Menu
We are using FCM to send mobile notifications to our app. This is working just fine, however the service account I have to use to send messages has de 'Project Editor' role.
Since we both develop the app and the service that sends the messages that is not a huge issue for us, however we also offer an api implementation to third party app builders.
In that case we would like to be able to create a service account with a more restricted rule, so we can only send messages. This way the third party can provide us a service account authentication json, where they can be sure we won't be able to see or do anything other than publishing FCM messages.
Does anyone know what permissions / roles this service account user should have.
The google documentation on this point is useless, since it says it should be project editor or project owner. And doesn't provide the specific permission.
719
I think this is what you need. It worked for us.
cloudmessaging.messages.create
firebasenotifications.messages.create
firebasenotifications.messages.delete
firebasenotifications.messages.get
firebasenotifications.messages.list
firebasenotifications.messages.update
cloudmessaging.messages.create this one was critical.
85
For me, for push notifications, the only one needed was cloudmessaging.messages.create.
That can be also seen as a result of the new Cloud IAM role recommendations service.
https://cloud.google.com/iam/docs/role-recommendations
And yeah, it's shame that Google didn't provide documentation on this.
32
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
