Stay organized with collections
Save and categorize content based on your preferences.
IAM roles and permissions for Integration Connectors
Predefined roles give granular access to specific Google Cloud resources.
These roles are created and maintained by Google. Google automatically updates their permissions
as necessary, such as when Google Cloud adds new features or services.
The following table lists all the predefined IAM roles for Integration Connectors:
Role
Permissions
Connector Admin
(roles/connectors.admin)
Full access to all resources of Connectors Service.
Custom Connector is a global resource which creates custom connector within the given target project. This role grants Admin access to Custom Connector resources
connectors.customConnectorVersions.*
connectors.customConnectorVersions.create
connectors.customConnectorVersions.delete
connectors.customConnectorVersions.get
connectors.customConnectorVersions.getIamPolicy
connectors.customConnectorVersions.list
connectors.customConnectorVersions.setIamPolicy
connectors.customConnectorVersions.update
connectors.customConnectors.*
connectors.customConnectors.create
connectors.customConnectors.delete
connectors.customConnectors.get
connectors.customConnectors.getIamPolicy
connectors.customConnectors.list
connectors.customConnectors.setIamPolicy
connectors.customConnectors.update
connectors.locations.*
connectors.locations.get
connectors.locations.list
Custom Connector Viewer
(roles/connectors.customConnectorViewer)
Custom Connector is a global resource which creates custom connector within the given target project. This role grants Read-only access to Custom Connector & Custom Connector Version resources.
connectors.customConnectorVersions.get
connectors.customConnectorVersions.getIamPolicy
connectors.customConnectorVersions.list
connectors.customConnectors.get
connectors.customConnectors.getIamPolicy
connectors.customConnectors.list
connectors.locations.*
connectors.locations.get
connectors.locations.list
Connectors Endpoint Attachment Admin
(roles/connectors.endpointAttachmentAdmin)
Endpoint Attachment is a regional resource which creates PSC connection endpoint for the given PSC Service Attachment. This role grants Admin access to Connectors Endpoint Attachment resources.
connectors.endpointAttachments.*
connectors.endpointAttachments.create
connectors.endpointAttachments.delete
connectors.endpointAttachments.get
connectors.endpointAttachments.getIamPolicy
connectors.endpointAttachments.list
connectors.endpointAttachments.setIamPolicy
connectors.endpointAttachments.update
connectors.locations.*
connectors.locations.get
connectors.locations.list
Connectors Endpoint Attachment Viewer
(roles/connectors.endpointAttachmentViewer)
Endpoint Attachment is a regional resource which creates PSC connection endpoint for the given PSC Service Attachment. This role grants Read-only access to Connectors Endpoint Attachment resources
connectors.endpointAttachments.get
connectors.endpointAttachments.getIamPolicy
connectors.endpointAttachments.list
connectors.locations.*
connectors.locations.get
connectors.locations.list
Connectors Event Subscriptions Admin
(roles/connectors.eventSubscriptionAdmin)
Event Subscription is a regional resource which creates subscriptions on events for a given connection within the given target project. This role grants Admin access to Connectors Subscription resources
connectors.eventSubscriptions.*
connectors.eventSubscriptions.create
connectors.eventSubscriptions.delete
connectors.eventSubscriptions.get
connectors.eventSubscriptions.list
connectors.eventSubscriptions.update
Connectors Event Subscriptions Viewer
(roles/connectors.eventSubscriptionViewer)
Event Subscription is a regional resource which creates subscriptions on events for a given connection within the given target project. This role grants Read-only access to Event Subscription resources.
connectors.eventSubscriptions.get
connectors.eventSubscriptions.list
Connector Invoker
(roles/connectors.invoker)
Full Access to invoke all operations on Connections.
connectors.actions.*
connectors.actions.execute
connectors.actions.list
connectors.connections.executeSqlQuery
connectors.entities.*
connectors.entities.create
connectors.entities.delete
connectors.entities.deleteEntitiesWithConditions
connectors.entities.get
connectors.entities.list
connectors.entities.update
connectors.entities.updateEntitiesWithConditions
connectors.entityTypes.list
Connector Event Listener
(roles/connectors.listener)
Full Access to listen events by connections.
connectors.connections.listenEvent
Connectors Managed Zone Admin
(roles/connectors.managedZoneAdmin)
Managed Zone is a global resource which creates Cloud DNS Peering Zone with the given target project. This role grants Admin access to Connectors Managed Zone resources
connectors.locations.*
connectors.locations.get
connectors.locations.list
connectors.managedZones.*
connectors.managedZones.create
connectors.managedZones.delete
connectors.managedZones.get
connectors.managedZones.getIamPolicy
connectors.managedZones.list
connectors.managedZones.setIamPolicy
connectors.managedZones.update
Connectors Managed Zone Viewer
(roles/connectors.managedZoneViewer)
Managed Zone is a global resource which creates Cloud DNS Peering Zone with the given target project. This role grants Read-only access to Connectors Managed Zone resources.
connectors.locations.*
connectors.locations.get
connectors.locations.list
connectors.managedZones.get
connectors.managedZones.getIamPolicy
connectors.managedZones.list
Connectors Platform Service Agent
(roles/connectors.serviceAgent)
Grants Connectors Platform service account to manage customer resources
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-01 UTC."],[[["Predefined IAM roles for Integration Connectors offer granular control over access to Google Cloud resources, and are created and maintained by Google."],["The Connector Admin role (`roles/connectors.admin`) grants full access to all resources within the Connectors Service."],["Custom Connector roles allow for admin or read-only access specifically to Custom Connector and Custom Connector Version resources within a project."],["There are dedicated roles for managing endpoint attachments, event subscriptions, and managed zones, each providing either admin or viewer permissions to their respective resource types."],["Roles such as the Connector Invoker and Connector Event Listener provide permissions for invoking actions on connections and listening to events, respectively."]]],[]]