| iam:PassRole | Admin |
| securityhub:AcceptInvitation | Admin |
| securityhub:BatchDisableStandards | Admin |
| securityhub:BatchEnableStandards | Admin |
| securityhub:BatchImportFindings | Admin |
| securityhub:CancelProductSubscription | Admin |
| securityhub:CreateActionTarget | Admin |
| securityhub:CreateInsight | Admin |
| securityhub:CreateMembers | Admin |
| securityhub:DeclineInvitations | Admin |
| securityhub:DeleteActionTarget | Admin |
| securityhub:DeleteInsight | Admin |
| securityhub:DeleteInvitations | Admin |
| securityhub:DeleteMembers | Admin |
| securityhub:DisableSecurityHub | Admin |
| securityhub:DisassociateFromMasterAccount | Admin |
| securityhub:DisassociateMembers | Admin |
| securityhub:EnableImportFindingsForProduct | Admin |
| securityhub:EnableSecurityHub | Admin |
| securityhub:InviteMembers | Admin |
| securityhub:UpdateActionTarget | Admin |
| securityhub:UpdateFindings | Admin |
| securityhub:UpdateInsight | Admin |
| securityhub:DisableImportFindingsForProduct | Operator |
| securityhub:TagResource | Operator |
| securityhub:UntagResource | Operator |
| health:DescribeEventAggregates | Metadata |
| securityhub:DescribeActionTargets | Metadata |
| securityhub:DescribeHub | Metadata |
| securityhub:DescribeProducts | Metadata |
| securityhub:GetEnabledStandards | Metadata |
| securityhub:GetFindings | Metadata |
| securityhub:GetInsightResults | Metadata |
| securityhub:GetInsights | Metadata |
| securityhub:GetInvitationsCount | Metadata |
| securityhub:GetMasterAccount | Metadata |
| securityhub:GetMembers | Metadata |
| securityhub:GetProductSubscription | Metadata |
| securityhub:IsSecurityHubEnabled | Metadata |
| securityhub:ListEnabledProductsForImport | Metadata |
| securityhub:ListInvitations | Metadata |
| securityhub:ListMembers | Metadata |
| securityhub:ListTagsForResource | Metadata |
