To use Firebase SQL Connect , you'll need to assign IAM roles that allow managing connectors, accessing Cloud SQL , and generating SDKs. Make sure the service account running SQL Connect has the required permissions.
Granular IAM roles for SQL Connect
Firebase basic roles and predefined roles map to lower-level SQL Connect roles. Refer to the table for the mapping.
You can manage individual IAM role assignments for SQL Connect at a more granular level in the Google Cloud console (go to the IAM & Admin> IAMpage ).
| IAM role | Permissions |
|---|---|
firebasedataconnect.googleapis.com/admin
Firebase SQL Connect API Admin This role includes Firebase SQL Connect API Viewer. It is equivalent to firebasedataconnect.*
.This is provided by the Cloud Owner, Cloud Editor, Firebase Admin and Firebase Develop Admin roles. |
Full access to Firebase SQL Connect
API resources, including data.firebasedataconnect.googleapis.com/operations.delete
firebasedataconnect.googleapis.com/operations.cancel
firebasedataconnect.googleapis.com/services.create
firebasedataconnect.googleapis.com/services.update
firebasedataconnect.googleapis.com/services.delete
firebasedataconnect.googleapis.com/services.executeGraphql
firebasedataconnect.googleapis.com/services.executeGraphqlRead
firebasedataconnect.googleapis.com/schemas.create
firebasedataconnect.googleapis.com/schemas.update
firebasedataconnect.googleapis.com/schemas.delete
firebasedataconnect.googleapis.com/schemaRevisions.create
firebasedataconnect.googleapis.com/schemaRevisions.delete
firebasedataconnect.googleapis.com/connectors.create
firebasedataconnect.googleapis.com/connectors.update
firebasedataconnect.googleapis.com/connectors.delete
firebasedataconnect.googleapis.com/connectorRevisions.create
firebasedataconnect.googleapis.com/connectorRevisions.delete
|
firebasedataconnect.googleapis.com/viewer
Firebase SQL Connect API Viewer This is provided by the Cloud Owner, Cloud Editor, Cloud Viewer, Firebase Admin, Firebase Viewer, Firebase Develop Admin and Firebase Develop Viewer roles. |
Read-only access to Firebase SQL Connect
API resources. Role does not
grant access to data.cloudresourcemanager.googleapis.com/projects.list
cloudresourcemanager.googleapis.com/projects.get
firebasedataconnect.googleapis.com/operations.list
firebasedataconnect.googleapis.com/operations.get
firebasedataconnect.googleapis.com/locations.list
firebasedataconnect.googleapis.com/locations.get
firebasedataconnect.googleapis.com/services.list
firebasedataconnect.googleapis.com/services.get
firebasedataconnect.googleapis.com/schemas.list
firebasedataconnect.googleapis.com/schemas.get
firebasedataconnect.googleapis.com/schemaRevisions.list
firebasedataconnect.googleapis.com/schemaRevisions.get
firebasedataconnect.googleapis.com/connectors.list
firebasedataconnect.googleapis.com/connectors.get
firebasedataconnect.googleapis.com/connectorRevisions.list
firebasedataconnect.googleapis.com/connectorRevisions.get
|
firebasedataconnect.googleapis.com/dataAdmin
Firebase SQL Connect API Data Admin This is provided by the Cloud Owner, Cloud Editor, Firebase Admin and Firebase Develop Admin roles. |
Full read and write access to data sources.firebasedataconnect.googleapis.com/services.executeGraphql
firebasedataconnect.googleapis.com/services.executeGraphqlRead
|
firebasedataconnect.googleapis.com/dataViewer
Firebase SQL Connect API Data Viewer This is provided by the Cloud Owner, Cloud Editor, Firebase Admin and Firebase Develop Admin roles. |
Read-only access to data sources.firebasedataconnect.googleapis.com/services.executeGraphqlRead
|
