IAM roles and permissions for Integration Connectors
Integration Connectors uses Identity and Access Management (IAM) to control access to your connections.
Before creating connections, ensure that you have configured the relevant IAM roles in
your Google Cloud project.
IAM roles for Integration Connectors
You can view and grant roles using the permissions panel on the
IAM & Admin > IAM page in your Google Cloud project.
Note: If a role is assigned to a user then all the associated
permissions of the role are automatically assigned to the user.
The following table lists the roles and corresponding permissions contained within each role required to create and manage
connections in the Integration Connectors platform.
IAM role name
Description
Permissions
Connectors Admin (roles/connectors.admin)
Full access to all resources of Connectors Service. Required to create, update, view, and delete connections.
connectors.connections.setIamPolicy
connectors.connections.create
connectors.connections.update
connectors.connections.delete
connectors.endpointAttachments.create
connectors.endpointAttachments.delete
connectors.endpointAttachments.update
connectors.operations.cancel
connectors.operations.delete
connectors.locations.get
connectors.locations.list
connectors.managedZones.create
connectors.managedZones.delete
connectors.managedZones.update
connectors.runtimeconfig.get
connectors.providers.get
connectors.providers.list
connectors.connectors.get
connectors.connectors.list
connectors.versions.get
connectors.versions.list
connectors.connections.get
connectors.connections.list
connectors.connections.getIamPolicy
connectors.connections.getConnectionSchemaMetadata
connectors.connections.getRuntimeEntitySchema
connectors.connections.getRuntimeActionSchema
connectors.operations.get
connectors.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
secretmanager.secrets.getIamPolicy
Connectors Viewer (roles/connectors.viewer)
Read-only access to all Connectors resources. Required to list and view connections.
connectors.connectors.get
connectors.connectors.list
connectors.connections.get
connectors.connections.list
connectors.connections.getIamPolicy
connectors.connections.getConnectionSchemaMetadata
connectors.connections.getRuntimeEntitySchema
connectors.connections.getRuntimeActionSchema
connectors.endpointAttachments.get
connectors.endpointAttachments.list
connectors.locations.get
connectors.locations.list
connectors.providers.get
connectors.providers.list
connectors.runtimeconfig.get
connectors.managedZones.get
connectors.managedZones.list
connectors.operations.get
connectors.operations.list
connectors.versions.get
connectors.versions.list
resourcemanager.projects.get
resourcemanager.projects.list
Connectors EndpointAttachments Admin (roles/connectors.endpointAttachmentsAdmin)
Full access to the EndpointAttachments resource. Required to create, delete, and update
the endpoint attachments.
connectors.endpointAttachments.create
connectors.endpointAttachments.delete
connectors.endpointAttachments.update
Connectors EndpointAttachments Viewer (roles/connectors.endpointAttachmentsViewer)
Read-only access to the EndpointAttachments resource. Required to list and view the endpoint attachments.
connectors.endpointAttachments.get
connectors.endpointAttachments.list
Connectors ManagedZones Admin (roles/connectors.managedZonesAdmin)
Full access to the ManagedZones resource. Required to create, delete, and update
the managed zones.
connectors.managedZones.create
connectors.managedZones.delete
connectors.managedZones.update
Connectors ManagedZones Viewer (roles/connectors.managedZonesViewer)
Read-only access to the ManagedZones resource. Required to list and view the managed zones.
connectors.managedZones.get
connectors.managedZones.list
