Model Armor roles and permissions

This page lists the IAM roles and permissions for Model Armor. To search through all roles and permissions, see the role and permission index .

Model Armor roles

Role

Permissions

Model Armor Admin

( roles/ modelarmor.admin )

Grants full access to all modelarmor resources. Intended for administrators & owners.

modelarmor.locations.*

modelarmor.locations.get
modelarmor.locations.list

modelarmor.templates.*

modelarmor.templates.create
modelarmor.templates.delete
modelarmor.templates.get
modelarmor.templates.list
modelarmor.templates.update
modelarmor. templates. useToSanitizeInput
modelarmor. templates. useToSanitizeModelResponse
modelarmor. templates. useToSanitizeOutput
modelarmor. templates. useToSanitizeUserPrompt
modelarmor. templates. useToStreamSanitizeModelResponse
modelarmor. templates. useToStreamSanitizeUserPrompt

resourcemanager.projects.get

resourcemanager.projects.list

Model Armor Editor

( roles/ modelarmor.editor )

Editor role for Model Armor resources.

modelarmor.callouts.invoke

modelarmor. floorSettings. computeEffectiveFloorSetting

modelarmor.floorSettings.get

modelarmor.locations.*

modelarmor.locations.get
modelarmor.locations.list

modelarmor.templates.*

modelarmor.templates.create
modelarmor.templates.delete
modelarmor.templates.get
modelarmor.templates.list
modelarmor.templates.update
modelarmor. templates. useToSanitizeInput
modelarmor. templates. useToSanitizeModelResponse
modelarmor. templates. useToSanitizeOutput
modelarmor. templates. useToSanitizeUserPrompt
modelarmor. templates. useToStreamSanitizeModelResponse
modelarmor. templates. useToStreamSanitizeUserPrompt

resourcemanager.projects.get

resourcemanager.projects.list

Model Armor Viewer

( roles/ modelarmor.viewer )

Grants read access to all model armor resources. Intended for viewers.

modelarmor.locations.*

modelarmor.locations.get
modelarmor.locations.list

modelarmor.templates.get

modelarmor.templates.list

resourcemanager.projects.get

resourcemanager.projects.list

Model Armor Callout User ^Beta

( roles/ modelarmor.calloutUser )

Grants access to use Model Armor Callout service. Intended for users & applications which plan to use Model Armor Callout service.

modelarmor.callouts.invoke

modelarmor.locations.*

modelarmor.locations.get
modelarmor.locations.list

resourcemanager.projects.get

resourcemanager.projects.list

Model Armor Floor Setting Admin

( roles/ modelarmor.floorSettingsAdmin )

Grants full access to all Model Armor Floor Setting resources. Intended for administrators & owners.

modelarmor.floorSettings.*

modelarmor. floorSettings. computeEffectiveFloorSetting
modelarmor.floorSettings.get
modelarmor. floorSettings. update

modelarmor.locations.*

modelarmor.locations.get
modelarmor.locations.list

resourcemanager.folders.get

resourcemanager.folders.list

resourcemanager. organizations. get

resourcemanager.projects.get

resourcemanager.projects.list

Model Armor Floor Setting Viewer

( roles/ modelarmor.floorSettingsViewer )

Grants read access to all Model Armor Floor Setting resources. Intended for viewers.

modelarmor.floorSettings.get

modelarmor.locations.*

modelarmor.locations.get
modelarmor.locations.list

resourcemanager.folders.get

resourcemanager.folders.list

resourcemanager. organizations. get

resourcemanager.projects.get

resourcemanager.projects.list

Model Armor User

( roles/ modelarmor.user )

Grants access to sanitize APIs for templates. Intended for users & applications which plan to use a template.

modelarmor.locations.*

modelarmor.locations.get
modelarmor.locations.list

modelarmor. templates. useToSanitizeInput

modelarmor. templates. useToSanitizeModelResponse

modelarmor. templates. useToSanitizeOutput

modelarmor. templates. useToSanitizeUserPrompt

modelarmor. templates. useToStreamSanitizeModelResponse

modelarmor. templates. useToStreamSanitizeUserPrompt

resourcemanager.projects.get

resourcemanager.projects.list

Service agent roles

Service agent roles should only be granted to service agents .

Role

Permissions

Model Armor Service Agent

( roles/ modelarmor.serviceAgent )

Gives Model Armor Service Account permission to make DLP calls.

dlp.analyzeRiskTemplates.get

dlp.analyzeRiskTemplates.list

dlp.deidentifyTemplates.get

dlp.deidentifyTemplates.list

dlp.inspectFindings.list

dlp.inspectTemplates.get

dlp.inspectTemplates.list

dlp.jobTriggers.get

dlp.jobTriggers.list

dlp.jobs.get

dlp.jobs.list

dlp.kms.encrypt

dlp.locations.*

dlp.locations.get
dlp.locations.list

dlp.storedInfoTypes.get

dlp.storedInfoTypes.list

serviceusage.services.use

Model Armor permissions

Permission

Included in roles

`modelarmor.callouts.invoke`

Owner ( roles/ owner )

Editor ( roles/ editor )

Model Armor Editor ( roles/ modelarmor.editor )

Model Armor Callout User ( roles/ modelarmor.calloutUser )

Service agent roles

Vertex AI Reasoning Engine Service Agent ( roles/ aiplatform.reasoningEngineServiceAgent )

`modelarmor. floorSettings. computeEffectiveFloorSetting`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Model Armor Editor ( roles/ modelarmor.editor )

Security Center Admin ( roles/ securitycenter.admin )

Support User ( roles/ iam.supportUser )

Model Armor Floor Setting Admin ( roles/ modelarmor.floorSettingsAdmin )

`modelarmor.floorSettings.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Model Armor Editor ( roles/ modelarmor.editor )

Security Center Admin ( roles/ securitycenter.admin )

Support User ( roles/ iam.supportUser )

Model Armor Floor Setting Admin ( roles/ modelarmor.floorSettingsAdmin )

Model Armor Floor Setting Viewer ( roles/ modelarmor.floorSettingsViewer )

`modelarmor. floorSettings. update`

Owner ( roles/ owner )

Security Center Admin ( roles/ securitycenter.admin )

Model Armor Floor Setting Admin ( roles/ modelarmor.floorSettingsAdmin )

`modelarmor.locations.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Model Armor Admin ( roles/ modelarmor.admin )

Model Armor Editor ( roles/ modelarmor.editor )

Model Armor Viewer ( roles/ modelarmor.viewer )

Security Center Admin ( roles/ securitycenter.admin )

Support User ( roles/ iam.supportUser )

Model Armor Callout User ( roles/ modelarmor.calloutUser )

Model Armor Floor Setting Admin ( roles/ modelarmor.floorSettingsAdmin )

Model Armor Floor Setting Viewer ( roles/ modelarmor.floorSettingsViewer )

Model Armor User ( roles/ modelarmor.user )

Service agent roles

Vertex AI Reasoning Engine Service Agent ( roles/ aiplatform.reasoningEngineServiceAgent )

`modelarmor.locations.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

Model Armor Admin ( roles/ modelarmor.admin )

Model Armor Editor ( roles/ modelarmor.editor )

Model Armor Viewer ( roles/ modelarmor.viewer )

Security Center Admin ( roles/ securitycenter.admin )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

Model Armor Callout User ( roles/ modelarmor.calloutUser )

Model Armor Floor Setting Admin ( roles/ modelarmor.floorSettingsAdmin )

Model Armor Floor Setting Viewer ( roles/ modelarmor.floorSettingsViewer )

Model Armor User ( roles/ modelarmor.user )

Service agent roles

Vertex AI Reasoning Engine Service Agent ( roles/ aiplatform.reasoningEngineServiceAgent )

`modelarmor.templates.create`

Owner ( roles/ owner )

Editor ( roles/ editor )

Model Armor Admin ( roles/ modelarmor.admin )

Model Armor Editor ( roles/ modelarmor.editor )

Security Center Admin ( roles/ securitycenter.admin )

`modelarmor.templates.delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

Model Armor Admin ( roles/ modelarmor.admin )

Model Armor Editor ( roles/ modelarmor.editor )

Security Center Admin ( roles/ securitycenter.admin )

`modelarmor.templates.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Model Armor Admin ( roles/ modelarmor.admin )

Model Armor Editor ( roles/ modelarmor.editor )

Model Armor Viewer ( roles/ modelarmor.viewer )

Security Center Admin ( roles/ securitycenter.admin )

Support User ( roles/ iam.supportUser )

`modelarmor.templates.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

Model Armor Admin ( roles/ modelarmor.admin )

Model Armor Editor ( roles/ modelarmor.editor )

Model Armor Viewer ( roles/ modelarmor.viewer )

Security Center Admin ( roles/ securitycenter.admin )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

`modelarmor.templates.update`

Owner ( roles/ owner )

Editor ( roles/ editor )

Model Armor Admin ( roles/ modelarmor.admin )

Model Armor Editor ( roles/ modelarmor.editor )

Security Center Admin ( roles/ securitycenter.admin )

`modelarmor. templates. useToSanitizeInput`

Owner ( roles/ owner )

Editor ( roles/ editor )

Model Armor Admin ( roles/ modelarmor.admin )

Model Armor Editor ( roles/ modelarmor.editor )

Security Center Admin ( roles/ securitycenter.admin )

Model Armor User ( roles/ modelarmor.user )

Service agent roles

Vertex AI Reasoning Engine Service Agent ( roles/ aiplatform.reasoningEngineServiceAgent )

`modelarmor. templates. useToSanitizeModelResponse`

Owner ( roles/ owner )

Editor ( roles/ editor )

Model Armor Admin ( roles/ modelarmor.admin )

Model Armor Editor ( roles/ modelarmor.editor )

Security Center Admin ( roles/ securitycenter.admin )

Model Armor User ( roles/ modelarmor.user )

Service agent roles

Vertex AI Reasoning Engine Service Agent ( roles/ aiplatform.reasoningEngineServiceAgent )
Discovery Engine Service Agent ( roles/ discoveryengine.serviceAgent )

`modelarmor. templates. useToSanitizeOutput`

Owner ( roles/ owner )

Editor ( roles/ editor )

Model Armor Admin ( roles/ modelarmor.admin )

Model Armor Editor ( roles/ modelarmor.editor )

Security Center Admin ( roles/ securitycenter.admin )

Model Armor User ( roles/ modelarmor.user )

Service agent roles

Vertex AI Reasoning Engine Service Agent ( roles/ aiplatform.reasoningEngineServiceAgent )

`modelarmor. templates. useToSanitizeUserPrompt`

Owner ( roles/ owner )

Editor ( roles/ editor )

Model Armor Admin ( roles/ modelarmor.admin )

Model Armor Editor ( roles/ modelarmor.editor )

Security Center Admin ( roles/ securitycenter.admin )

Model Armor User ( roles/ modelarmor.user )

Service agent roles

Vertex AI Reasoning Engine Service Agent ( roles/ aiplatform.reasoningEngineServiceAgent )
Discovery Engine Service Agent ( roles/ discoveryengine.serviceAgent )

`modelarmor. templates. useToStreamSanitizeModelResponse`

Owner ( roles/ owner )

Editor ( roles/ editor )

Model Armor Admin ( roles/ modelarmor.admin )

Model Armor Editor ( roles/ modelarmor.editor )

Security Center Admin ( roles/ securitycenter.admin )

Model Armor User ( roles/ modelarmor.user )

`modelarmor. templates. useToStreamSanitizeUserPrompt`

Owner ( roles/ owner )

Editor ( roles/ editor )

Model Armor Admin ( roles/ modelarmor.admin )

Model Armor Editor ( roles/ modelarmor.editor )

Security Center Admin ( roles/ securitycenter.admin )

Model Armor User ( roles/ modelarmor.user )

Model Armor roles and permissions Stay organized with collections Save and categorize content based on your preferences.