IAM roles and permissions for Integration Connectors

Integration Connectors uses Identity and Access Management (IAM) to control access to your connections. Before creating connections, ensure that you have configured the relevant IAM roles in your Google Cloud project.

IAM roles for Integration Connectors

You can view and grant roles using the permissions panel on the IAM & Admin > IAM page in your Google Cloud project.

The following table lists the roles and corresponding permissions contained within each role required to create and manage connections in the Integration Connectors platform.

IAM role name Description Permissions
Connectors Admin (roles/connectors.admin) Full access to all resources of Connectors Service. Required to create, update, view, and delete connections.
  • connectors.connections.create
  • connectors.connections.delete
  • connectors.connections.get
  • connectors.connections.getConnectionSchemaMetadata
  • connectors.connections.getIamPolicy
  • connectors.connections.getRuntimeActionSchema
  • connectors.connections.getRuntimeEntitySchema
  • connectors.connections.list
  • connectors.connections.setIamPolicy
  • connectors.connections.update
  • connectors.connectors.get
  • connectors.connectors.list
  • connectors.customConnectors.create
  • connectors.customConnectors.delete
  • connectors.customConnectors.update
  • connectors.customConnectorVersions.create
  • connectors.customConnectorVersions.delete
  • connectors.customConnectorVersions.update
  • connectors.endpointAttachments.create
  • connectors.endpointAttachments.delete
  • connectors.endpointAttachments.update
  • connectors.locations.get
  • connectors.locations.list
  • connectors.managedZones.create
  • connectors.managedZones.delete
  • connectors.managedZones.update
  • connectors.operations.cancel
  • connectors.operations.delete
  • connectors.operations.get
  • connectors.operations.list
  • connectors.providers.get
  • connectors.providers.list
  • connectors.regionalSettings.get
  • connectors.regionalSettings.update
  • connectors.runtimeconfig.get
  • connectors.versions.get
  • connectors.versions.list
  • resourcemanager.projects.get
  • resourcemanager.projects.list
  • secretmanager.secrets.getIamPolicy
Connectors Viewer (roles/connectors.viewer) Read-only access to all Connectors resources. Required to list and view connections.
  • connectors.connectors.get
  • connectors.connectors.list
  • connectors.connections.get
  • connectors.connections.list
  • connectors.connections.getIamPolicy
  • connectors.connections.getConnectionSchemaMetadata
  • connectors.connections.getRuntimeEntitySchema
  • connectors.connections.getRuntimeActionSchema
  • connectors.endpointAttachments.get
  • connectors.endpointAttachments.list
  • connectors.locations.get
  • connectors.locations.list
  • connectors.providers.get
  • connectors.providers.list
  • connectors.regionalSettings.get
  • connectors.runtimeconfig.get
  • connectors.managedZones.get
  • connectors.managedZones.list
  • connectors.operations.get
  • connectors.operations.list
  • connectors.versions.get
  • connectors.versions.list
  • resourcemanager.projects.get
  • resourcemanager.projects.list
Custom Connector Admin(roles/connectors.customConnectorAdmin) Full access to the custom connector resource.
  • connectors.customConnectorVersions.create
  • connectors.customConnectorVersions.delete
  • connectors.customConnectorVersions.update
  • connectors.customConnectors.create
  • connectors.customConnectors.delete
  • connectors.customConnectors.update
Custom Connector Viewer(roles/connectors.customConnectorViewer) Read-only access to the custom connector resource.
  • connectors.customConnectorVersions.get
  • connectors.customConnectorVersions.list
  • connectors.customConnectors.get
  • connectors.customConnectors.list
Connectors EndpointAttachments Admin (roles/connectors.endpointAttachmentsAdmin) Full access to the EndpointAttachments resource. Required to create, delete, and update the endpoint attachments.
  • connectors.endpointAttachments.create
  • connectors.endpointAttachments.delete
  • connectors.endpointAttachments.update
Connectors EndpointAttachments Viewer (roles/connectors.endpointAttachmentsViewer) Read-only access to the EndpointAttachments resource. Required to list and view the endpoint attachments.
  • connectors.endpointAttachments.get
  • connectors.endpointAttachments.list
Connectors ManagedZones Admin (roles/connectors.managedZonesAdmin) Full access to the ManagedZones resource. Required to create, delete, and update the managed zones.
  • connectors.managedZones.create
  • connectors.managedZones.delete
  • connectors.managedZones.update
Connectors ManagedZones Viewer (roles/connectors.managedZonesViewer) Read-only access to the ManagedZones resource. Required to list and view the managed zones.
  • connectors.managedZones.get
  • connectors.managedZones.list