To use Firebase Data Connect, you'll need to assign IAM roles that allow managing connectors, accessing Cloud SQL, and generating SDKs. Make sure the service account running Data Connect has the required permissions.
Granular IAM roles for Data Connect
Firebase basic roles and predefined roles map to lower-level Data Connect roles. Refer to the table for the mapping.
To manage individual IAM role assignments for Data Connect at a more granular level, use the Google Cloud console.
| IAM role | Permissions |
|---|---|
firebasedataconnect.googleapis.com/adminFirebase Data Connect API Admin This role includes Firebase Data Connect API Viewer. It is equivalent to firebasedataconnect.*.This is provided by the Cloud Owner, Cloud Editor, Firebase Admin and Firebase Develop Admin roles. |
Full access to Firebase Data Connect API resources, including data.firebasedataconnect.googleapis.com/operations.deletefirebasedataconnect.googleapis.com/operations.cancelfirebasedataconnect.googleapis.com/services.createfirebasedataconnect.googleapis.com/services.updatefirebasedataconnect.googleapis.com/services.deletefirebasedataconnect.googleapis.com/services.executeGraphqlfirebasedataconnect.googleapis.com/services.executeGraphqlReadfirebasedataconnect.googleapis.com/schemas.createfirebasedataconnect.googleapis.com/schemas.updatefirebasedataconnect.googleapis.com/schemas.deletefirebasedataconnect.googleapis.com/schemaRevisions.createfirebasedataconnect.googleapis.com/schemaRevisions.deletefirebasedataconnect.googleapis.com/connectors.createfirebasedataconnect.googleapis.com/connectors.updatefirebasedataconnect.googleapis.com/connectors.deletefirebasedataconnect.googleapis.com/connectorRevisions.createfirebasedataconnect.googleapis.com/connectorRevisions.delete
|
firebasedataconnect.googleapis.com/viewerFirebase Data Connect API Viewer This is provided by the Cloud Owner, Cloud Editor, Cloud Viewer, Firebase Admin, Firebase Viewer, Firebase Develop Admin and Firebase Develop Viewer roles. |
Read-only access to Firebase Data Connect API resources. Role does not
grant access to data.cloudresourcemanager.googleapis.com/projects.listcloudresourcemanager.googleapis.com/projects.getfirebasedataconnect.googleapis.com/operations.listfirebasedataconnect.googleapis.com/operations.getfirebasedataconnect.googleapis.com/locations.listfirebasedataconnect.googleapis.com/locations.getfirebasedataconnect.googleapis.com/services.listfirebasedataconnect.googleapis.com/services.getfirebasedataconnect.googleapis.com/schemas.listfirebasedataconnect.googleapis.com/schemas.getfirebasedataconnect.googleapis.com/schemaRevisions.listfirebasedataconnect.googleapis.com/schemaRevisions.getfirebasedataconnect.googleapis.com/connectors.listfirebasedataconnect.googleapis.com/connectors.getfirebasedataconnect.googleapis.com/connectorRevisions.listfirebasedataconnect.googleapis.com/connectorRevisions.get
|
firebasedataconnect.googleapis.com/dataAdminFirebase Data Connect API Data Admin This is provided by the Cloud Owner, Cloud Editor, Firebase Admin and Firebase Develop Admin roles. |
Full read and write access to data sources.firebasedataconnect.googleapis.com/services.executeGraphqlfirebasedataconnect.googleapis.com/services.executeGraphqlRead
|
firebasedataconnect.googleapis.com/dataViewerFirebase Data Connect API Data Viewer This is provided by the Cloud Owner, Cloud Editor, Firebase Admin and Firebase Develop Admin roles. |
Read-only access to data sources.firebasedataconnect.googleapis.com/services.executeGraphqlRead
|