Roles or permissions needed for API Service Graph connector for Apigee X - Product Knowledge

Roles or permissions needed for API Service Graph connector for Apigee X There are two ways to assign the required permissions to the service account.

1. Using predefined role(s):

In this approach, the service account can be assigned the predefined Apigee Read-only Admin role. This role has all the permissions needed by different data sources of the connector. Additionally, if you wish to fetch data from the three optional GCP data sources (GCP Organization, GCP Folder and GCP Project), the service account also needs to be assigned the Organization Viewer and the Folder Viewer roles.

2. Assigning individual permissions:

Alternatively, if you would like to assign the exact permissions to the service account, the following ones should be granted:

apigee.apiproducts.get apigee.apiproducts.list apigee.apps.list apigee.deployments.list apigee.developers.list apigee.envgroupattachments.list apigee.envgroups.list apigee.environments.getStats apigee.environments.list apigee.organizations.get apigee.organizations.list apigee.proxies.get apigee.proxies.list apigee.proxyrevisions.get apigee.targetservers.get Additionally, if you wish to fetch data from the three optional GCP data sources (GCP Organization, GCP Folder and GCP Project), the following permissions also need to be assigned:

resourcemanager.folders.get resourcemanager.folders.list resourcemanager.organizations.get resourcemanager.projects.get resourcemanager.projects.list