@sheetal soni Thank you for reaching out to us, as far I am aware data connector is just used to get some data from GCP, when the connector is created, GCP will create and grant some permission to this connector, so that the connector can ingest logs from GCP. this means that if you want to do some permission configuration, you need to do it on GCP side, would recommend reviewing the settings on GCP.
"I'm not sure if the following steps will be helpful (I got them from our internal AI engine tool), but it might be worth trying."
To restrict authentication for a specific data connector when using GCP Workload Identity to authenticate with Azure Sentinel Pub/Sub Audit Log Connector, you can use the following steps:
Create a new service account in GCP that will be used exclusively for the data connector that you want to allow authentication for.
Grant the necessary permissions to the service account to access the GCP audit logs that the data connector needs to ingest.
Configure the GCP Workload Identity pool to only allow the service account to authenticate with the Azure Sentinel Pub/Sub Audit Log Connector. You can do this by specifying the service account's email address as the allowed audience in the provider issuer configuration.
Configure the Azure Sentinel Pub/Sub Audit Log Connector to only accept authentication requests from the service account's email address. You can do this by specifying the service account's email address as the allowed audience in the connector configuration.
By following these steps, you can restrict authentication for a specific data connector when using GCP Workload Identity to authenticate with Azure Sentinel Pub/Sub Audit Log Connector. Only the service account that you have specified will be able to authenticate with the connector, while other data connectors will not be able to authenticate.
Let me know if you have any further questions, feel free to post back.