このページは Cloud Translation API によって翻訳されました。

Integration Connectors の IAM ロールと権限

事前定義ロールを使用すると、特定の Google Cloud リソースに対してきめ細かいアクセス権を付与できます。これらのロールは Google によって作成され、管理されます。Google は、Google Cloud によって新しい機能やサービスが追加された場合など、必要に応じて権限を自動的に更新します。

次の表に、Integration Connectors のすべての事前定義 IAM ロールを示します。

Role Permissions

Role	Permissions
Connector Admin (`roles/connectors.admin`) Full access to all resources of Connectors Service.	`connectors.actions.` `connectors.actions.execute` `connectors.actions.list` `connectors.connections.create` `connectors.connections.delete` `connectors.connections.executeSqlQuery` `connectors.connections.generateOpenAPISpec` `connectors.connections.get` `connectors.connections.getConnectionSchemaMetadata` `connectors.connections.getIamPolicy` `connectors.connections.getRuntimeActionSchema` `connectors.connections.getRuntimeEntitySchema` `connectors.connections.list` `connectors.connections.setIamPolicy` `connectors.connections.update` `connectors.connectors.` `connectors.connectors.get` `connectors.connectors.list` `connectors.customConnectorVersions.` `connectors.customConnectorVersions.create` `connectors.customConnectorVersions.delete` `connectors.customConnectorVersions.get` `connectors.customConnectorVersions.getIamPolicy` `connectors.customConnectorVersions.list` `connectors.customConnectorVersions.setIamPolicy` `connectors.customConnectorVersions.update` `connectors.customConnectors.` `connectors.customConnectors.create` `connectors.customConnectors.delete` `connectors.customConnectors.get` `connectors.customConnectors.getIamPolicy` `connectors.customConnectors.list` `connectors.customConnectors.setIamPolicy` `connectors.customConnectors.update` `connectors.endpointAttachments.` `connectors.endpointAttachments.create` `connectors.endpointAttachments.delete` `connectors.endpointAttachments.get` `connectors.endpointAttachments.getIamPolicy` `connectors.endpointAttachments.list` `connectors.endpointAttachments.setIamPolicy` `connectors.endpointAttachments.update` `connectors.entities.` `connectors.entities.create` `connectors.entities.delete` `connectors.entities.deleteEntitiesWithConditions` `connectors.entities.get` `connectors.entities.list` `connectors.entities.update` `connectors.entities.updateEntitiesWithConditions` `connectors.entityTypes.list` `connectors.eventSubscriptions.` `connectors.eventSubscriptions.create` `connectors.eventSubscriptions.delete` `connectors.eventSubscriptions.get` `connectors.eventSubscriptions.list` `connectors.eventSubscriptions.update` `connectors.eventtypes.` `connectors.eventtypes.get` `connectors.eventtypes.list` `connectors.locations.` `connectors.locations.get` `connectors.locations.list` `connectors.managedZones.` `connectors.managedZones.create` `connectors.managedZones.delete` `connectors.managedZones.get` `connectors.managedZones.getIamPolicy` `connectors.managedZones.list` `connectors.managedZones.setIamPolicy` `connectors.managedZones.update` `connectors.operations.` `connectors.operations.cancel` `connectors.operations.delete` `connectors.operations.get` `connectors.operations.list` `connectors.providers.` `connectors.providers.get` `connectors.providers.list` `connectors.regionalSettings.` `connectors.regionalSettings.get` `connectors.regionalSettings.update` `connectors.runtimeconfig.get` `connectors.schemaMetadata.refresh` `connectors.settings.` `connectors.settings.get` `connectors.settings.update` `connectors.versions.*` `connectors.versions.get` `connectors.versions.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `secretmanager.secrets.getIamPolicy`
Custom Connectors Admin (`roles/connectors.customConnectorAdmin`) Custom Connector is a global resource which creates custom connector within the given target project. This role grants Admin access to Custom Connector resources	`connectors.customConnectorVersions.` `connectors.customConnectorVersions.create` `connectors.customConnectorVersions.delete` `connectors.customConnectorVersions.get` `connectors.customConnectorVersions.getIamPolicy` `connectors.customConnectorVersions.list` `connectors.customConnectorVersions.setIamPolicy` `connectors.customConnectorVersions.update` `connectors.customConnectors.` `connectors.customConnectors.create` `connectors.customConnectors.delete` `connectors.customConnectors.get` `connectors.customConnectors.getIamPolicy` `connectors.customConnectors.list` `connectors.customConnectors.setIamPolicy` `connectors.customConnectors.update` `connectors.locations.*` `connectors.locations.get` `connectors.locations.list`
Custom Connector Viewer (`roles/connectors.customConnectorViewer`) Custom Connector is a global resource which creates custom connector within the given target project. This role grants Read-only access to Custom Connector & Custom Connector Version resources.	`connectors.customConnectorVersions.get` `connectors.customConnectorVersions.getIamPolicy` `connectors.customConnectorVersions.list` `connectors.customConnectors.get` `connectors.customConnectors.getIamPolicy` `connectors.customConnectors.list` `connectors.locations.*` `connectors.locations.get` `connectors.locations.list`
Connectors Endpoint Attachment Admin (`roles/connectors.endpointAttachmentAdmin`) Endpoint Attachment is a regional resource which creates PSC connection endpoint for the given PSC Service Attachment. This role grants Admin access to Connectors Endpoint Attachment resources.	`connectors.endpointAttachments.` `connectors.endpointAttachments.create` `connectors.endpointAttachments.delete` `connectors.endpointAttachments.get` `connectors.endpointAttachments.getIamPolicy` `connectors.endpointAttachments.list` `connectors.endpointAttachments.setIamPolicy` `connectors.endpointAttachments.update` `connectors.locations.` `connectors.locations.get` `connectors.locations.list`
Connectors Endpoint Attachment Viewer (`roles/connectors.endpointAttachmentViewer`) Endpoint Attachment is a regional resource which creates PSC connection endpoint for the given PSC Service Attachment. This role grants Read-only access to Connectors Endpoint Attachment resources	`connectors.endpointAttachments.get` `connectors.endpointAttachments.getIamPolicy` `connectors.endpointAttachments.list` `connectors.locations.*` `connectors.locations.get` `connectors.locations.list`
Connectors Event Subscriptions Admin (`roles/connectors.eventSubscriptionAdmin`) Event Subscription is a regional resource which creates subscriptions on events for a given connection within the given target project. This role grants Admin access to Connectors Subscription resources	`connectors.eventSubscriptions.*` `connectors.eventSubscriptions.create` `connectors.eventSubscriptions.delete` `connectors.eventSubscriptions.get` `connectors.eventSubscriptions.list` `connectors.eventSubscriptions.update`
Connectors Event Subscriptions Viewer (`roles/connectors.eventSubscriptionViewer`) Event Subscription is a regional resource which creates subscriptions on events for a given connection within the given target project. This role grants Read-only access to Event Subscription resources.	`connectors.eventSubscriptions.get` `connectors.eventSubscriptions.list`
Connector Invoker (`roles/connectors.invoker`) Full Access to invoke all operations on Connections.	`connectors.actions.` `connectors.actions.execute` `connectors.actions.list` `connectors.connections.executeSqlQuery` `connectors.entities.` `connectors.entities.create` `connectors.entities.delete` `connectors.entities.deleteEntitiesWithConditions` `connectors.entities.get` `connectors.entities.list` `connectors.entities.update` `connectors.entities.updateEntitiesWithConditions` `connectors.entityTypes.list`
Connector Event Listener (`roles/connectors.listener`) Full Access to listen events by connections.	`connectors.connections.listenEvent`
Connectors Managed Zone Admin (`roles/connectors.managedZoneAdmin`) Managed Zone is a global resource which creates Cloud DNS Peering Zone with the given target project. This role grants Admin access to Connectors Managed Zone resources	`connectors.locations.` `connectors.locations.get` `connectors.locations.list` `connectors.managedZones.` `connectors.managedZones.create` `connectors.managedZones.delete` `connectors.managedZones.get` `connectors.managedZones.getIamPolicy` `connectors.managedZones.list` `connectors.managedZones.setIamPolicy` `connectors.managedZones.update`
Connectors Managed Zone Viewer (`roles/connectors.managedZoneViewer`) Managed Zone is a global resource which creates Cloud DNS Peering Zone with the given target project. This role grants Read-only access to Connectors Managed Zone resources.	`connectors.locations.*` `connectors.locations.get` `connectors.locations.list` `connectors.managedZones.get` `connectors.managedZones.getIamPolicy` `connectors.managedZones.list`
Connectors Platform Service Agent (`roles/connectors.serviceAgent`) Grants Connectors Platform service account to manage customer resources Warning: Do not grant service agent roles to any principals except service agents.	`connectors.actions.` `connectors.actions.execute` `connectors.actions.list` `connectors.connections.get` `connectors.connections.getConnectionSchemaMetadata` `connectors.connections.list` `connectors.connectors.` `connectors.connectors.get` `connectors.connectors.list` `connectors.customConnectorVersions.get` `connectors.customConnectorVersions.list` `connectors.customConnectors.get` `connectors.customConnectors.list` `connectors.endpointAttachments.get` `connectors.endpointAttachments.list` `connectors.entities.get` `connectors.entityTypes.list` `connectors.eventSubscriptions.get` `connectors.eventSubscriptions.list` `connectors.eventtypes.` `connectors.eventtypes.get` `connectors.eventtypes.list` `connectors.locations.` `connectors.locations.get` `connectors.locations.list` `connectors.managedZones.get` `connectors.managedZones.list` `connectors.providers.` `connectors.providers.get` `connectors.providers.list` `connectors.runtimeconfig.get` `iam.serviceAccounts.getAccessToken` `iam.serviceAccounts.getOpenIdToken` `iam.serviceAccounts.implicitDelegation` `monitoring.metricDescriptors.create` `monitoring.metricDescriptors.get` `monitoring.metricDescriptors.list` `monitoring.monitoredResourceDescriptors.` `monitoring.monitoredResourceDescriptors.get` `monitoring.monitoredResourceDescriptors.list` `monitoring.timeSeries.create`
Connectors Viewer (`roles/connectors.viewer`) Read-only access to Connectors all resources.	`connectors.connections.generateOpenAPISpec` `connectors.connections.get` `connectors.connections.getConnectionSchemaMetadata` `connectors.connections.getIamPolicy` `connectors.connections.getRuntimeActionSchema` `connectors.connections.getRuntimeEntitySchema` `connectors.connections.list` `connectors.connectors.` `connectors.connectors.get` `connectors.connectors.list` `connectors.customConnectorVersions.get` `connectors.customConnectorVersions.getIamPolicy` `connectors.customConnectorVersions.list` `connectors.customConnectors.get` `connectors.customConnectors.getIamPolicy` `connectors.customConnectors.list` `connectors.endpointAttachments.get` `connectors.endpointAttachments.getIamPolicy` `connectors.endpointAttachments.list` `connectors.eventSubscriptions.get` `connectors.eventSubscriptions.list` `connectors.eventtypes.` `connectors.eventtypes.get` `connectors.eventtypes.list` `connectors.locations.` `connectors.locations.get` `connectors.locations.list` `connectors.managedZones.get` `connectors.managedZones.getIamPolicy` `connectors.managedZones.list` `connectors.operations.get` `connectors.operations.list` `connectors.providers.` `connectors.providers.get` `connectors.providers.list` `connectors.regionalSettings.get` `connectors.runtimeconfig.get` `connectors.settings.get` `connectors.versions.*` `connectors.versions.get` `connectors.versions.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

Connector Admin

(roles/connectors.admin)

Full access to all resources of Connectors Service.

connectors.actions.*

connectors.actions.execute
connectors.actions.list

connectors.connections.create

connectors.connections.delete

connectors.connections.executeSqlQuery

connectors.connections.generateOpenAPISpec

connectors.connections.get

connectors.connections.getConnectionSchemaMetadata

connectors.connections.getIamPolicy

connectors.connections.getRuntimeActionSchema

connectors.connections.getRuntimeEntitySchema

connectors.connections.list

connectors.connections.setIamPolicy

connectors.connections.update

connectors.connectors.*

connectors.connectors.get
connectors.connectors.list

connectors.customConnectorVersions.*

connectors.customConnectorVersions.create
connectors.customConnectorVersions.delete
connectors.customConnectorVersions.get
connectors.customConnectorVersions.getIamPolicy
connectors.customConnectorVersions.list
connectors.customConnectorVersions.setIamPolicy
connectors.customConnectorVersions.update

connectors.customConnectors.*

connectors.customConnectors.create
connectors.customConnectors.delete
connectors.customConnectors.get
connectors.customConnectors.getIamPolicy
connectors.customConnectors.list
connectors.customConnectors.setIamPolicy
connectors.customConnectors.update

connectors.endpointAttachments.*

connectors.endpointAttachments.create
connectors.endpointAttachments.delete
connectors.endpointAttachments.get
connectors.endpointAttachments.getIamPolicy
connectors.endpointAttachments.list
connectors.endpointAttachments.setIamPolicy
connectors.endpointAttachments.update

connectors.entities.*

connectors.entities.create
connectors.entities.delete
connectors.entities.deleteEntitiesWithConditions
connectors.entities.get
connectors.entities.list
connectors.entities.update
connectors.entities.updateEntitiesWithConditions

connectors.entityTypes.list

connectors.eventSubscriptions.*

connectors.eventSubscriptions.create
connectors.eventSubscriptions.delete
connectors.eventSubscriptions.get
connectors.eventSubscriptions.list
connectors.eventSubscriptions.update

connectors.eventtypes.*

connectors.eventtypes.get
connectors.eventtypes.list

connectors.locations.*

connectors.locations.get
connectors.locations.list

connectors.managedZones.*

connectors.managedZones.create
connectors.managedZones.delete
connectors.managedZones.get
connectors.managedZones.getIamPolicy
connectors.managedZones.list
connectors.managedZones.setIamPolicy
connectors.managedZones.update

connectors.operations.*

connectors.operations.cancel
connectors.operations.delete
connectors.operations.get
connectors.operations.list

connectors.providers.*

connectors.providers.get
connectors.providers.list

connectors.regionalSettings.*

connectors.regionalSettings.get
connectors.regionalSettings.update

connectors.runtimeconfig.get

connectors.schemaMetadata.refresh

connectors.settings.*

connectors.settings.get
connectors.settings.update

connectors.versions.*

connectors.versions.get
connectors.versions.list

resourcemanager.projects.get

resourcemanager.projects.list

secretmanager.secrets.getIamPolicy

Custom Connectors Admin

(roles/connectors.customConnectorAdmin)

Custom Connector is a global resource which creates custom connector within the given target project. This role grants Admin access to Custom Connector resources

connectors.customConnectorVersions.*

connectors.customConnectorVersions.create
connectors.customConnectorVersions.delete
connectors.customConnectorVersions.get
connectors.customConnectorVersions.getIamPolicy
connectors.customConnectorVersions.list
connectors.customConnectorVersions.setIamPolicy
connectors.customConnectorVersions.update

connectors.customConnectors.*

connectors.customConnectors.create
connectors.customConnectors.delete
connectors.customConnectors.get
connectors.customConnectors.getIamPolicy
connectors.customConnectors.list
connectors.customConnectors.setIamPolicy
connectors.customConnectors.update

connectors.locations.*

connectors.locations.get
connectors.locations.list

Custom Connector Viewer

(roles/connectors.customConnectorViewer)

Custom Connector is a global resource which creates custom connector within the given target project. This role grants Read-only access to Custom Connector & Custom Connector Version resources.

connectors.customConnectorVersions.get

connectors.customConnectorVersions.getIamPolicy

connectors.customConnectorVersions.list

connectors.customConnectors.get

connectors.customConnectors.getIamPolicy

connectors.customConnectors.list

connectors.locations.*

connectors.locations.get
connectors.locations.list

Connectors Endpoint Attachment Admin

(roles/connectors.endpointAttachmentAdmin)

Endpoint Attachment is a regional resource which creates PSC connection endpoint for the given PSC Service Attachment. This role grants Admin access to Connectors Endpoint Attachment resources.

connectors.endpointAttachments.*

connectors.endpointAttachments.create
connectors.endpointAttachments.delete
connectors.endpointAttachments.get
connectors.endpointAttachments.getIamPolicy
connectors.endpointAttachments.list
connectors.endpointAttachments.setIamPolicy
connectors.endpointAttachments.update

connectors.locations.*

connectors.locations.get
connectors.locations.list

Connectors Endpoint Attachment Viewer

(roles/connectors.endpointAttachmentViewer)

Endpoint Attachment is a regional resource which creates PSC connection endpoint for the given PSC Service Attachment. This role grants Read-only access to Connectors Endpoint Attachment resources

connectors.endpointAttachments.get

connectors.endpointAttachments.getIamPolicy

connectors.endpointAttachments.list

connectors.locations.*

connectors.locations.get
connectors.locations.list

Connectors Event Subscriptions Admin

(roles/connectors.eventSubscriptionAdmin)

Event Subscription is a regional resource which creates subscriptions on events for a given connection within the given target project. This role grants Admin access to Connectors Subscription resources

connectors.eventSubscriptions.*

connectors.eventSubscriptions.create
connectors.eventSubscriptions.delete
connectors.eventSubscriptions.get
connectors.eventSubscriptions.list
connectors.eventSubscriptions.update

Connectors Event Subscriptions Viewer

(roles/connectors.eventSubscriptionViewer)

Event Subscription is a regional resource which creates subscriptions on events for a given connection within the given target project. This role grants Read-only access to Event Subscription resources.

connectors.eventSubscriptions.get

connectors.eventSubscriptions.list

Connector Invoker

(roles/connectors.invoker)

Full Access to invoke all operations on Connections.

connectors.actions.*

connectors.actions.execute
connectors.actions.list

connectors.connections.executeSqlQuery

connectors.entities.*

connectors.entities.create
connectors.entities.delete
connectors.entities.deleteEntitiesWithConditions
connectors.entities.get
connectors.entities.list
connectors.entities.update
connectors.entities.updateEntitiesWithConditions

connectors.entityTypes.list

Connector Event Listener

(roles/connectors.listener)

Full Access to listen events by connections.

connectors.connections.listenEvent

Connectors Managed Zone Admin

(roles/connectors.managedZoneAdmin)

Managed Zone is a global resource which creates Cloud DNS Peering Zone with the given target project. This role grants Admin access to Connectors Managed Zone resources

connectors.locations.*

connectors.locations.get
connectors.locations.list

connectors.managedZones.*

connectors.managedZones.create
connectors.managedZones.delete
connectors.managedZones.get
connectors.managedZones.getIamPolicy
connectors.managedZones.list
connectors.managedZones.setIamPolicy
connectors.managedZones.update

Connectors Managed Zone Viewer

(roles/connectors.managedZoneViewer)

Managed Zone is a global resource which creates Cloud DNS Peering Zone with the given target project. This role grants Read-only access to Connectors Managed Zone resources.

connectors.locations.*

connectors.locations.get
connectors.locations.list

connectors.managedZones.get

connectors.managedZones.getIamPolicy

connectors.managedZones.list

Connectors Platform Service Agent

(roles/connectors.serviceAgent)

Grants Connectors Platform service account to manage customer resources

connectors.actions.*

connectors.actions.execute
connectors.actions.list

connectors.connections.get

connectors.connections.getConnectionSchemaMetadata

connectors.connections.list

connectors.connectors.*

connectors.connectors.get
connectors.connectors.list

connectors.customConnectorVersions.get

connectors.customConnectorVersions.list

connectors.customConnectors.get

connectors.customConnectors.list

connectors.endpointAttachments.get

connectors.endpointAttachments.list

connectors.entities.get

connectors.entityTypes.list

connectors.eventSubscriptions.get

connectors.eventSubscriptions.list

connectors.eventtypes.*

connectors.eventtypes.get
connectors.eventtypes.list

connectors.locations.*

connectors.locations.get
connectors.locations.list

connectors.managedZones.get

connectors.managedZones.list

connectors.providers.*

connectors.providers.get
connectors.providers.list

connectors.runtimeconfig.get

iam.serviceAccounts.getAccessToken

iam.serviceAccounts.getOpenIdToken

iam.serviceAccounts.implicitDelegation

monitoring.metricDescriptors.create

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

monitoring.monitoredResourceDescriptors.get
monitoring.monitoredResourceDescriptors.list

monitoring.timeSeries.create

Connectors Viewer

(roles/connectors.viewer)

Read-only access to Connectors all resources.

connectors.connections.generateOpenAPISpec

connectors.connections.get

connectors.connections.getConnectionSchemaMetadata

connectors.connections.getIamPolicy

connectors.connections.getRuntimeActionSchema

connectors.connections.getRuntimeEntitySchema

connectors.connections.list

connectors.connectors.*

connectors.connectors.get
connectors.connectors.list

connectors.customConnectorVersions.get

connectors.customConnectorVersions.getIamPolicy

connectors.customConnectorVersions.list

connectors.customConnectors.get

connectors.customConnectors.getIamPolicy

connectors.customConnectors.list

connectors.endpointAttachments.get

connectors.endpointAttachments.getIamPolicy

connectors.endpointAttachments.list

connectors.eventSubscriptions.get

connectors.eventSubscriptions.list

connectors.eventtypes.*

connectors.eventtypes.get
connectors.eventtypes.list

connectors.locations.*

connectors.locations.get
connectors.locations.list

connectors.managedZones.get

connectors.managedZones.getIamPolicy

connectors.managedZones.list

connectors.operations.get

connectors.operations.list

connectors.providers.*

connectors.providers.get
connectors.providers.list

connectors.regionalSettings.get

connectors.runtimeconfig.get

connectors.settings.get

connectors.versions.*

connectors.versions.get
connectors.versions.list

resourcemanager.projects.get

resourcemanager.projects.list

事前定義ロールの詳細については、ロールと権限をご覧ください。最適な事前定義ロールを選択する方法については、事前定義ロールの選択をご覧ください。