Skip to main content

Hello everybody,

I have created a custom IAM role for SecOps, based on the Chronicle API Viewer role, with the difference that creating, duplicating, and editing dashboards in SecOps SIEM should be allowed.

I found the following permissions related to dashboards, excluding deletion:

  • chronicle.dashboardCharts.get
  • chronicle.dashboardCharts.list
  • chronicle.dashboardQueries.execute
  • chronicle.dashboardQueries.get
  • chronicle.dashboardQueries.list
  • chronicle.dashboards.copy
  • chronicle.dashboards.create
  • chronicle.dashboards.edit
  • chronicle.dashboards.get
  • chronicle.dashboards.list
  • chronicle.dashboards.schedule
  • chronicle.nativeDashboards.create
  • chronicle.nativeDashboards.duplicate
  • chronicle.nativeDashboards.get
  • chronicle.nativeDashboards.list
  • chronicle.nativeDashboards.update
  1. Can someone describe each of these permissions?
  2. Which permissions do I need to allow for creating and editing dashboards?

Currently, changes do not seem to have any effect. We created a new group in our Azure Entra ID, and we map this group to the newly created role in Google IAM. However, users do not have any more permissions than before.

I appreciate any help I can get.

Here is a doc that outlines all permissions: https://cloud.google.com/iam/docs/permissions-reference

This should be the permissions required for Looker (legacy) Dashboards, if you have the YARA-L dashboards or unified SecOps UI it may be different permissions.

https://cloud.google.com/chronicle/docs/reference/feature-rbac-permissions-roles#dashboards

chronicle.dashboardCharts.*
chronicle.dashboardQueries.*
chronicle.dashboards.*

Thanks for he ducumentation.

I defined a new role and named it "Custom Chronicle API Viewer and Dashboard". I assigned all the roles the Chronicle API Viewer already has and extended them by the following.

  • chronicle.dashboardCharts.get
  • chronicle.dashboardCharts.list
  • chronicle.dashboardQueries.execute
  • chronicle.dashboardQueries.get
  • chronicle.dashboardQueries.list
  • chronicle.dashboards.copy
  • chronicle.dashboards.create
  • chronicle.dashboards.edit
  • chronicle.dashboards.get
  • chronicle.dashboards.list
  • chronicle.dashboards.schedule

Now I first created a group in Azure Entra ID and mapped this group to the newly created role
principalSet://iam.googleapis.com/locations/global/workforcePools/<WORKFORCE_POOL_ID>/group/928..

Unfortunately, our users do not have more permissions than before. There is still no option for them, to create a dashboard.

Hi Jansch,


Some things you might check to troubleshoot are:



  • Double check that the user you are testing with are actually members of the new Azure AD group

  • Validate the expected group membership changes have been applied

  • Check for conflicting permissions

  • Validate WIF configuration


Hope this helps.

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.