Google Cloud Storage
Archive SAP documents to GCS buckets. Service account or OAuth auth, path prefixes, storage classes.
Use Cases
- SAP on GCP document archival
- BigQuery integration for SAP document analytics
- Multi-cloud storage strategy
Archive SAP documents to Google Cloud Storage. Service-account auth for automated pipelines; OAuth for user-context access.
Setup
Service account (recommended)
- Google Cloud Console → IAM & Admin → Service Accounts → Create Service Account (e.g.
filerelay-writer). - Grant Storage Object Creator (
roles/storage.objectCreator) on the bucket. - Service account → Keys → Add Key → Create new key → JSON. Download.
- In FileRelay, add a Google Cloud Storage destination. Paste the full JSON into
service_account_json. Enter the bucket + optional prefix.
OAuth 2.0
- Create an OAuth 2.0 Client ID in the Cloud Console — same flow as the Google Drive connector.
- Authorise scope
https://www.googleapis.com/auth/devstorage.read_write. - Get a refresh token (OAuth 2.0 Playground or your own flow).
- Add the destination in FileRelay with Client ID, Client Secret, Refresh Token.
REPLACE: Screenshot of the GCS destination form
How it works
Service account JSON is used directly; OAuth refresh tokens mint short-lived access tokens per upload. Files > 5 MB use resumable uploads — interruptions resume rather than restart.
Path
{prefix}/{subfolder}/{doc_id}.{ext}
- subfolder is generated by routing rules
- ext derives from MIME type
Example: sap-documents/2026-04/4500012345.pdf.
IAM
Minimum:
| Role | Purpose |
|---|---|
roles/storage.objectCreator |
Upload objects |
roles/storage.objectViewer |
(Optional) verify uploads |
Or a custom role with storage.objects.create (+ optional storage.objects.get, storage.buckets.get).
Grant at the bucket level, not project, for least-privilege:
gsutil iam ch serviceAccount:[email protected]:roles/storage.objectCreator gs://your-bucket
Storage classes
Configure Object Lifecycle Management on the bucket to transition automatically.
| Class | When to use | Min duration | Retrieval cost |
|---|---|---|---|
| Standard | Frequent access | None | Free |
| Nearline | Monthly or less | 30 days | Per-GB fee |
| Coldline | Quarterly or less | 90 days | Higher per-GB |
| Archive | Annual / compliance | 365 days | Highest |
FileRelay uploads to the bucket's default storage class — lifecycle rules handle the transitions.
Tips
- Bucket region = SAP region if you're on GCP — minimises latency and egress.
- BigQuery can query objects directly via external tables / BigLake — no copy.
- Uniform bucket-level access simplifies permissions; FileRelay supports both uniform and fine-grained ACL.
- Versioning as a safety net for accidental overwrites. FileRelay uses unique doc IDs so overwrites are rare anyway.
- Project ID only required for auto-creating buckets; leave empty for existing buckets.
- Dual-region / multi-region for high availability — higher cost.
- Bucket retention policies for compliance-driven immutability.
Configuration Fields
| Field | Type | Required | Description |
|---|---|---|---|
| bucket | string | Required | GCS bucket name |
| prefix | string | Optional | Object path prefix |
| project_id | string | Optional | Google Cloud project ID (required for bucket creation) |
Credentials
| Field | Type | Required | Description |
|---|---|---|---|
| service_account_json | json | Optional | Service account JSON key file contents (use this OR OAuth credentials) |
| client_id | string | Optional | OAuth 2.0 Client ID (use with client_secret and refresh_token) |
| client_secret | string | Optional | OAuth 2.0 Client Secret |
| refresh_token | string | Optional | OAuth 2.0 refresh token |
All credentials are encrypted at rest using envelope encryption.
Ready to set up Google Cloud Storage?
Create a free account and add this connector in under 2 minutes.