Create a Custom Role

Specific permissions are required for the Google Cloud Storage Connector to access buckets. This set of permissions is the combination of the permissions associated with the existing Google Cloud IAM Role called "Storage Object Admin" and the Google Cloud IAM Permission called "storage.buckets.get".

  1. In the Google Cloud Platform web console, navigate to IAM & admin > Roles
  2. Click on +Create Role.
  3. Provide the following:
    • Enter a title under Title
    • Enter the ID under ID
    • Under Role launch stage select General Availability
  4. Click on Add Permissions and add the following permissions:
    • storage.bucket.get
    • storage.objects.create
    • storage.objects.delete
    • storage.objects.get
    • storage.objects.getIamPolicy
    • storage.objects.list
    • storage.objects.setIamPolicy
    • storage.objects.update

  5. Once done adding permissions, click on Create.

After performing these steps, a new role will be created.