Admin privileges for the security center

Availability of features depends on your Google Workspace or Cloud Identity edition (details below on this page).

As a super administrator, you can access security center features, including the security dashboard, security health page, and security investigation tool. You can give other admins access to a specific security center feature—for example, just the security dashboard—by granting them the privileges for that feature.

Important: To provide more granular access permissions, the Audit and Investigation View privilege will soon be required to access log event data. Existing administrator roles with the Reports privilege will automatically be assigned the Audit and Investigation View, Activity View, and Activity Manage privileges. These privileges must be explicitly assigned for new administrator roles. If you need the Reports privilege, but not Audit and Investigation View, wait until after the change to remove the privilege. After this change, roles with only the Reports privilege will no longer be able to access log event data.

Grant security center privileges to an admin

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. In the Admin console, go to Menu and then Accountand thenAdmin roles.
  3. Point to a custom administrator role.
    Tip: If you need to create an admin role, go to Create a custom role.
  4. Click View privilegesand thenOpen privileges.
  5. Check the privileges for the security center area you want to grant access to.
    Review Security center privileges below on this page.
  6. Click Save.

Security center privileges

Some features in the security center—for example, data related to Gmail and Drive—are not available with  Enterprise Standard, Frontline Standard, and Cloud Identity Premium.

Security area Privilege required

Security page

Supported editions for this feature: Frontline Standard; Enterprise Standard and Enterprise Plus; Education Standard and Education Plus; Enterprise Essentials Plus. Compare your edition

This feature is available with Cloud Identity Premium edition. Compare editions 

Securityand thenSecurity Settings

To open the Security page, from the Admin console Home page, click Security.

Security dashboard

Supported editions for this feature: Frontline Standard; Enterprise Standard and Enterprise Plus; Education Standard and Education Plus; Enterprise Essentials Plus. Compare your edition

This feature is available with Cloud Identity Premium edition. Compare editions 

Servicesand thenSecurity Centerand thenThis user has full administrative rights for Security Centerand thenDashboards

Note: Some admins with the Reports privilege may have access to the security dashboard. For the security center, the Dashboards privilege replaced the Reports privilege. (The Reports privilege for non-security center reports in the Admin console isn’t changing.)

Security health

Supported editions for this feature: Frontline Standard; Enterprise Standard and Enterprise Plus; Education Standard and Education Plus; Enterprise Essentials Plus. Compare your edition

This feature is available with Cloud Identity Premium edition. Compare editions 

To access the security health page, an admin needs all of these privileges:

  • Servicesand thenSecurity Centerand thenThis user has full administrative rights for Security Centerand thenSecurity Health
  • Organizational Unitsand thenRead
  • Usersand thenRead

In addition, the admin needs setting-specific privileges for the setting or group of settings you want to give access to. Review the table below, Settings reference for the security health page.

Investigation tool

Supported editions for this feature: Frontline Standard; Enterprise Standard and Enterprise Plus; Education Standard and Education Plus; Enterprise Essentials Plus. Compare your edition

This feature is available with Cloud Identity Premium edition. Compare editions 

Servicesand thenSecurity Centerand thenThis user has full administrative rights for Security Centerand thenAudit & Investigation

For more information, go to Admin privileges for the investigation tool.

Settings reference for the security health page

Super admins can access security health settings. Other admins need super admins to grant them the additional privileges listed here for each setting or group of settings. If an admin doesn't have the required privileges for specific settings, those settings don’t appear on the security health page.

Note: Only super admins can access the security health settings for 2-Step Verification and security-key enforcement for users, as well as groups creation and management.

Security health setting Privileges required
  • Automatic email forwarding
  • Comprehensive mail storage
  • Bypassing spam filters for internal senders
  • POP and IMAP access for users
  • DKIM
  • SPF record
  • DMARC
  • Approved senders without authentication
  • Approved domain senders
  • Email whitelist IPs
  • Add spam headers setting to all default routing rules
  • MX record configuration
  • Attachment safety
  • Links and external images safety
  • Spoofing and authentication safety
  • MTA-STS configuration

Supported edition: Enterprise Plus

Gmailand thenSettings
  • Groups creation and membership

Supported edition: Enterprise Plus

Only available for super admin accounts

  • Sites sharing policy
  • Google Workspace Marketplace applications usage
  • Hangouts out of domain warning

Supported edition: Enterprise Plus

Servicesand thenService Settings

Assigning the Service Settings privilege:

  • Automatically checks the Settings box for Gmail, Google Drive, and Google Calendar
  • Makes their security health settings visible to the assigned admin
  • Calendar sharing policy

Supported edition: Enterprise Plus

Servicesand thenCalendarand thenAll Settings

  • File publishing on the web
  • Access Checker
  • Warning for out of domain sharing
  • Drive sharing settings
  • Google sign-in requirement for external collaborators
  • Access to offline docs
  • Drive add-ons
  • Desktop access to Drive

Supported editions: Enterprise Plus and Enterprise Essentials Plus

Servicesand thenDrive and Docsand thenSettings

  • Mobile management
  • Blocking of compromised mobile devices
  • Mobile inactivity reports
  • Mobile password requirements
  • Device encryption
  • Application verification
  • Installation of mobile apps from unknown sources
  • External media storage
  • Auto account wipe

Supported editions: Enterprise Standard and Enterprise Plus; Enterprise Essentials Plus; and Cloud Identity Premium

Servicesand thenMobile Device Managementand thenManage Devices and Settings

  • 2-Step Verification for admins
  • 2-Step Verification for users
  • Security-key enforcement for admins
  • Security-key enforcement for users

Supported editions: Enterprise Standard and Enterprise Plus; Enterprise Essentials Plus; and Cloud Identity Premium

Only available for super admin accounts

Related topics

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Google apps
Main menu
1616160342217342969
true
Search Help Center
true
true
true
false
false