Announcement: Application Integration is now available for your Google Cloud project. You can now use both Apigee Integration and Application Integration within the same Google Cloud project. Learn more
Apigee Integration uses Identity and Access Management (IAM) to control access to your integrations.
Before running the integrations, ensure that you have configured the relevant IAM roles in
your Google Cloud project.
Predefined IAM roles
The following table describes the predefined Apigee Integration IAM roles, and the permissions contained within each role. Each role contains a set of permissions that is suitable for a specific role scope.
For more information about the different types of roles in IAM, see Understanding roles .
For information on granting roles to principals, see Granting, changing, and revoking access .
IAM role
Role scope
Permissions
Description
Pub/Sub Editor (roles/pubsub.editor)
Cloud Pub/Sub trigger
pubsub.topics.attachSubscription
pubsub.subscriptions.create
Provides access to modify topics and subscriptions, and access to publish and consume messages.
Cloud KMS CryptoKey Encrypter/Decrypter (roles/cloudkms.cryptoKeyEncrypterDecrypter)
Authentication profile
cloudkms.cryptoKeyVersions.useToDecrypt
cloudkms.cryptoKeyVersions.useToEncrypt
Provides ability to use Cloud KMS resources for encrypt and decrypt operations only.
Apigee Integration Admin (roles/integrations.apigeeIntegrationAdminRole)
All tasks and triggers
integrations.apigeeIntegrations.list
integrations.apigeeIntegrations.invoke
integrations.apigeeIntegrationVers.list
integrations.apigeeIntegrationVers.create
integrations.apigeeIntegrationVers.get
integrations.apigeeIntegrationVers.update
integrations.apigeeIntegrationVers.delete
integrations.apigeeIntegrationVers.deploy
integrations.apigeeExecutions.list
integrations.apigeeSuspensions.list
integrations.apigeeSuspensions.resolve
integrations.apigeeAuthConfigs.list
integrations.apigeeAuthConfigs.create
integrations.apigeeAuthConfigs.get
integrations.apigeeAuthConfigs.update
integrations.apigeeAuthConfigs.delete
integrations.apigeeCertificates.get
integrations.apigeeSfdcInstances.list
integrations.apigeeSfdcInstances.create
integrations.apigeeSfdcInstances.get
integrations.apigeeSfdcInstances.update
integrations.apigeeSfdcInstances.delete
integrations.apigeeSfdcChannels.list
integrations.apigeeSfdcChannels.create
integrations.apigeeSfdcChannels.get
integrations.apigeeSfdcChannels.update
integrations.apigeeSfdcChannels.delete
resourcemanager.projects.get
resourcemanager.projects.list
Provides full access to all Apigee integrations.
Apigee Integration Viewer (roles/integrations.apigeeIntegrationsViewer)
All tasks and triggers
integrations.apigeeIntegrations.list
integrations.apigeeIntegrationVers.list
integrations.apigeeIntegrationVers.get
integrations.apigeeAuthConfigs.list
integrations.apigeeSfdcInstances.list
integrations.apigeeSfdcChannels.list
resourcemanager.projects.get
resourcemanager.projects.list
Provides access to list and view Apigee integrations.
Apigee Integration Editor (roles/integrations.apigeeIntegrationEditorRole)
All tasks and triggers
integrations.apigeeIntegrations.list
integrations.apigeeIntegrations.invoke
integrations.apigeeIntegrationVers.list
integrations.apigeeIntegrationVers.create
integrations.apigeeIntegrationVers.get
integrations.apigeeIntegrationVers.update
integrations.apigeeIntegrationVers.delete
integrations.apigeeIntegrationVers.deploy
integrations.apigeeExecutions.list
integrations.apigeeAuthConfigs.list
integrations.apigeeAuthConfigs.create
integrations.apigeeAuthConfigs.get
integrations.apigeeAuthConfigs.update
integrations.apigeeCertificates.get
integrations.apigeeSfdcInstances.list
integrations.apigeeSfdcInstances.create
integrations.apigeeSfdcInstances.get
integrations.apigeeSfdcInstances.update
integrations.apigeeSfdcChannels.list
integrations.apigeeSfdcChannels.create
integrations.apigeeSfdcChannels.get
integrations.apigeeSfdcChannels.update
resourcemanager.projects.get
resourcemanager.projects.list
Provides access to list, create and update Apigee integrations.
Apigee Integration Deployer (roles/integrations.apigeeIntegrationDeployerRole)
All tasks and triggers
integrations.apigeeIntegrations.list
integrations.apigeeIntegrationVers.list
integrations.apigeeIntegrationVers.get
integrations.apigeeIntegrationVers.deploy
resourcemanager.projects.get
resourcemanager.projects.list
Provides access to deploy and undeploy Apigee integrations to the integration runtime.
Apigee Integration Invoker (roles/integrations.apigeeIntegrationInvokerRole)
All tasks and triggers
integrations.apigeeIntegrations.list
integrations.apigeeIntegrations.invoke
integrations.apigeeIntegrationVers.list
integrations.apigeeIntegrationVers.get
integrations.apigeeExecutions.list
resourcemanager.projects.get
resourcemanager.projects.list
Provides access to invoke (run) Apigee integrations.
Apigee Integration Approver (roles/integrations.apigeeSuspensionResolver)
Suspend task
integrations.apigeeSuspensions.list
integrations.apigeeSuspensions.resolve
resourcemanager.projects.get
resourcemanager.projects.list
Provides access to approve or reject Apigee integrations that contain a suspension task.