Preview
This product or feature is covered by the
Pre-GA Offerings Terms of the
Google Cloud Terms of Service.
Pre-GA products and features might have limited support, and changes to pre-GA products and
features might not be compatible with other pre-GA versions.
For more information, see the
launch stage descriptions .
See the supported connectors for Application Integration.
Predefined Application Integration IAM roles
The following table describes the predefined Application Integration IAM roles, and the permissions contained within each role. Each role contains a set of permissions that is suitable for a specific role scope. For example, the Application Integration Admin role grants complete access (view, edit, deploy, invoke, approve) to all the integrations.
IAM role Description Role scope Permissions
Application Integration Admin
(roles/integrationAdmin)
Full access to all Application Integration resources.
All integrations, tasks, and triggers.
integrations.googleapis.com/integrations.list
integrations.googleapis.com/integrations.invoke
integrations.googleapis.com/integrations.create
integrations.googleapis.com/integrations.get
integrations.googleapis.com/integrations.update
integrations.googleapis.com/integrations.delete
integrations.googleapis.com/integrations.deploy
integrations.googleapis.com/integrationVersions.list
integrations.googleapis.com/integrationVersions.create
integrations.googleapis.com/integrationVersions.get
integrations.googleapis.com/integrationVersions.update
integrations.googleapis.com/integrationVersions.delete
integrations.googleapis.com/integrationVersions.deploy
integrations.googleapis.com/executions.list
integrations.googleapis.com/suspensions.list
integrations.googleapis.com/suspensions.resolve
integrations.googleapis.com/suspensions.lift
integrations.googleapis.com/authConfigs.list
integrations.googleapis.com/authConfigs.create
integrations.googleapis.com/authConfigs.get
integrations.googleapis.com/authConfigs.update
integrations.googleapis.com/authConfigs.delete
integrations.googleapis.com/certificates.list
integrations.googleapis.com/certificates.create
integrations.googleapis.com/certificates.get
integrations.googleapis.com/certificates.update
integrations.googleapis.com/certificates.delete
integrations.googleapis.com/sfdcInstances.list
integrations.googleapis.com/sfdcInstances.create
integrations.googleapis.com/sfdcInstances.get
integrations.googleapis.com/sfdcInstances.update
integrations.googleapis.com/sfdcInstances.delete
integrations.googleapis.com/sfdcChannels.list
integrations.googleapis.com/sfdcChannels.create
integrations.googleapis.com/sfdcChannels.get
integrations.googleapis.com/sfdcChannels.update
integrations.googleapis.com/sfdcChannels.delete
cloudresourcemanager.googleapis.com/projects.get
cloudresourcemanager.googleapis.com/projects.list
Application Integration Viewer
(roles/integrationViewer)
can list and view integrations.
All integrations, tasks, and triggers.
integrations.googleapis.com/integrations.list
integrations.googleapis.com/integrations.get
integrations.googleapis.com/integrationVersions.list
integrations.googleapis.com/integrationVersions.get
integrations.googleapis.com/executions.list
integrations.googleapis.com/authConfigs.list
integrations.googleapis.com/authConfigs.get
integrations.googleapis.com/certificates.list
integrations.googleapis.com/certificates.get
integrations.googleapis.com/sfdcInstances.list
integrations.googleapis.com/sfdcChannels.list
cloudresourcemanager.googleapis.com/projects.get
cloudresourcemanager.googleapis.com/projects.list
Application Integration Editor
(roles/integrationEditor)
Can create, update, view, and run integrations.
All integrations, tasks, and triggers.
integrations.googleapis.com/integrations.list
integrations.googleapis.com/integrations.create
integrations.googleapis.com/integrations.get
integrations.googleapis.com/integrations.update
integrations.googleapis.com/integrations.invoke
integrations.googleapis.com/integrationVersions.list
integrations.googleapis.com/integrationVersions.create
integrations.googleapis.com/integrationVersions.get
integrations.googleapis.com/integrationVersions.update
integrations.googleapis.com/integrationVersions.delete
integrations.googleapis.com/integrationVersions.deploy
integrations.googleapis.com/executions.list
integrations.googleapis.com/authConfigs.list
integrations.googleapis.com/authConfigs.create
integrations.googleapis.com/authConfigs.get
integrations.googleapis.com/authConfigs.update
integrations.googleapis.com/certificates.get
integrations.googleapis.com/sfdcInstances.list
integrations.googleapis.com/sfdcInstances.create
integrations.googleapis.com/sfdcInstances.get
integrations.googleapis.com/sfdcInstances.update
integrations.googleapis.com/sfdcInstances.delete
integrations.googleapis.com/sfdcChannels.list
integrations.googleapis.com/sfdcChannels.create
integrations.googleapis.com/sfdcChannels.get
integrations.googleapis.com/sfdcChannels.update
integrations.googleapis.com/sfdcChannels.delete
cloudresourcemanager.googleapis.com/projects.get
cloudresourcemanager.googleapis.com/projects.list
Application Integration Deployer
(roles/integrationDeployer)
Can deploy and undeploy integrations to the integration runtime.
All integrations, tasks, and triggers.
integrations.googleapis.com/integrations.list
integrations.googleapis.com/integrations.get
integrations.googleapis.com/integrations.deploy
integrations.googleapis.com/integrationVersions.list
integrations.googleapis.com/integrationVersions.get
integrations.googleapis.com/integrationVersions.deploy
cloudresourcemanager.googleapis.com/projects.get
cloudresourcemanager.googleapis.com/projects.list
Application Integration Invoker
(roles/integrationInvoker)
Can invoke (run) integrations.
All integrations, tasks, and triggers.
integrations.googleapis.com/integrations.list
integrations.googleapis.com/integrations.get
integrations.googleapis.com/integrations.invoke
integrations.googleapis.com/integrationVersions.list
integrations.googleapis.com/integrationVersions.get
integrations.googleapis.com/integrationVersions.invoke
integrations.googleapis.com/executions.list
cloudresourcemanager.googleapis.com/projects.get
cloudresourcemanager.googleapis.com/projects.list
Application Integration Approver
(roles/suspensionResolver)
Can approve suspended integrations.
All integrations, tasks, and triggers.
integrations.googleapis.com/suspensions.list
integrations.googleapis.com/suspensions.resolve
integrations.googleapis.com/suspensions.lift
cloudresourcemanager.googleapis.com/projects.get
cloudresourcemanager.googleapis.com/projects.list
̰
