Hi @kks8589 ,
Thanks for your patience. I connected with Product team and below are observations
- The mapping from storage.buckets.get, storage.buckets.list, or storage.objects.get to roles in GCS IAM will be included in the documentation
- storage.buckets.get, storage.buckets.list is not mapped to "Storage object viewer" role in GCS IAM and this is needed to enable root level permissions. "Test connection" in linked service is checking for permissions at root level and hence without this role, the connection shows failed. Ex: "Storage Admin" can be enabled for the account
- Similar to "Amazon S3" linked service in ADF as below, ADF team is working on a backlog item to use this layout for GCS connection where specific file path (Bucket) can be tested in GCS linked service
- Using only "storage.objects.get" permission i.e., storage object viewer role, will enable to read from specific bucket in dataset for which account has permissions and ADF still loads the data.
Additional details will be added to documentation, thanks for your contribution.
Hope this helps! Please let us know for more queries and we will be glad to assist further.