Permissions

The Google Cloud Storage Connector can authenticate with the data repository in one of two ways: using a service account or using an ordinary user account.

Service Accounts

Micro Focus recommends that you configure the connector to use a service account. Your Google Cloud Storage administrator can create a service account for the connector, and assign it the relevant roles (such as project viewer, project editor, or project owner), by going to https://console.cloud.google.com/storage/browser. You will need the e-mail address and private key associated with the service account when you configure the connector. Run the OAuth configuration tool during the installation process, or see Configure OAuth Authentication (Service Account).

User Accounts

If you prefer to use an ordinary user account, you must create an OAuth application to represent the connector. The OAuth application must request one of the following sets of privileges:

  • To retrieve data (using the synchronize, collect, and view actions) without mapped security, and to list items in the repository (the identifiers action), request the following scopes:

    • https://www.googleapis.com/auth/cloudplatformprojects.readonly
    • https://www.googleapis.com/auth/devstorage.read_only
  • To perform the previous actions, and insert, update, and delete items, request the following scopes instead:

    • https://www.googleapis.com/auth/cloudplatformprojects.readonly
    • https://www.googleapis.com/auth/devstorage.read_write
  • To perform all of the previous actions, and enable mapped security or place holds (using the hold action), request the following scopes instead:

    • https://www.googleapis.com/auth/cloudplatformprojects.readonly
    • https://www.googleapis.com/auth/devstorage.full_control

When you create the application, it will be assigned an application key and an application secret. You will need these to configure the connector. See Configure OAuth Authentication (User Account).