Blog Go to console

    IAM configuration for SQL Connect projects

    To use Firebase SQL Connect , you'll need to assign IAM roles that allow managing connectors, accessing Cloud SQL, and generating SDKs. Make sure the service account running SQL Connect has the required permissions.

    Granular IAM roles for SQL Connect

    Firebase basic roles and predefined roles map to lower-level SQL Connect roles. Refer to the table for the mapping.

    To manage individual IAM role assignments for SQL Connect at a more granular level, use the Google Cloud console .

    IAM role Permissions
    firebasedataconnect.googleapis.com/admin

    Firebase SQL Connect API Admin

    This role includes Firebase SQL Connect API Viewer.
    It is equivalent to firebasedataconnect.* .

    This is provided by the Cloud Owner, Cloud Editor,
    Firebase Admin and Firebase Develop Admin roles.    		 Full access to Firebase SQL Connect API resources, including data.

    firebasedataconnect.googleapis.com/operations.delete
    firebasedataconnect.googleapis.com/operations.cancel
    firebasedataconnect.googleapis.com/services.create
    firebasedataconnect.googleapis.com/services.update
    firebasedataconnect.googleapis.com/services.delete
    firebasedataconnect.googleapis.com/services.executeGraphql
    firebasedataconnect.googleapis.com/services.executeGraphqlRead
    firebasedataconnect.googleapis.com/schemas.create
    firebasedataconnect.googleapis.com/schemas.update
    firebasedataconnect.googleapis.com/schemas.delete
    firebasedataconnect.googleapis.com/schemaRevisions.create
    firebasedataconnect.googleapis.com/schemaRevisions.delete
    firebasedataconnect.googleapis.com/connectors.create
    firebasedataconnect.googleapis.com/connectors.update
    firebasedataconnect.googleapis.com/connectors.delete
    firebasedataconnect.googleapis.com/connectorRevisions.create
    firebasedataconnect.googleapis.com/connectorRevisions.delete
    firebasedataconnect.googleapis.com/viewer

    Firebase SQL Connect API Viewer

    This is provided by the Cloud Owner, Cloud Editor,
    Cloud Viewer, Firebase Admin, Firebase Viewer,
    Firebase Develop Admin and Firebase Develop Viewer roles.    		 Read-only access to Firebase SQL Connect API resources. Role does not grant access to data.

    cloudresourcemanager.googleapis.com/projects.list
    cloudresourcemanager.googleapis.com/projects.get

    firebasedataconnect.googleapis.com/operations.list
    firebasedataconnect.googleapis.com/operations.get
    firebasedataconnect.googleapis.com/locations.list
    firebasedataconnect.googleapis.com/locations.get
    firebasedataconnect.googleapis.com/services.list
    firebasedataconnect.googleapis.com/services.get
    firebasedataconnect.googleapis.com/schemas.list
    firebasedataconnect.googleapis.com/schemas.get
    firebasedataconnect.googleapis.com/schemaRevisions.list
    firebasedataconnect.googleapis.com/schemaRevisions.get
    firebasedataconnect.googleapis.com/connectors.list
    firebasedataconnect.googleapis.com/connectors.get
    firebasedataconnect.googleapis.com/connectorRevisions.list
    firebasedataconnect.googleapis.com/connectorRevisions.get
    firebasedataconnect.googleapis.com/dataAdmin

    Firebase SQL Connect API Data Admin

    This is provided by the Cloud Owner, Cloud Editor,
    Firebase Admin and Firebase Develop Admin roles.    		 Full read and write access to data sources.

    firebasedataconnect.googleapis.com/services.executeGraphql
    firebasedataconnect.googleapis.com/services.executeGraphqlRead
    firebasedataconnect.googleapis.com/dataViewer

    Firebase SQL Connect API Data Viewer

    This is provided by the Cloud Owner, Cloud Editor,
    Firebase Admin and Firebase Develop Admin roles.    		 Read-only access to data sources.

    firebasedataconnect.googleapis.com/services.executeGraphqlRead
    Create a Mobile Website
    View Site in Mobile | Classic
    Share by: