Admin privileges for the security center

You must be an administrator with a G Suite Enterprise, G Suite Enterprise for Education, Drive Enterprise, or Cloud Identity Premium Edition license to access the security center (Drive Enterprise and Cloud Identity Premium Edition administrators receive a subset of security center features). You also must have the necessary privileges to access specific security center features. See the sections below for details. 

Security page privilege

Open the Security page by clicking the Security icon after signing in to the Google Admin console, or by clicking Security in the main menu at the top-left corner of the Google Admin console.

For access to the Security page, admins in your organization need the User Security Management privilege. From the Google Admin console, click Admin roles, click the Privileges tab, and then check the User Security Management box under Security.

For more details and step-by-step instructions, see Create custom administrator roles.

Security dashboard privilege

To access the security dashboard, admins must have Dashboard privilege.

From the Google Admin console, click Admin roles, click the Privileges tab, and then check the Drive and Gmail boxes under Services > Service Settings > Security Center > Dashboards.

Note: Some admins with Reports privilege may have access to the security dashboard. For the security center, the new Security Center > Dashboard privilege has replaced the Reports privilege. (The Reports privilege for non-security-center reports in the Google Admin console will not be changed.)

For more details and general step-by-step instructions for setting up admin privileges, see Create custom administrator roles.

Security health page privilege

To set up the security health privilege for delegated admins:

From the Google Admin console, click Admin roles, click the Privileges tab, and then check the Security Health box under Services > Service Settings > Security Center.

In addition to the top level privilege, admins may also need additional privileges to view specific settings (see the sections below). For more details and general step-by-step instructions for setting up admin privileges, see Create custom administrator roles.

Important:

  • Admins who have Super Admin privileges have access to the security health page.
  • If an admin lacks permission to view specific advanced Admin console settings, those settings will be hidden from view on the security health page.
  • To load the security health page, an admin must have the basic Read privilege for both Organization Units and Users in the Google Admin console (see the example below).

    Security center privileges

 

For general instructions about granting privileges to delegated admins, see Create custom administrator roles, Assign user management roles, and Administrator privilege definitions.

Settings reference for the security health page

For details about the required privileges for each setting on the security health page, see the table below. Super Admin accounts are automatically granted the privileges associated with each of the settings in this table, and (with the exception of two-step verification policy management) super admins can provide these privileges to delegated admins.

Security health setting   Privileges required
  • SPF
  • DKIM
  • DMARC
  • MX Records

Available with G Suite Enterprise
  • Read privilege for Organization Units
  • Read privilege for Users

From the Privileges tab, check the Read box under Organization Units, and check the Read box under Users.

For more details and step-by-step instructions, see Create custom administrator roles.
  • Approved domain senders
  • Approved senders without authentication
  • Add spam headers to all default routing rules
  • Bypassing spam filters for internal senders
  • Comprehensive mail storage
  • Email whitelist IPs
  • Automatic email forwarding
  • POP and IMAP access for users

Available with G Suite Enterprise
  • Read privilege for Organization Units
  • Read privilege for Users
  • Gmail administration

From the Privileges tab, check the Read box under Organization Units, check the Read box under Users, and check the Gmail box under Services > Service settings

For more details and step-by-step instructions, see Create custom administrator roles.
  • Groups creation and membership
  • Sites sharing policy
  • G Suite Marketplace applications usage

Available with G Suite Enterprise and Drive Enterprise

 

  • Hangouts out of domain warning

Available with G Suite Enterprise
  • Read privilege for Organization Units
  • Read privilege for Users
  • Service Settings administration

From the Privileges tab, check the Read box under Organization Units, check the Read box under Users, and check the Service Settings box under Services.

For more details and step-by-step instructions, see Create custom administrator roles.
  • Calendar sharing policy

Available with G Suite Enterprise
  • Read privilege for Organization Units
  • Read privilege for Users
  • Calendar administration

From the Privileges tab, check the Read box under Organization Units, check the Read box under Users, and check the Calendar box under Services > Service settings.

For more details and step-by-step instructions, see Create custom administrator roles.
  • File publishing on the web
  • Access Checker
  • Warning for out of domain sharing
  • Drive sharing settings
  • Google sign-in requirement for external collaborators
  • Access to offline docs
  • Drive add-ons
  • Desktop access to Drive

Available with G Suite Enterprise and Drive Enterprise
  • Read privilege for Organization Units
  • Read privilege for Users
  • Drive administration

From the Privileges tab, check the Read box under Organization Units, check the Read box under Users, and check the Drive and Docs box under Services > Service settings.

For more details and step-by-step instructions, see Create custom administrator roles.
  • Mobile management
  • Blocking of compromised mobile devices
  • Mobile inactivity reports
  • Mobile password requirements
  • Device encryption
  • Application verification
  • Installation of mobile apps from unknown sources
  • External media storage
  • Auto account wipe

Available with G Suite Enterprise, Drive Enterprise, and Cloud Identity Premium Edition
  • Read privilege for Organization Units
  • Read privilege for Users
  • Mobile device management administration

From the Privileges tab, check the Read box under Organization Units, check the Read box under Users, and check the Mobile Device Management box under Services > Service settings.

For more details and step-by-step instructions, see Create custom administrator roles.
  • Two-step verification for admins
  • Security key enforcement for admins

Available for G Suite Enterprise, Drive Enterprise, and Cloud Identity Premium Edition
  • Read privilege for Organization Units
  • Read privilege for Users
  • User Security Management

From the Privileges tab, check the Read box under Organization Units, check the Read box under Users, and check the User Security Management box under Security.

For more details and step-by-step instructions, see Create custom administrator roles.
  • Two-step verification for users
  • Security key enforcement for users

Available with G Suite Enterprise, Drive Enterprise, and Cloud Identity Premium Edition

Two-step verification policy management for users is only available for Super Admin accounts.
Was this helpful?
How can we improve it?