerNodepool
  • cloudasset.assets.listContainerPod
  • cloudasset.assets.listContainerReplicaSets
  • cloudasset.assets.listContainerRole
  • cloudasset.assets.listContainerRolebinding
  • cloudasset.assets.listContainerServices
  • cloudasset.assets.listContainerregistryImage
  • cloudasset.assets.listDataMigrationConnectionProfiles
  • cloudasset.assets.listDataMigrationMigrationJobs
  • cloudasset.assets.listDataflowJobs
  • cloudasset.assets.listDatafusionInstance
  • cloudasset.assets.listDataplexAssets
  • cloudasset.assets.listDataplexLakes
  • cloudasset.assets.listDataplexTasks
  • cloudasset.assets.listDataplexZones
  • cloudasset.assets.listDataprocAutoscalingPolicies
  • cloudasset.assets.listDataprocBatches
  • cloudasset.assets.listDataprocClusters
  • cloudasset.assets.listDataprocJobs
  • cloudasset.assets.listDataprocSessions
  • cloudasset.assets.listDataprocWorkflowTemplates
  • cloudasset.assets.listDatastreamConnectionProfile
  • cloudasset.assets.listDatastreamPrivateConnection
  • cloudasset.assets.listDatastreamStream
  • cloudasset.assets.listDialogflowAgents
  • cloudasset.assets.listDialogflowConversationProfiles
  • cloudasset.assets.listDialogflowKnowledgeBases
  • cloudasset.assets.listDialogflowLocationSettings
  • cloudasset.assets.listDlpDeidentifyTemplates
  • cloudasset.assets.listDlpDlpJobs
  • cloudasset.assets.listDlpInspectTemplates
  • cloudasset.assets.listDlpJobTriggers
  • cloudasset.assets.listDlpStoredInfoTypes
  • cloudasset.assets.listDnsManagedZones
  • cloudasset.assets.listDnsPolicies
  • cloudasset.assets.listDomainsRegistrations
  • cloudasset.assets.listEventarcTriggers
  • cloudasset.assets.listFileBackups
  • cloudasset.assets.listFileInstances
  • cloudasset.assets.listFirebaseAppInfos
  • cloudasset.assets.listFirebaseProjects
  • cloudasset.assets.listFirestoreDatabases
  • cloudasset.assets.listGKEHubFeatures
  • cloudasset.assets.listGKEHubMemberships
  • cloudasset.assets.listGameservicesGameServerClusters
  • cloudasset.assets.listGameservicesGameServerConfigs
  • cloudasset.assets.listGameservicesGameServerDeployments
  • cloudasset.assets.listGameservicesRealms
  • cloudasset.assets.listGkeBackupBackupPlans
  • cloudasset.assets.listGkeBackupBackups
  • cloudasset.assets.listGkeBackupRestorePlans
  • cloudasset.assets.listGkeBackupRestores
  • cloudasset.assets.listGkeBackupVolumeBackups
  • cloudasset.assets.listGkeBackupVolumeRestores
  • cloudasset.assets.listHealthcareConsentStores
  • cloudasset.assets.listHealthcareDatasets
  • cloudasset.assets.listHealthcareDicomStores
  • cloudasset.assets.listHealthcareFhirStores
  • cloudasset.assets.listHealthcareHl7V2Stores
  • cloudasset.assets.listIamPolicy
  • cloudasset.assets.listIamRoles
  • cloudasset.assets.listIamServiceAccountKeys
  • cloudasset.assets.listIamServiceAccounts
  • cloudasset.assets.listIapTunnel
  • cloudasset.assets.listIapTunnelInstances
  • cloudasset.assets.listIapTunnelZones
  • cloudasset.assets.listIapWeb
  • cloudasset.assets.listIapWebServiceVersion
  • cloudasset.assets.listIapWebServices
  • cloudasset.assets.listIapWebType
  • cloudasset.assets.listIdsEndpoints
  • cloudasset.assets.listIntegrationsAuthConfigs
  • cloudasset.assets.listIntegrationsCertificates
  • cloudasset.assets.listIntegrationsExecutions
  • cloudasset.assets.listIntegrationsIntegrationVersions
  • cloudasset.assets.listIntegrationsIntegrations
  • cloudasset.assets.listIntegrationsSfdcChannels
  • cloudasset.assets.listIntegrationsSfdcInstances
  • cloudasset.assets.listIntegrationsSuspensions
  • cloudasset.assets.listLoggingLogMetrics
  • cloudasset.assets.listLoggingLogSinks
  • cloudasset.assets.listManagedidentitiesDomain
  • cloudasset.assets.listMetastoreBackups
  • cloudasset.assets.listMetastoreMetadataImports
  • cloudasset.assets.listMetastoreServices
  • cloudasset.assets.listMonitoringAlertPolicies
  • cloudasset.assets.listNetworkConnectivityHubs
  • cloudasset.assets.listNetworkConnectivitySpokes
  • cloudasset.assets.listNetworkManagementConnectivityTests
  • cloudasset.assets.listNetworkServicesEndpointPolicies
  • cloudasset.assets.listNetworkServicesGateways
  • cloudasset.assets.listNetworkServicesGrpcRoutes
  • cloudasset.assets.listNetworkServicesHttpRoutes
  • cloudasset.assets.listNetworkServicesMeshes
  • cloudasset.assets.listNetworkServicesServiceBindings
  • cloudasset.assets.listNetworkServicesTcpRoutes
  • cloudasset.assets.listNetworkServicesTlsRoutes
  • cloudasset.assets.listOSConfigOSPolicyAssignmentReports
  • cloudasset.assets.listOSConfigOSPolicyAssignments
  • cloudasset.assets.listOSConfigVulnerabilityReports
  • cloudasset.assets.listOSInventories
  • cloudasset.assets.listOrgPolicy
  • cloudasset.assets.listPatchDeployments
  • cloudasset.assets.listPubsubSnapshots
  • cloudasset.assets.listPubsubSubscriptions
  • cloudasset.assets.listPubsubTopics
  • cloudasset.assets.listRedisInstances
  • cloudasset.assets.listResource
  • cloudasset.assets.listRunDomainMapping
  • cloudasset.assets.listRunRevision
  • cloudasset.assets.listRunService
  • cloudasset.assets.listSecretManagerSecretVersions
  • cloudasset.assets.listSecretManagerSecrets
  • cloudasset.assets.listServiceDirectoryNamespaces
  • cloudasset.assets.listServicePerimeter
  • cloudasset.assets.listServiceconsumermanagementConsumerProperty
  • cloudasset.assets.listServiceconsumermanagementConsumerQuotaLimits
  • cloudasset.assets.listServiceconsumermanagementConsumers
  • cloudasset.assets.listServiceconsumermanagementProducerOverrides
  • cloudasset.assets.listServiceconsumermanagementTenancyUnits
  • cloudasset.assets.listServiceconsumermanagementVisibility
  • cloudasset.assets.listServicemanagementServices
  • cloudasset.assets.listServiceusageAdminOverrides
  • cloudasset.assets.listServiceusageConsumerOverrides
  • cloudasset.assets.listServiceusageServices
  • cloudasset.assets.listSpannerBackups
  • cloudasset.assets.listSpannerDatabases
  • cloudasset.assets.listSpannerInstances
  • cloudasset.assets.listSpeakerIdPhrases
  • cloudasset.assets.listSpeakerIdSettings
  • cloudasset.assets.listSpeakerIdSpeakers
  • cloudasset.assets.listSpeechCustomClasses
  • cloudasset.assets.listSpeechPhraseSets
  • cloudasset.assets.listSqladminBackupRuns
  • cloudasset.assets.listSqladminInstances
  • cloudasset.assets.listStorageBuckets
  • cloudasset.assets.listTpuNodes
  • cloudasset.assets.listVpcaccessConnector
  • cloudasset.assets.queryAccessPolicy
  • cloudasset.assets.queryIamPolicy
  • cloudasset.assets.queryOSInventories
  • cloudasset.assets.queryResource
  • cloudasset.assets.searchAllIamPolicies
  • cloudasset.assets.searchAllResources
  • cloudasset.assets.searchEnrichmentResourceOwners

cloudasset.othercloudconnections.get

cloudasset.othercloudconnections.list

cloudasset.othercloudconnections.verify

recommender.cloudAssetInsights.get

recommender.cloudAssetInsights.list

recommender.locations.*

  • recommender.locations.get
  • recommender.locations.list

resourcemanager.folders.get

resourcemanager.folders.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

securitycenter.assets.group

securitycenter.assets.list

securitycenter.assets.listAssetPropertyNames

securitycenter.bigQueryExports.get

securitycenter.bigQueryExports.list

securitycenter.complianceReports.aggregate

securitycenter.compliancesnapshots.list

securitycenter.containerthreatdetectionsettings.calculate

securitycenter.containerthreatdetectionsettings.get

securitycenter.effectivesecurityhealthanalyticscustommodules.*

  • securitycenter.effectivesecurityhealthanalyticscustommodules.get
  • securitycenter.effectivesecurityhealthanalyticscustommodules.list

securitycenter.eventthreatdetectionsettings.calculate

securitycenter.eventthreatdetectionsettings.get

securitycenter.findingexplanations.get

securitycenter.findings.group

securitycenter.findings.list

securitycenter.findings.listFindingPropertyNames

securitycenter.graphs.*

  • securitycenter.graphs.get
  • securitycenter.graphs.query

securitycenter.integratedvulnerabilityscannersettings.calculate

securitycenter.integratedvulnerabilityscannersettings.get

securitycenter.issues.get

securitycenter.issues.group

securitycenter.issues.list

securitycenter.issues.listFilterValues

securitycenter.muteconfigs.get

securitycenter.muteconfigs.list

securitycenter.notificationconfig.get

securitycenter.notificationconfig.list

securitycenter.organizationsettings.get

securitycenter.rapidvulnerabilitydetectionsettings.calculate

securitycenter.rapidvulnerabilitydetectionsettings.get

securitycenter.securitycentersettings.get

securitycenter.securityhealthanalyticscustommodules.get

securitycenter.securityhealthanalyticscustommodules.list

securitycenter.securityhealthanalyticssettings.calculate

securitycenter.securityhealthanalyticssettings.get

securitycenter.sources.get

securitycenter.sources.list

securitycenter.subscription.get

securitycenter.userinterfacemetadata.get

securitycenter.virtualmachinethreatdetectionsettings.calculate

securitycenter.virtualmachinethreatdetectionsettings.get

securitycenter.vulnerabilitysnapshots.list

securitycenter.websecurityscannersettings.calculate

securitycenter.websecurityscannersettings.get

securitycentermanagement.billingMetadata.get

securitycentermanagement.effectiveEventThreatDetectionCustomModules.*

  • securitycentermanagement.effectiveEventThreatDetectionCustomModules.get
  • securitycentermanagement.effectiveEventThreatDetectionCustomModules.list

securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.*

  • securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get
  • securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list

securitycentermanagement.eventThreatDetectionCustomModules.get

securitycentermanagement.eventThreatDetectionCustomModules.list

securitycentermanagement.eventThreatDetectionCustomModules.validate

securitycentermanagement.locations.*

  • securitycentermanagement.locations.get
  • securitycentermanagement.locations.list

securitycentermanagement.securityCenterServices.get

securitycentermanagement.securityCenterServices.list

securitycentermanagement.securityCommandCenter.checkActivationOperation

securitycentermanagement.securityCommandCenter.checkOnboardingStatus

securitycentermanagement.securityCommandCenter.get

securitycentermanagement.securityHealthAnalyticsCustomModules.get

securitycentermanagement.securityHealthAnalyticsCustomModules.list

securitycentermanagement.securityHealthAnalyticsCustomModules.simulate

securitycentermanagement.securityHealthAnalyticsCustomModules.test

Risk Manager ViewerBeta

(roles/riskmanager.viewer)

Access to view Risk Manager resources

resourcemanager.projects.get

resourcemanager.projects.list

riskmanager.controlScoreBreakdowns.*

  • riskmanager.controlScoreBreakdowns.get
  • riskmanager.controlScoreBreakdowns.list

riskmanager.operations.get

riskmanager.operations.list

riskmanager.policies.*

  • riskmanager.policies.get
  • riskmanager.policies.list

riskmanager.reports.get

riskmanager.reports.list

riskmanager.settings.get

Cyber Insurance Hub permissions

PermissionIncluded in roles

riskmanager.controlScoreBreakdowns.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

Risk Manager Admin (roles/riskmanager.admin)

Risk Manager Editor (roles/riskmanager.editor)

Risk Manager Report Reviewer (roles/riskmanager.reviewer)

Risk Manager Viewer (roles/riskmanager.viewer)

riskmanager.controlScoreBreakdowns.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Risk Manager Admin (roles/riskmanager.admin)

Risk Manager Editor (roles/riskmanager.editor)

Risk Manager Report Reviewer (roles/riskmanager.reviewer)

Risk Manager Viewer (roles/riskmanager.viewer)

riskmanager.operations.delete

Owner (roles/owner)

Editor (roles/editor)

Risk Manager Admin (roles/riskmanager.admin)

Risk Manager Editor (roles/riskmanager.editor)

riskmanager.operations.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

Risk Manager Admin (roles/riskmanager.admin)

Risk Manager Editor (roles/riskmanager.editor)

Risk Manager Report Reviewer (roles/riskmanager.reviewer)

Risk Manager Viewer (roles/riskmanager.viewer)

riskmanager.operations.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Risk Manager Admin (roles/riskmanager.admin)

Risk Manager Editor (roles/riskmanager.editor)

Risk Manager Report Reviewer (roles/riskmanager.reviewer)

Risk Manager Viewer (roles/riskmanager.viewer)

riskmanager.policies.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

Risk Manager Admin (roles/riskmanager.admin)

Risk Manager Editor (roles/riskmanager.editor)

Risk Manager Viewer (roles/riskmanager.viewer)

riskmanager.policies.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Risk Manager Admin (roles/riskmanager.admin)

Risk Manager Editor (roles/riskmanager.editor)

Risk Manager Viewer (roles/riskmanager.viewer)

riskmanager.reports.create

Owner (roles/owner)

Editor (roles/editor)

Risk Manager Admin (roles/riskmanager.admin)

Risk Manager Editor (roles/riskmanager.editor)

riskmanager.reports.delete

Owner (roles/owner)

Editor (roles/editor)

Risk Manager Admin (roles/riskmanager.admin)

Risk Manager Editor (roles/riskmanager.editor)

riskmanager.reports.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

Risk Manager Admin (roles/riskmanager.admin)

Risk Manager Editor (roles/riskmanager.editor)

Risk Manager Report Reviewer (roles/riskmanager.reviewer)

Risk Manager Viewer (roles/riskmanager.viewer)

riskmanager.reports.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Risk Manager Admin (roles/riskmanager.admin)

Risk Manager Editor (roles/riskmanager.editor)

Risk Manager Report Reviewer (roles/riskmanager.reviewer)

Risk Manager Viewer (roles/riskmanager.viewer)

riskmanager.reports.review

Owner (roles/owner)

Editor (roles/editor)

Risk Manager Admin (roles/riskmanager.admin)

Risk Manager Report Reviewer (roles/riskmanager.reviewer)

riskmanager.reports.share

Owner (roles/owner)

Editor (roles/editor)

Risk Manager Admin (roles/riskmanager.admin)

riskmanager.serviceAccount.create

Owner (roles/owner)

Editor (roles/editor)

Risk Manager Admin (roles/riskmanager.admin)

Risk Manager Editor (roles/riskmanager.editor)

riskmanager.settings.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

Risk Manager Admin (roles/riskmanager.admin)

Risk Manager Editor (roles/riskmanager.editor)

Risk Manager Viewer (roles/riskmanager.viewer)

riskmanager.settings.update

Owner (roles/owner)

Editor (roles/editor)

Risk Manager Admin (roles/riskmanager.admin)

Risk Manager Editor (roles/riskmanager.editor)

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-12-15 UTC.