Web Security Scanner roles and permissions

This page lists the IAM roles and permissions for Web Security Scanner. To search through all roles and permissions, see the role and permission index.

Web Security Scanner roles

Role Permissions

Web Security Scanner Editor

(roles/cloudsecurityscanner.editor)

Full access to all Web Security Scanner resources

Lowest-level resources where you can grant this role:

  • Project

appengine.applications.get

cloudsecurityscanner.*

  • cloudsecurityscanner.crawledurls.list
  • cloudsecurityscanner.results.get
  • cloudsecurityscanner.results.list
  • cloudsecurityscanner.scanruns.get
  • cloudsecurityscanner.scanruns.getSummary
  • cloudsecurityscanner.scanruns.list
  • cloudsecurityscanner.scanruns.stop
  • cloudsecurityscanner.scans.create
  • cloudsecurityscanner.scans.delete
  • cloudsecurityscanner.scans.get
  • cloudsecurityscanner.scans.list
  • cloudsecurityscanner.scans.run
  • cloudsecurityscanner.scans.update

compute.addresses.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

  • serviceusage.groups.list
  • serviceusage.groups.listExpandedMembers
  • serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Web Security Scanner Runner

(roles/cloudsecurityscanner.runner)

Read access to Scan and ScanRun, plus the ability to start scans

Lowest-level resources where you can grant this role:

  • Project

cloudsecurityscanner.crawledurls.list

cloudsecurityscanner.scanruns.get

cloudsecurityscanner.scanruns.list

cloudsecurityscanner.scanruns.stop

cloudsecurityscanner.scans.get

cloudsecurityscanner.scans.list

cloudsecurityscanner.scans.run

Web Security Scanner Viewer

(roles/cloudsecurityscanner.viewer)

Read access to all Web Security Scanner resources

Lowest-level resources where you can grant this role:

  • Project

cloudsecurityscanner.crawledurls.list

cloudsecurityscanner.results.*

  • cloudsecurityscanner.results.get
  • cloudsecurityscanner.results.list

cloudsecurityscanner.scanruns.get

cloudsecurityscanner.scanruns.getSummary

cloudsecurityscanner.scanruns.list

cloudsecurityscanner.scans.get

cloudsecurityscanner.scans.list

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

  • serviceusage.groups.list
  • serviceusage.groups.listExpandedMembers
  • serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.values.test

Cloud Web Security Scanner Service Agent

(roles/websecurityscanner.serviceAgent)

Gives the Cloud Web Security Scanner service account access to compute engine details and app engine details.

appengine.applications.get

cloudasset.assets.listResource

compute.addresses.list

compute.backendServices.get

compute.forwardingRules.get

compute.globalForwardingRules.get

compute.sslCertificates.list

compute.targetHttpProxies.get

compute.targetHttpsProxies.get

compute.urlMaps.get

Web Security Scanner permissions

Permission Included in roles

cloudsecurityscanner.crawledurls.list

Owner (roles/owner)

Editor (roles/editor)

Web Security Scanner Editor (roles/cloudsecurityscanner.editor)

Web Security Scanner Runner (roles/cloudsecurityscanner.runner)

Web Security Scanner Viewer (roles/cloudsecurityscanner.viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

cloudsecurityscanner.results.get

Owner (roles/owner)

Editor (roles/editor)

Web Security Scanner Editor (roles/cloudsecurityscanner.editor)

Web Security Scanner Viewer (roles/cloudsecurityscanner.viewer)

Security Auditor (roles/iam.securityAuditor)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

cloudsecurityscanner.results.list

Owner (roles/owner)

Editor (roles/editor)

Web Security Scanner Editor (roles/cloudsecurityscanner.editor)

Web Security Scanner Viewer (roles/cloudsecurityscanner.viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

cloudsecurityscanner.scanruns.get

Owner (roles/owner)

Editor (roles/editor)

Web Security Scanner Editor (roles/cloudsecurityscanner.editor)

Web Security Scanner Runner (roles/cloudsecurityscanner.runner)

Web Security Scanner Viewer (roles/cloudsecurityscanner.viewer)

Security Auditor (roles/iam.securityAuditor)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

cloudsecurityscanner.scanruns.getSummary

Owner (roles/owner)

Editor (roles/editor)

Web Security Scanner Editor (roles/cloudsecurityscanner.editor)

Web Security Scanner Viewer (roles/cloudsecurityscanner.viewer)

Security Auditor (roles/iam.securityAuditor)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

cloudsecurityscanner.scanruns.list

Owner (roles/owner)

Editor (roles/editor)

Web Security Scanner Editor (roles/cloudsecurityscanner.editor)

Web Security Scanner Runner (roles/cloudsecurityscanner.runner)

Web Security Scanner Viewer (roles/cloudsecurityscanner.viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

cloudsecurityscanner.scanruns.stop

Owner (roles/owner)

Editor (roles/editor)

Web Security Scanner Editor (roles/cloudsecurityscanner.editor)

Web Security Scanner Runner (roles/cloudsecurityscanner.runner)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

cloudsecurityscanner.scans.create

Owner (roles/owner)

Editor (roles/editor)

Web Security Scanner Editor (roles/cloudsecurityscanner.editor)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

cloudsecurityscanner.scans.delete

Owner (roles/owner)

Editor (roles/editor)

Web Security Scanner Editor (roles/cloudsecurityscanner.editor)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

cloudsecurityscanner.scans.get

Owner (roles/owner)

Editor (roles/editor)

Web Security Scanner Editor (roles/cloudsecurityscanner.editor)

Web Security Scanner Runner (roles/cloudsecurityscanner.runner)

Web Security Scanner Viewer (roles/cloudsecurityscanner.viewer)

Security Auditor (roles/iam.securityAuditor)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Service agent roles

cloudsecurityscanner.scans.list

Owner (roles/owner)

Editor (roles/editor)

Web Security Scanner Editor (roles/cloudsecurityscanner.editor)

Web Security Scanner Runner (roles/cloudsecurityscanner.runner)

Web Security Scanner Viewer (roles/cloudsecurityscanner.viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Security Center Admin Viewer (roles/securitycenter.adminViewer)

Service agent roles

cloudsecurityscanner.scans.run

Owner (roles/owner)

Editor (roles/editor)

Web Security Scanner Editor (roles/cloudsecurityscanner.editor)

Web Security Scanner Runner (roles/cloudsecurityscanner.runner)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

cloudsecurityscanner.scans.update

Owner (roles/owner)

Editor (roles/editor)

Web Security Scanner Editor (roles/cloudsecurityscanner.editor)

Security Center Admin (roles/securitycenter.admin)

Security Center Admin Editor (roles/securitycenter.adminEditor)

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025年11月05日 UTC.