apigeeX - Roles for PubSub

Sanghita_Chakraborty · December 30, 2025, 10:02am

Hi Google Community,
In our current project we are using Publish Message as policy to publish message in pub-sub GCP components. We are doing CI/CD deployment using apigee-cli cmd, so to use this policy we have to specify service account account detail while doing deployment of the proxy.

Currently we have enabled below roles in the assigned service account

role1: roles/apigee.environmentAdmin

role2: roles/apihub.admin

role3: **roles/apigee.apiAdminV2
**
But as we have not mentioned roles specific to pub sub, the apigee is not allowing to deploy.
Is the below roles will be sufficient.

roles/pubsub.publisher
roles/pubsub.editor
roles/pubsub.subscriber

Can you suggest please.

paul-wright · December 30, 2025, 1:47pm

Hi,

The needed role is pubsub.topics.publish

Ref: Publish Message: Authentication and Roles section

Also, please note that the Apigee specific roles are not needed unless the Proxy is also performing functions against Apigee’s management APIs, which is not recommended.

Cheers,

hartmann · December 30, 2025, 1:47pm

Hello @Sanghita_Chakraborty ,

The permissions noted should work, though they are all not required. Assuming your requirement is specifically an Apigee service account to publish messages via PubSub with minimal viable permissions, you should only need the PubSub.publisher role.

Best
Matt

Topic		Replies	Views
Deploy(publish) application integration that contain pub/sub trigger on it Integration Services apigee-general	3	35	May 27, 2025
Pub/sub topic call from Apigee X Apigee apigee-x	5	126	August 9, 2025
Apigee X Connection to Google Topic. Apigee apigee-x	8	37	December 24, 2024

apigeeX - Roles for PubSub

AI Suggested topics