This page describes how to use Identity and Access Management (IAM) to manage access to Vertex AI resources. To manage access to Vertex AI Workbench instances, see Vertex AI Workbench instances access control .
Vertex AI uses IAM to manage access to resources. You can manage access at the project level or resource level. To grant access to resources at the project level, assign one or more roles to a principal (user, group, or service account ). To grant access to a specific resource, set an IAM policy on that resource; the resource must support resource-level policies. The policy defines which roles are assigned to which principals.
There are different types of IAM roles that can be used in Vertex AI:
-
Predefined roles let you grant a set of related permissions to your Vertex AI resources at the project level.
-
Basic roles (Owner, Editor, and Viewer) provide access control to your Vertex AI resources at the project level, and are common to all Google Cloud services.
-
Custom roles enable you to choose a specific set of permissions, create your own role with those permissions, and grant the role to users in your organization.
To add, update, or remove these roles in your Vertex AI project, see the documentation on granting, changing, and revoking access .
Predefined roles for Vertex AI
Vertex AI Administrator
( roles/
)
Grants full access to all resources in Vertex AI
aiplatform.*
-
aiplatform.
agentExamples. create -
aiplatform.
agentExamples. delete -
aiplatform.agentExamples.get
-
aiplatform.agentExamples.list
-
aiplatform.
agentExamples. update -
aiplatform.agents.create
-
aiplatform.agents.delete
-
aiplatform.agents.get
-
aiplatform.agents.list
-
aiplatform.agents.update
-
aiplatform.
annotationSpecs. create -
aiplatform.
annotationSpecs. delete -
aiplatform.annotationSpecs.get
-
aiplatform.
annotationSpecs. list -
aiplatform.
annotationSpecs. update -
aiplatform.annotations.create
-
aiplatform.annotations.delete
-
aiplatform.annotations.get
-
aiplatform.annotations.list
-
aiplatform.annotations.update
-
aiplatform.apps.create
-
aiplatform.apps.delete
-
aiplatform.apps.get
-
aiplatform.apps.list
-
aiplatform.apps.update
-
aiplatform.artifacts.create
-
aiplatform.artifacts.delete
-
aiplatform.artifacts.get
-
aiplatform.artifacts.list
-
aiplatform.artifacts.update
-
aiplatform.
batchPredictionJobs. cancel -
aiplatform.
batchPredictionJobs. create -
aiplatform.
batchPredictionJobs. delete -
aiplatform.
batchPredictionJobs. get -
aiplatform.
batchPredictionJobs. list -
aiplatform.cacheConfigs.get
-
aiplatform.cacheConfigs.update
-
aiplatform.consents.get
-
aiplatform.consents.update
-
aiplatform.
contexts. addContextArtifactsAndExecutions -
aiplatform.
contexts. addContextChildren -
aiplatform.contexts.create
-
aiplatform.contexts.delete
-
aiplatform.contexts.get
-
aiplatform.contexts.list
-
aiplatform.
contexts. queryContextLineageSubgraph -
aiplatform.contexts.update
-
aiplatform.customJobs.cancel
-
aiplatform.customJobs.create
-
aiplatform.customJobs.delete
-
aiplatform.customJobs.get
-
aiplatform.customJobs.list
-
aiplatform.dataItems.create
-
aiplatform.dataItems.delete
-
aiplatform.dataItems.get
-
aiplatform.dataItems.list
-
aiplatform.dataItems.update
-
aiplatform.
dataLabelingJobs. cancel -
aiplatform.
dataLabelingJobs. create -
aiplatform.
dataLabelingJobs. delete -
aiplatform.
dataLabelingJobs. get -
aiplatform.
dataLabelingJobs. list -
aiplatform.
datasetVersions. create -
aiplatform.
datasetVersions. delete -
aiplatform.datasetVersions.get
-
aiplatform.
datasetVersions. list -
aiplatform.
datasetVersions. restore -
aiplatform.datasets.create
-
aiplatform.datasets.delete
-
aiplatform.datasets.export
-
aiplatform.datasets.get
-
aiplatform.datasets.import
-
aiplatform.datasets.list
-
aiplatform.datasets.update
-
aiplatform.
deploymentResourcePools. create -
aiplatform.
deploymentResourcePools. delete -
aiplatform.
deploymentResourcePools. get -
aiplatform.
deploymentResourcePools. list -
aiplatform.
deploymentResourcePools. queryDeployedModels -
aiplatform.
deploymentResourcePools. update -
aiplatform.
edgeDeploymentJobs. create -
aiplatform.
edgeDeploymentJobs. delete -
aiplatform.
edgeDeploymentJobs. get -
aiplatform.
edgeDeploymentJobs. list -
aiplatform.
edgeDeviceDebugInfo. get -
aiplatform.edgeDevices.create
-
aiplatform.edgeDevices.delete
-
aiplatform.edgeDevices.get
-
aiplatform.edgeDevices.list
-
aiplatform.edgeDevices.update
-
aiplatform.endpoints.create
-
aiplatform.endpoints.delete
-
aiplatform.endpoints.deploy
-
aiplatform.endpoints.explain
-
aiplatform.endpoints.get
-
aiplatform.
endpoints. getIamPolicy -
aiplatform.endpoints.list
-
aiplatform.endpoints.predict
-
aiplatform.
endpoints. setIamPolicy -
aiplatform.endpoints.undeploy
-
aiplatform.endpoints.update
-
aiplatform.entityTypes.create
-
aiplatform.entityTypes.delete
-
aiplatform.
entityTypes. deleteFeatureValues -
aiplatform.
entityTypes. exportFeatureValues -
aiplatform.entityTypes.get
-
aiplatform.
entityTypes. getIamPolicy -
aiplatform.
entityTypes. importFeatureValues -
aiplatform.entityTypes.list
-
aiplatform.
entityTypes. readFeatureValues -
aiplatform.
entityTypes. setIamPolicy -
aiplatform.
entityTypes. streamingReadFeatureValues -
aiplatform.entityTypes.update
-
aiplatform.
entityTypes. writeFeatureValues -
aiplatform.
executions. addExecutionEvents -
aiplatform.executions.create
-
aiplatform.executions.delete
-
aiplatform.executions.get
-
aiplatform.executions.list
-
aiplatform.
executions. queryExecutionInputsAndOutputs -
aiplatform.executions.update
-
aiplatform.extensions.delete
-
aiplatform.extensions.execute
-
aiplatform.extensions.get
-
aiplatform.extensions.import
-
aiplatform.extensions.list
-
aiplatform.extensions.update
-
aiplatform.
featureGroups. create -
aiplatform.
featureGroups. delete -
aiplatform.featureGroups.get
-
aiplatform.featureGroups.list
-
aiplatform.
featureGroups. update -
aiplatform.
featureOnlineStores. create -
aiplatform.
featureOnlineStores. delete -
aiplatform.
featureOnlineStores. get -
aiplatform.
featureOnlineStores. getIamPolicy -
aiplatform.
featureOnlineStores. list -
aiplatform.
featureOnlineStores. setIamPolicy -
aiplatform.
featureOnlineStores. update -
aiplatform.
featureViewSyncs. get -
aiplatform.
featureViewSyncs. list -
aiplatform.featureViews.create
-
aiplatform.featureViews.delete
-
aiplatform.
featureViews. fetchFeatureValues -
aiplatform.featureViews.get
-
aiplatform.
featureViews. getIamPolicy -
aiplatform.featureViews.list
-
aiplatform.
featureViews. searchNearestEntities -
aiplatform.
featureViews. setIamPolicy -
aiplatform.featureViews.sync
-
aiplatform.featureViews.update
-
aiplatform.features.create
-
aiplatform.features.delete
-
aiplatform.features.get
-
aiplatform.features.list
-
aiplatform.features.update
-
aiplatform.
featurestores. batchReadFeatureValues -
aiplatform.
featurestores. create -
aiplatform.
featurestores. delete -
aiplatform.
featurestores. exportFeatures -
aiplatform.featurestores.get
-
aiplatform.
featurestores. getIamPolicy -
aiplatform.
featurestores. importFeatures -
aiplatform.featurestores.list
-
aiplatform.
featurestores. readFeatures -
aiplatform.
featurestores. setIamPolicy -
aiplatform.
featurestores. update -
aiplatform.
featurestores. writeFeatures -
aiplatform.
humanInTheLoops. cancel -
aiplatform.
humanInTheLoops. create -
aiplatform.
humanInTheLoops. delete -
aiplatform.humanInTheLoops.get
-
aiplatform.
humanInTheLoops. list -
aiplatform.
humanInTheLoops. queryAnnotationStats -
aiplatform.
humanInTheLoops. send -
aiplatform.
humanInTheLoops. update -
aiplatform.
hyperparameterTuningJobs. cancel -
aiplatform.
hyperparameterTuningJobs. create -
aiplatform.
hyperparameterTuningJobs. delete -
aiplatform.
hyperparameterTuningJobs. get -
aiplatform.
hyperparameterTuningJobs. list -
aiplatform.
indexEndpoints. create -
aiplatform.
indexEndpoints. delete -
aiplatform.
indexEndpoints. deploy -
aiplatform.indexEndpoints.get
-
aiplatform.indexEndpoints.list
-
aiplatform.
indexEndpoints. queryVectors -
aiplatform.
indexEndpoints. undeploy -
aiplatform.
indexEndpoints. update -
aiplatform.indexes.create
-
aiplatform.indexes.delete
-
aiplatform.indexes.get
-
aiplatform.indexes.list
-
aiplatform.indexes.update
-
aiplatform.locations.get
-
aiplatform.locations.list
-
aiplatform.
metadataSchemas. create -
aiplatform.
metadataSchemas. delete -
aiplatform.metadataSchemas.get
-
aiplatform.
metadataSchemas. list -
aiplatform.
metadataStores. create -
aiplatform.
metadataStores. delete -
aiplatform.metadataStores.get
-
aiplatform.metadataStores.list
-
aiplatform.
migratableResources. migrate -
aiplatform.
migratableResources. search -
aiplatform.
modelDeploymentMonitoringJobs. create -
aiplatform.
modelDeploymentMonitoringJobs. delete -
aiplatform.
modelDeploymentMonitoringJobs. get -
aiplatform.
modelDeploymentMonitoringJobs. list -
aiplatform.
modelDeploymentMonitoringJobs. pause -
aiplatform.
modelDeploymentMonitoringJobs. resume -
aiplatform.
modelDeploymentMonitoringJobs. searchStatsAnomalies -
aiplatform.
modelDeploymentMonitoringJobs. update -
aiplatform.
modelEvaluationSlices. get -
aiplatform.
modelEvaluationSlices. import -
aiplatform.
modelEvaluationSlices. list -
aiplatform.
modelEvaluations. exportEvaluatedDataItems -
aiplatform.
modelEvaluations. get -
aiplatform.
modelEvaluations. import -
aiplatform.
modelEvaluations. list -
aiplatform.models.delete
-
aiplatform.models.export
-
aiplatform.models.get
-
aiplatform.models.list
-
aiplatform.models.update
-
aiplatform.models.upload
-
aiplatform.nasJobs.cancel
-
aiplatform.nasJobs.create
-
aiplatform.nasJobs.delete
-
aiplatform.nasJobs.get
-
aiplatform.nasJobs.list
-
aiplatform.nasTrialDetails.get
-
aiplatform.
nasTrialDetails. list -
aiplatform.
notebookExecutionJobs. create -
aiplatform.
notebookExecutionJobs. delete -
aiplatform.
notebookExecutionJobs. get -
aiplatform.
notebookExecutionJobs. list -
aiplatform.
notebookRuntimeTemplates. apply -
aiplatform.
notebookRuntimeTemplates. create -
aiplatform.
notebookRuntimeTemplates. delete -
aiplatform.
notebookRuntimeTemplates. get -
aiplatform.
notebookRuntimeTemplates. getIamPolicy -
aiplatform.
notebookRuntimeTemplates. list -
aiplatform.
notebookRuntimeTemplates. setIamPolicy -
aiplatform.
notebookRuntimeTemplates. update -
aiplatform.
notebookRuntimes. assign -
aiplatform.
notebookRuntimes. delete -
aiplatform.
notebookRuntimes. get -
aiplatform.
notebookRuntimes. list -
aiplatform.
notebookRuntimes. start -
aiplatform.
notebookRuntimes. update -
aiplatform.
notebookRuntimes. upgrade -
aiplatform.operations.list
-
aiplatform.
persistentResources. create -
aiplatform.
persistentResources. delete -
aiplatform.
persistentResources. get -
aiplatform.
persistentResources. list -
aiplatform.pipelineJobs.cancel
-
aiplatform.pipelineJobs.create
-
aiplatform.pipelineJobs.delete
-
aiplatform.pipelineJobs.get
-
aiplatform.pipelineJobs.list
-
aiplatform.
reasoningEngines. create -
aiplatform.
reasoningEngines. delete -
aiplatform.
reasoningEngines. get -
aiplatform.
reasoningEngines. list -
aiplatform.
reasoningEngines. query -
aiplatform.
reasoningEngines. update -
aiplatform.schedules.create
-
aiplatform.schedules.delete
-
aiplatform.schedules.get
-
aiplatform.schedules.list
-
aiplatform.schedules.update
-
aiplatform.sessions.get
-
aiplatform.sessions.list
-
aiplatform.sessions.run
-
aiplatform.
specialistPools. create -
aiplatform.
specialistPools. delete -
aiplatform.specialistPools.get
-
aiplatform.
specialistPools. list -
aiplatform.
specialistPools. update -
aiplatform.studies.create
-
aiplatform.studies.delete
-
aiplatform.studies.get
-
aiplatform.studies.list
-
aiplatform.studies.update
-
aiplatform.
tensorboardExperiments. create -
aiplatform.
tensorboardExperiments. delete -
aiplatform.
tensorboardExperiments. get -
aiplatform.
tensorboardExperiments. list -
aiplatform.
tensorboardExperiments. update -
aiplatform.
tensorboardExperiments. write -
aiplatform.
tensorboardRuns. batchCreate -
aiplatform.
tensorboardRuns. create -
aiplatform.
tensorboardRuns. delete -
aiplatform.tensorboardRuns.get
-
aiplatform.
tensorboardRuns. list -
aiplatform.
tensorboardRuns. update -
aiplatform.
tensorboardRuns. write -
aiplatform.
tensorboardTimeSeries. batchCreate -
aiplatform.
tensorboardTimeSeries. batchRead -
aiplatform.
tensorboardTimeSeries. create -
aiplatform.
tensorboardTimeSeries. delete -
aiplatform.
tensorboardTimeSeries. get -
aiplatform.
tensorboardTimeSeries. list -
aiplatform.
tensorboardTimeSeries. read -
aiplatform.
tensorboardTimeSeries. update -
aiplatform.tensorboards.create
-
aiplatform.tensorboards.delete
-
aiplatform.tensorboards.get
-
aiplatform.tensorboards.list
-
aiplatform.
tensorboards. recordAccess -
aiplatform.tensorboards.update
-
aiplatform.
trainingPipelines. cancel -
aiplatform.
trainingPipelines. create -
aiplatform.
trainingPipelines. delete -
aiplatform.
trainingPipelines. get -
aiplatform.
trainingPipelines. list -
aiplatform.trials.create
-
aiplatform.trials.delete
-
aiplatform.trials.get
-
aiplatform.trials.list
-
aiplatform.trials.update
-
aiplatform.tuningJobs.cancel
-
aiplatform.tuningJobs.create
-
aiplatform.tuningJobs.delete
-
aiplatform.tuningJobs.get
-
aiplatform.tuningJobs.list
-
aiplatform.
tuningJobs. vertexTune
resourcemanager.projects.get
resourcemanager.projects.list
Colab Enterprise Admin
( roles/
)
Admin role of using colab enterprise.
aiplatform.
-
aiplatform.
notebookExecutionJobs. create -
aiplatform.
notebookExecutionJobs. delete -
aiplatform.
notebookExecutionJobs. get -
aiplatform.
notebookExecutionJobs. list
aiplatform.
-
aiplatform.
notebookRuntimeTemplates. apply -
aiplatform.
notebookRuntimeTemplates. create -
aiplatform.
notebookRuntimeTemplates. delete -
aiplatform.
notebookRuntimeTemplates. get -
aiplatform.
notebookRuntimeTemplates. getIamPolicy -
aiplatform.
notebookRuntimeTemplates. list -
aiplatform.
notebookRuntimeTemplates. setIamPolicy -
aiplatform.
notebookRuntimeTemplates. update
aiplatform.notebookRuntimes.*
-
aiplatform.
notebookRuntimes. assign -
aiplatform.
notebookRuntimes. delete -
aiplatform.
notebookRuntimes. get -
aiplatform.
notebookRuntimes. list -
aiplatform.
notebookRuntimes. start -
aiplatform.
notebookRuntimes. update -
aiplatform.
notebookRuntimes. upgrade
aiplatform.operations.list
aiplatform.pipelineJobs.create
aiplatform.schedules.*
-
aiplatform.schedules.create
-
aiplatform.schedules.delete
-
aiplatform.schedules.get
-
aiplatform.schedules.list
-
aiplatform.schedules.update
compute.reservations.get
compute.reservations.list
dataform.*
-
dataform.
compilationResults. create -
dataform.
compilationResults. get -
dataform.
compilationResults. list -
dataform.
compilationResults. query -
dataform.locations.get
-
dataform.locations.list
-
dataform.releaseConfigs.create
-
dataform.releaseConfigs.delete
-
dataform.releaseConfigs.get
-
dataform.releaseConfigs.list
-
dataform.releaseConfigs.update
-
dataform.repositories.commit
-
dataform.
repositories. computeAccessTokenStatus -
dataform.repositories.create
-
dataform.repositories.delete
-
dataform.
repositories. fetchHistory -
dataform.
repositories. fetchRemoteBranches -
dataform.repositories.get
-
dataform.
repositories. getIamPolicy -
dataform.repositories.list
-
dataform.
repositories. queryDirectoryContents -
dataform.repositories.readFile
-
dataform.
repositories. setIamPolicy -
dataform.repositories.update
-
dataform.
workflowConfigs. create -
dataform.
workflowConfigs. delete -
dataform.workflowConfigs.get
-
dataform.workflowConfigs.list
-
dataform.
workflowConfigs. update -
dataform.
workflowInvocations. cancel -
dataform.
workflowInvocations. create -
dataform.
workflowInvocations. delete -
dataform.
workflowInvocations. get -
dataform.
workflowInvocations. list -
dataform.
workflowInvocations. query -
dataform.workspaces.commit
-
dataform.workspaces.create
-
dataform.workspaces.delete
-
dataform.
workspaces. fetchFileDiff -
dataform.
workspaces. fetchFileGitStatuses -
dataform.
workspaces. fetchGitAheadBehind -
dataform.workspaces.get
-
dataform.
workspaces. getIamPolicy -
dataform.
workspaces. installNpmPackages -
dataform.workspaces.list
-
dataform.
workspaces. makeDirectory -
dataform.
workspaces. moveDirectory -
dataform.workspaces.moveFile
-
dataform.workspaces.pull
-
dataform.workspaces.push
-
dataform.
workspaces. queryDirectoryContents -
dataform.workspaces.readFile
-
dataform.
workspaces. removeDirectory -
dataform.workspaces.removeFile
-
dataform.workspaces.reset
-
dataform.
workspaces. searchFiles -
dataform.
workspaces. setIamPolicy -
dataform.workspaces.writeFile
resourcemanager.projects.get
resourcemanager.projects.list
Colab Enterprise User
( roles/
)
User role of using colab enterprise.
aiplatform.
-
aiplatform.
notebookExecutionJobs. create -
aiplatform.
notebookExecutionJobs. delete -
aiplatform.
notebookExecutionJobs. get -
aiplatform.
notebookExecutionJobs. list
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.operations.list
aiplatform.pipelineJobs.create
aiplatform.schedules.*
-
aiplatform.schedules.create
-
aiplatform.schedules.delete
-
aiplatform.schedules.get
-
aiplatform.schedules.list
-
aiplatform.schedules.update
dataform.locations.*
-
dataform.locations.get
-
dataform.locations.list
dataform.repositories.create
dataform.repositories.list
resourcemanager.projects.get
resourcemanager.projects.list
Vertex AI Feature Store EntityType owner
( roles/
)
Provides full access to all permissions for a particular entity type resource.
Lowest-level resources where you can grant this role:
- Entity type
aiplatform.entityTypes.delete
aiplatform.
aiplatform.
aiplatform.entityTypes.get
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.entityTypes.update
aiplatform.
aiplatform.featureGroups.get
aiplatform.featureGroups.list
aiplatform.
aiplatform.
aiplatform.featureViewSyncs.*
-
aiplatform.
featureViewSyncs. get -
aiplatform.
featureViewSyncs. list
aiplatform.
aiplatform.featureViews.get
aiplatform.featureViews.list
aiplatform.
aiplatform.features.*
-
aiplatform.features.create
-
aiplatform.features.delete
-
aiplatform.features.get
-
aiplatform.features.list
-
aiplatform.features.update
aiplatform.
resourcemanager.projects.get
resourcemanager.projects.list
Vertex AI Feature Store Admin
( roles/
)
Grants full access to all resources in Vertex AI Feature Store
Lowest-level resources where you can grant this role:
- Entity type
aiplatform.entityTypes.*
-
aiplatform.entityTypes.create
-
aiplatform.entityTypes.delete
-
aiplatform.
entityTypes. deleteFeatureValues -
aiplatform.
entityTypes. exportFeatureValues -
aiplatform.entityTypes.get
-
aiplatform.
entityTypes. getIamPolicy -
aiplatform.
entityTypes. importFeatureValues -
aiplatform.entityTypes.list
-
aiplatform.
entityTypes. readFeatureValues -
aiplatform.
entityTypes. setIamPolicy -
aiplatform.
entityTypes. streamingReadFeatureValues -
aiplatform.entityTypes.update
-
aiplatform.
entityTypes. writeFeatureValues
aiplatform.featureGroups.*
-
aiplatform.
featureGroups. create -
aiplatform.
featureGroups. delete -
aiplatform.featureGroups.get
-
aiplatform.featureGroups.list
-
aiplatform.
featureGroups. update
aiplatform.
-
aiplatform.
featureOnlineStores. create -
aiplatform.
featureOnlineStores. delete -
aiplatform.
featureOnlineStores. get -
aiplatform.
featureOnlineStores. getIamPolicy -
aiplatform.
featureOnlineStores. list -
aiplatform.
featureOnlineStores. setIamPolicy -
aiplatform.
featureOnlineStores. update
aiplatform.featureViewSyncs.*
-
aiplatform.
featureViewSyncs. get -
aiplatform.
featureViewSyncs. list
aiplatform.featureViews.*
-
aiplatform.featureViews.create
-
aiplatform.featureViews.delete
-
aiplatform.
featureViews. fetchFeatureValues -
aiplatform.featureViews.get
-
aiplatform.
featureViews. getIamPolicy -
aiplatform.featureViews.list
-
aiplatform.
featureViews. searchNearestEntities -
aiplatform.
featureViews. setIamPolicy -
aiplatform.featureViews.sync
-
aiplatform.featureViews.update
aiplatform.features.*
-
aiplatform.features.create
-
aiplatform.features.delete
-
aiplatform.features.get
-
aiplatform.features.list
-
aiplatform.features.update
aiplatform.featurestores.*
-
aiplatform.
featurestores. batchReadFeatureValues -
aiplatform.
featurestores. create -
aiplatform.
featurestores. delete -
aiplatform.
featurestores. exportFeatures -
aiplatform.featurestores.get
-
aiplatform.
featurestores. getIamPolicy -
aiplatform.
featurestores. importFeatures -
aiplatform.featurestores.list
-
aiplatform.
featurestores. readFeatures -
aiplatform.
featurestores. setIamPolicy -
aiplatform.
featurestores. update -
aiplatform.
featurestores. writeFeatures
aiplatform.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
Vertex AI Feature Store Data Viewer
( roles/
)
This role provides permissions to read Feature data.
Lowest-level resources where you can grant this role:
- Entity type
aiplatform.
aiplatform.entityTypes.get
aiplatform.
aiplatform.
aiplatform.featureGroups.get
aiplatform.featureGroups.list
aiplatform.
aiplatform.
aiplatform.featureViewSyncs.*
-
aiplatform.
featureViewSyncs. get -
aiplatform.
featureViewSyncs. list
aiplatform.
aiplatform.featureViews.get
aiplatform.featureViews.list
aiplatform.
aiplatform.features.get
aiplatform.features.list
aiplatform.
resourcemanager.projects.get
resourcemanager.projects.list
Vertex AI Feature Store Data Writer
( roles/
)
This role provides permissions to read and write Feature data.
Lowest-level resources where you can grant this role:
- Entity type
aiplatform.
aiplatform.
aiplatform.entityTypes.get
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.featureGroups.get
aiplatform.featureGroups.list
aiplatform.
aiplatform.
aiplatform.featureViewSyncs.*
-
aiplatform.
featureViewSyncs. get -
aiplatform.
featureViewSyncs. list
aiplatform.
aiplatform.featureViews.get
aiplatform.featureViews.list
aiplatform.
aiplatform.features.get
aiplatform.features.list
aiplatform.
resourcemanager.projects.get
resourcemanager.projects.list
Vertex AI Feature Store Instance Creator
( roles/
)
Administrator of Featurestore resources, but not the child resources under Featurestores.
Lowest-level resources where you can grant this role:
- Featurestore
aiplatform.
aiplatform.
aiplatform.featurestores.get
aiplatform.featurestores.list
aiplatform.
Vertex AI Feature Store Resource Viewer
( roles/
)
Viewer of all resources in Vertex AI Feature Store but cannot make changes.
Lowest-level resources where you can grant this role:
- Entity type
aiplatform.entityTypes.get
aiplatform.entityTypes.list
aiplatform.featureGroups.get
aiplatform.featureGroups.list
aiplatform.
aiplatform.
aiplatform.featureViewSyncs.*
-
aiplatform.
featureViewSyncs. get -
aiplatform.
featureViewSyncs. list
aiplatform.featureViews.get
aiplatform.featureViews.list
aiplatform.features.get
aiplatform.features.list
aiplatform.featurestores.get
aiplatform.featurestores.list
aiplatform.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
Vertex AI Feature Store User Beta
( roles/
)
Deprecated. Use featurestoreAdmin instead.
aiplatform.entityTypes.*
-
aiplatform.entityTypes.create
-
aiplatform.entityTypes.delete
-
aiplatform.
entityTypes. deleteFeatureValues -
aiplatform.
entityTypes. exportFeatureValues -
aiplatform.entityTypes.get
-
aiplatform.
entityTypes. getIamPolicy -
aiplatform.
entityTypes. importFeatureValues -
aiplatform.entityTypes.list
-
aiplatform.
entityTypes. readFeatureValues -
aiplatform.
entityTypes. setIamPolicy -
aiplatform.
entityTypes. streamingReadFeatureValues -
aiplatform.entityTypes.update
-
aiplatform.
entityTypes. writeFeatureValues
aiplatform.features.*
-
aiplatform.features.create
-
aiplatform.features.delete
-
aiplatform.features.get
-
aiplatform.features.list
-
aiplatform.features.update
aiplatform.featurestores.*
-
aiplatform.
featurestores. batchReadFeatureValues -
aiplatform.
featurestores. create -
aiplatform.
featurestores. delete -
aiplatform.
featurestores. exportFeatures -
aiplatform.featurestores.get
-
aiplatform.
featurestores. getIamPolicy -
aiplatform.
featurestores. importFeatures -
aiplatform.featurestores.list
-
aiplatform.
featurestores. readFeatures -
aiplatform.
featurestores. setIamPolicy -
aiplatform.
featurestores. update -
aiplatform.
featurestores. writeFeatures
aiplatform.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
Vertex AI Migration Service User
( roles/
)
Grants access to use migration service in Vertex AI
aiplatform.
-
aiplatform.
migratableResources. migrate -
aiplatform.
migratableResources. search
Notebook Executor User Beta
( roles/
)
Grants users full access to schedules and notebook execution jobs.
aiplatform.
-
aiplatform.
notebookExecutionJobs. create -
aiplatform.
notebookExecutionJobs. delete -
aiplatform.
notebookExecutionJobs. get -
aiplatform.
notebookExecutionJobs. list
aiplatform.operations.list
aiplatform.pipelineJobs.create
aiplatform.schedules.*
-
aiplatform.schedules.create
-
aiplatform.schedules.delete
-
aiplatform.schedules.get
-
aiplatform.schedules.list
-
aiplatform.schedules.update
Notebook Runtime Admin
( roles/
)
Grants full access to all runtime templates and runtimes in Notebook Service.
aiplatform.
-
aiplatform.
notebookRuntimeTemplates. apply -
aiplatform.
notebookRuntimeTemplates. create -
aiplatform.
notebookRuntimeTemplates. delete -
aiplatform.
notebookRuntimeTemplates. get -
aiplatform.
notebookRuntimeTemplates. getIamPolicy -
aiplatform.
notebookRuntimeTemplates. list -
aiplatform.
notebookRuntimeTemplates. setIamPolicy -
aiplatform.
notebookRuntimeTemplates. update
aiplatform.notebookRuntimes.*
-
aiplatform.
notebookRuntimes. assign -
aiplatform.
notebookRuntimes. delete -
aiplatform.
notebookRuntimes. get -
aiplatform.
notebookRuntimes. list -
aiplatform.
notebookRuntimes. start -
aiplatform.
notebookRuntimes. update -
aiplatform.
notebookRuntimes. upgrade
aiplatform.operations.list
compute.reservations.get
compute.reservations.list
Notebook Runtime User
( roles/
)
Grants users permissions to create runtime resources using a runtime template and manage the runtime resources they created.
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.operations.list
Vertex AI Tensorboard Web App User Beta
( roles/
)
Grants access to the Vertex AI TensorBoard web app.
aiplatform.
Vertex AI User
( roles/
)
Grants access to use all resource in Vertex AI
aiplatform.agentExamples.*
-
aiplatform.
agentExamples. create -
aiplatform.
agentExamples. delete -
aiplatform.agentExamples.get
-
aiplatform.agentExamples.list
-
aiplatform.
agentExamples. update
aiplatform.agents.*
-
aiplatform.agents.create
-
aiplatform.agents.delete
-
aiplatform.agents.get
-
aiplatform.agents.list
-
aiplatform.agents.update
aiplatform.annotationSpecs.*
-
aiplatform.
annotationSpecs. create -
aiplatform.
annotationSpecs. delete -
aiplatform.annotationSpecs.get
-
aiplatform.
annotationSpecs. list -
aiplatform.
annotationSpecs. update
aiplatform.annotations.*
-
aiplatform.annotations.create
-
aiplatform.annotations.delete
-
aiplatform.annotations.get
-
aiplatform.annotations.list
-
aiplatform.annotations.update
aiplatform.apps.*
-
aiplatform.apps.create
-
aiplatform.apps.delete
-
aiplatform.apps.get
-
aiplatform.apps.list
-
aiplatform.apps.update
aiplatform.artifacts.*
-
aiplatform.artifacts.create
-
aiplatform.artifacts.delete
-
aiplatform.artifacts.get
-
aiplatform.artifacts.list
-
aiplatform.artifacts.update
aiplatform.
-
aiplatform.
batchPredictionJobs. cancel -
aiplatform.
batchPredictionJobs. create -
aiplatform.
batchPredictionJobs. delete -
aiplatform.
batchPredictionJobs. get -
aiplatform.
batchPredictionJobs. list
aiplatform.cacheConfigs.get
aiplatform.consents.get
aiplatform.contexts.*
-
aiplatform.
contexts. addContextArtifactsAndExecutions -
aiplatform.
contexts. addContextChildren -
aiplatform.contexts.create
-
aiplatform.contexts.delete
-
aiplatform.contexts.get
-
aiplatform.contexts.list
-
aiplatform.
contexts. queryContextLineageSubgraph -
aiplatform.contexts.update
aiplatform.customJobs.*
-
aiplatform.customJobs.cancel
-
aiplatform.customJobs.create
-
aiplatform.customJobs.delete
-
aiplatform.customJobs.get
-
aiplatform.customJobs.list
aiplatform.dataItems.*
-
aiplatform.dataItems.create
-
aiplatform.dataItems.delete
-
aiplatform.dataItems.get
-
aiplatform.dataItems.list
-
aiplatform.dataItems.update
aiplatform.dataLabelingJobs.*
-
aiplatform.
dataLabelingJobs. cancel -
aiplatform.
dataLabelingJobs. create -
aiplatform.
dataLabelingJobs. delete -
aiplatform.
dataLabelingJobs. get -
aiplatform.
dataLabelingJobs. list
aiplatform.datasetVersions.*
-
aiplatform.
datasetVersions. create -
aiplatform.
datasetVersions. delete -
aiplatform.datasetVersions.get
-
aiplatform.
datasetVersions. list -
aiplatform.
datasetVersions. restore
aiplatform.datasets.*
-
aiplatform.datasets.create
-
aiplatform.datasets.delete
-
aiplatform.datasets.export
-
aiplatform.datasets.get
-
aiplatform.datasets.import
-
aiplatform.datasets.list
-
aiplatform.datasets.update
aiplatform.
-
aiplatform.
deploymentResourcePools. create -
aiplatform.
deploymentResourcePools. delete -
aiplatform.
deploymentResourcePools. get -
aiplatform.
deploymentResourcePools. list -
aiplatform.
deploymentResourcePools. queryDeployedModels -
aiplatform.
deploymentResourcePools. update
aiplatform.
-
aiplatform.
edgeDeploymentJobs. create -
aiplatform.
edgeDeploymentJobs. delete -
aiplatform.
edgeDeploymentJobs. get -
aiplatform.
edgeDeploymentJobs. list
aiplatform.
aiplatform.edgeDevices.*
-
aiplatform.edgeDevices.create
-
aiplatform.edgeDevices.delete
-
aiplatform.edgeDevices.get
-
aiplatform.edgeDevices.list
-
aiplatform.edgeDevices.update
aiplatform.endpoints.create
aiplatform.endpoints.delete
aiplatform.endpoints.deploy
aiplatform.endpoints.explain
aiplatform.endpoints.get
aiplatform.endpoints.list
aiplatform.endpoints.predict
aiplatform.endpoints.undeploy
aiplatform.endpoints.update
aiplatform.entityTypes.create
aiplatform.entityTypes.delete
aiplatform.
aiplatform.
aiplatform.entityTypes.get
aiplatform.
aiplatform.entityTypes.list
aiplatform.
aiplatform.
aiplatform.entityTypes.update
aiplatform.
aiplatform.executions.*
-
aiplatform.
executions. addExecutionEvents -
aiplatform.executions.create
-
aiplatform.executions.delete
-
aiplatform.executions.get
-
aiplatform.executions.list
-
aiplatform.
executions. queryExecutionInputsAndOutputs -
aiplatform.executions.update
aiplatform.extensions.*
-
aiplatform.extensions.delete
-
aiplatform.extensions.execute
-
aiplatform.extensions.get
-
aiplatform.extensions.import
-
aiplatform.extensions.list
-
aiplatform.extensions.update
aiplatform.featureGroups.*
-
aiplatform.
featureGroups. create -
aiplatform.
featureGroups. delete -
aiplatform.featureGroups.get
-
aiplatform.featureGroups.list
-
aiplatform.
featureGroups. update
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.featureViewSyncs.*
-
aiplatform.
featureViewSyncs. get -
aiplatform.
featureViewSyncs. list
aiplatform.featureViews.create
aiplatform.featureViews.delete
aiplatform.
aiplatform.featureViews.get
aiplatform.featureViews.list
aiplatform.
aiplatform.featureViews.sync
aiplatform.featureViews.update
aiplatform.features.*
-
aiplatform.features.create
-
aiplatform.features.delete
-
aiplatform.features.get
-
aiplatform.features.list
-
aiplatform.features.update
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.featurestores.get
aiplatform.
aiplatform.featurestores.list
aiplatform.
aiplatform.
aiplatform.
aiplatform.humanInTheLoops.*
-
aiplatform.
humanInTheLoops. cancel -
aiplatform.
humanInTheLoops. create -
aiplatform.
humanInTheLoops. delete -
aiplatform.humanInTheLoops.get
-
aiplatform.
humanInTheLoops. list -
aiplatform.
humanInTheLoops. queryAnnotationStats -
aiplatform.
humanInTheLoops. send -
aiplatform.
humanInTheLoops. update
aiplatform.
-
aiplatform.
hyperparameterTuningJobs. cancel -
aiplatform.
hyperparameterTuningJobs. create -
aiplatform.
hyperparameterTuningJobs. delete -
aiplatform.
hyperparameterTuningJobs. get -
aiplatform.
hyperparameterTuningJobs. list
aiplatform.indexEndpoints.*
-
aiplatform.
indexEndpoints. create -
aiplatform.
indexEndpoints. delete -
aiplatform.
indexEndpoints. deploy -
aiplatform.indexEndpoints.get
-
aiplatform.indexEndpoints.list
-
aiplatform.
indexEndpoints. queryVectors -
aiplatform.
indexEndpoints. undeploy -
aiplatform.
indexEndpoints. update
aiplatform.indexes.*
-
aiplatform.indexes.create
-
aiplatform.indexes.delete
-
aiplatform.indexes.get
-
aiplatform.indexes.list
-
aiplatform.indexes.update
aiplatform.locations.*
-
aiplatform.locations.get
-
aiplatform.locations.list
aiplatform.metadataSchemas.*
-
aiplatform.
metadataSchemas. create -
aiplatform.
metadataSchemas. delete -
aiplatform.metadataSchemas.get
-
aiplatform.
metadataSchemas. list
aiplatform.metadataStores.*
-
aiplatform.
metadataStores. create -
aiplatform.
metadataStores. delete -
aiplatform.metadataStores.get
-
aiplatform.metadataStores.list
aiplatform.
-
aiplatform.
modelDeploymentMonitoringJobs. create -
aiplatform.
modelDeploymentMonitoringJobs. delete -
aiplatform.
modelDeploymentMonitoringJobs. get -
aiplatform.
modelDeploymentMonitoringJobs. list -
aiplatform.
modelDeploymentMonitoringJobs. pause -
aiplatform.
modelDeploymentMonitoringJobs. resume -
aiplatform.
modelDeploymentMonitoringJobs. searchStatsAnomalies -
aiplatform.
modelDeploymentMonitoringJobs. update
aiplatform.
-
aiplatform.
modelEvaluationSlices. get -
aiplatform.
modelEvaluationSlices. import -
aiplatform.
modelEvaluationSlices. list
aiplatform.modelEvaluations.*
-
aiplatform.
modelEvaluations. exportEvaluatedDataItems -
aiplatform.
modelEvaluations. get -
aiplatform.
modelEvaluations. import -
aiplatform.
modelEvaluations. list
aiplatform.models.*
-
aiplatform.models.delete
-
aiplatform.models.export
-
aiplatform.models.get
-
aiplatform.models.list
-
aiplatform.models.update
-
aiplatform.models.upload
aiplatform.nasJobs.*
-
aiplatform.nasJobs.cancel
-
aiplatform.nasJobs.create
-
aiplatform.nasJobs.delete
-
aiplatform.nasJobs.get
-
aiplatform.nasJobs.list
aiplatform.nasTrialDetails.*
-
aiplatform.nasTrialDetails.get
-
aiplatform.
nasTrialDetails. list
aiplatform.
-
aiplatform.
notebookExecutionJobs. create -
aiplatform.
notebookExecutionJobs. delete -
aiplatform.
notebookExecutionJobs. get -
aiplatform.
notebookExecutionJobs. list
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.notebookRuntimes.*
-
aiplatform.
notebookRuntimes. assign -
aiplatform.
notebookRuntimes. delete -
aiplatform.
notebookRuntimes. get -
aiplatform.
notebookRuntimes. list -
aiplatform.
notebookRuntimes. start -
aiplatform.
notebookRuntimes. update -
aiplatform.
notebookRuntimes. upgrade
aiplatform.operations.list
aiplatform.
aiplatform.
aiplatform.pipelineJobs.*
-
aiplatform.pipelineJobs.cancel
-
aiplatform.pipelineJobs.create
-
aiplatform.pipelineJobs.delete
-
aiplatform.pipelineJobs.get
-
aiplatform.pipelineJobs.list
aiplatform.reasoningEngines.*
-
aiplatform.
reasoningEngines. create -
aiplatform.
reasoningEngines. delete -
aiplatform.
reasoningEngines. get -
aiplatform.
reasoningEngines. list -
aiplatform.
reasoningEngines. query -
aiplatform.
reasoningEngines. update
aiplatform.schedules.*
-
aiplatform.schedules.create
-
aiplatform.schedules.delete
-
aiplatform.schedules.get
-
aiplatform.schedules.list
-
aiplatform.schedules.update
aiplatform.sessions.*
-
aiplatform.sessions.get
-
aiplatform.sessions.list
-
aiplatform.sessions.run
aiplatform.specialistPools.*
-
aiplatform.
specialistPools. create -
aiplatform.
specialistPools. delete -
aiplatform.specialistPools.get
-
aiplatform.
specialistPools. list -
aiplatform.
specialistPools. update
aiplatform.studies.*
-
aiplatform.studies.create
-
aiplatform.studies.delete
-
aiplatform.studies.get
-
aiplatform.studies.list
-
aiplatform.studies.update
aiplatform.
-
aiplatform.
tensorboardExperiments. create -
aiplatform.
tensorboardExperiments. delete -
aiplatform.
tensorboardExperiments. get -
aiplatform.
tensorboardExperiments. list -
aiplatform.
tensorboardExperiments. update -
aiplatform.
tensorboardExperiments. write
aiplatform.tensorboardRuns.*
-
aiplatform.
tensorboardRuns. batchCreate -
aiplatform.
tensorboardRuns. create -
aiplatform.
tensorboardRuns. delete -
aiplatform.tensorboardRuns.get
-
aiplatform.
tensorboardRuns. list -
aiplatform.
tensorboardRuns. update -
aiplatform.
tensorboardRuns. write
aiplatform.
-
aiplatform.
tensorboardTimeSeries. batchCreate -
aiplatform.
tensorboardTimeSeries. batchRead -
aiplatform.
tensorboardTimeSeries. create -
aiplatform.
tensorboardTimeSeries. delete -
aiplatform.
tensorboardTimeSeries. get -
aiplatform.
tensorboardTimeSeries. list -
aiplatform.
tensorboardTimeSeries. read -
aiplatform.
tensorboardTimeSeries. update
aiplatform.tensorboards.create
aiplatform.tensorboards.delete
aiplatform.tensorboards.get
aiplatform.tensorboards.list
aiplatform.tensorboards.update
aiplatform.trainingPipelines.*
-
aiplatform.
trainingPipelines. cancel -
aiplatform.
trainingPipelines. create -
aiplatform.
trainingPipelines. delete -
aiplatform.
trainingPipelines. get -
aiplatform.
trainingPipelines. list
aiplatform.trials.*
-
aiplatform.trials.create
-
aiplatform.trials.delete
-
aiplatform.trials.get
-
aiplatform.trials.list
-
aiplatform.trials.update
aiplatform.tuningJobs.*
-
aiplatform.tuningJobs.cancel
-
aiplatform.tuningJobs.create
-
aiplatform.tuningJobs.delete
-
aiplatform.tuningJobs.get
-
aiplatform.tuningJobs.list
-
aiplatform.
tuningJobs. vertexTune
resourcemanager.projects.get
resourcemanager.projects.list
Vertex AI Viewer
( roles/
)
Grants access to view all resource in Vertex AI
aiplatform.agentExamples.get
aiplatform.agentExamples.list
aiplatform.agents.get
aiplatform.agents.list
aiplatform.annotationSpecs.get
aiplatform.
aiplatform.annotations.get
aiplatform.annotations.list
aiplatform.apps.get
aiplatform.apps.list
aiplatform.artifacts.get
aiplatform.artifacts.list
aiplatform.
aiplatform.
aiplatform.cacheConfigs.get
aiplatform.consents.get
aiplatform.contexts.get
aiplatform.contexts.list
aiplatform.
aiplatform.customJobs.get
aiplatform.customJobs.list
aiplatform.dataItems.get
aiplatform.dataItems.list
aiplatform.
aiplatform.
aiplatform.datasetVersions.get
aiplatform.
aiplatform.datasets.get
aiplatform.datasets.list
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.edgeDevices.get
aiplatform.edgeDevices.list
aiplatform.endpoints.get
aiplatform.endpoints.list
aiplatform.entityTypes.get
aiplatform.entityTypes.list
aiplatform.executions.get
aiplatform.executions.list
aiplatform.
aiplatform.extensions.get
aiplatform.extensions.list
aiplatform.featureGroups.get
aiplatform.featureGroups.list
aiplatform.
aiplatform.
aiplatform.featureViewSyncs.*
-
aiplatform.
featureViewSyncs. get -
aiplatform.
featureViewSyncs. list
aiplatform.
aiplatform.featureViews.get
aiplatform.featureViews.list
aiplatform.
aiplatform.features.get
aiplatform.features.list
aiplatform.featurestores.get
aiplatform.featurestores.list
aiplatform.humanInTheLoops.get
aiplatform.
aiplatform.
aiplatform.
aiplatform.indexEndpoints.get
aiplatform.indexEndpoints.list
aiplatform.
aiplatform.indexes.get
aiplatform.indexes.list
aiplatform.locations.*
-
aiplatform.locations.get
-
aiplatform.locations.list
aiplatform.metadataSchemas.get
aiplatform.
aiplatform.metadataStores.get
aiplatform.metadataStores.list
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.models.get
aiplatform.models.list
aiplatform.nasJobs.get
aiplatform.nasJobs.list
aiplatform.nasTrialDetails.*
-
aiplatform.nasTrialDetails.get
-
aiplatform.
nasTrialDetails. list
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.operations.list
aiplatform.
aiplatform.
aiplatform.pipelineJobs.get
aiplatform.pipelineJobs.list
aiplatform.
aiplatform.
aiplatform.
aiplatform.schedules.get
aiplatform.schedules.list
aiplatform.sessions.get
aiplatform.sessions.list
aiplatform.specialistPools.get
aiplatform.
aiplatform.
aiplatform.studies.get
aiplatform.studies.list
aiplatform.
aiplatform.
aiplatform.tensorboardRuns.get
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.tensorboards.get
aiplatform.tensorboards.list
aiplatform.
aiplatform.
aiplatform.trials.get
aiplatform.trials.list
aiplatform.tuningJobs.get
aiplatform.tuningJobs.list
resourcemanager.projects.get
resourcemanager.projects.list
Basic roles
The older Google Cloud basic roles are common to all Google Cloud services. These roles are Owner, Editor, and Viewer.
The basic roles provide permissions across Google Cloud, not just for Vertex AI. For this reason, you should use Vertex AI roles whenever possible.
Custom roles
If the predefined IAM roles for Vertex AI don't meet your needs, you can define custom roles. Custom roles enable you to choose a specific set of permissions, create your own role with those permissions, and grant the role to users in your organization. For more information, see Understanding IAM custom roles .
Project-level versus resource-level policies
Setting a policy at the resource level doesn't affect project-level policies. A resource inherits all policies from its ancestry. You can use these two levels of granularity to customize permissions. For example, you can grant users read permissions at the project level so that they can read all resources in the project, and then you can grant users write permissions per resource (at the resource level).
Not all Vertex AI predefined roles and resources support resource-level policies. To see which roles can be used on which resources, view the descriptions for each role.
Supported resources
Vertex AI supports Vertex AI Feature Store featurestore and entity type resources. For more information, see Control access to Vertex AI Feature Store resources .
After granting or revoking access to a resource, those changes take time to propagate. For more information, see Access change propagation .
About service accounts and service agents
Service accounts
A service account is a special account used by an application or a virtual machine (VM) instance, not a person. You can create and assign permissions to service accounts to provide specific permissions to a resource or application.
For information about using a service account to customize the permissions available to a custom training container or a container that serves online predictions for a custom-trained model, read Using a custom service account .
Service accounts are identified by an email address.
Service agents
Service agents are automatically provided; they enable a service to access resources on your behalf.
When a service agent is created, the service agent is granted a predefined role for your project. The following table lists Vertex AI service agents, their email addresses, and their respective roles:
Name | Used for | Email address | Role |
---|---|---|---|
Vertex AI Service Agent
|
Vertex AI capabilities | service- PROJECT_NUMBER
@gcp-sa-aiplatform.iam.gserviceaccount.com
|
roles/aiplatform.serviceAgent
|
Vertex AI Custom Code Service Agent
|
Custom training code Ray on Vertex AI application code |
service- PROJECT_NUMBER
@gcp-sa-aiplatform-cc.iam.gserviceaccount.com
|
roles/aiplatform.customCodeServiceAgent
|
Vertex AI Extension Service Agent
|
Vertex Extensions | service- PROJECT_NUMBER
@gcp-sa-vertex-ex.iam.gserviceaccount.com
|
roles/aiplatform.extensionServiceAgent
|
Cloud AI Platform Notebooks Service Account
|
Vertex AI Workbench capabilities | service- PROJECT_NUMBER
@gcp-sa-notebooks.iam.gserviceaccount.com
|
roles/notebooks.serviceAgent
|
The Vertex AI Custom Code Service Agent is created only if you run custom training code to train a custom-trained model.
Service agent roles and permissions
See the following roles and permissions that are granted to Vertex AI service agents .
Vertex AI Service Agent
( roles/
)
Gives Vertex AI the permissions it needs to function.
aiplatform.agentExamples.*
-
aiplatform.
agentExamples. create -
aiplatform.
agentExamples. delete -
aiplatform.agentExamples.get
-
aiplatform.agentExamples.list
-
aiplatform.
agentExamples. update
aiplatform.agents.*
-
aiplatform.agents.create
-
aiplatform.agents.delete
-
aiplatform.agents.get
-
aiplatform.agents.list
-
aiplatform.agents.update
aiplatform.annotationSpecs.*
-
aiplatform.
annotationSpecs. create -
aiplatform.
annotationSpecs. delete -
aiplatform.annotationSpecs.get
-
aiplatform.
annotationSpecs. list -
aiplatform.
annotationSpecs. update
aiplatform.annotations.*
-
aiplatform.annotations.create
-
aiplatform.annotations.delete
-
aiplatform.annotations.get
-
aiplatform.annotations.list
-
aiplatform.annotations.update
aiplatform.apps.*
-
aiplatform.apps.create
-
aiplatform.apps.delete
-
aiplatform.apps.get
-
aiplatform.apps.list
-
aiplatform.apps.update
aiplatform.artifacts.*
-
aiplatform.artifacts.create
-
aiplatform.artifacts.delete
-
aiplatform.artifacts.get
-
aiplatform.artifacts.list
-
aiplatform.artifacts.update
aiplatform.
-
aiplatform.
batchPredictionJobs. cancel -
aiplatform.
batchPredictionJobs. create -
aiplatform.
batchPredictionJobs. delete -
aiplatform.
batchPredictionJobs. get -
aiplatform.
batchPredictionJobs. list
aiplatform.cacheConfigs.get
aiplatform.consents.get
aiplatform.contexts.*
-
aiplatform.
contexts. addContextArtifactsAndExecutions -
aiplatform.
contexts. addContextChildren -
aiplatform.contexts.create
-
aiplatform.contexts.delete
-
aiplatform.contexts.get
-
aiplatform.contexts.list
-
aiplatform.
contexts. queryContextLineageSubgraph -
aiplatform.contexts.update
aiplatform.customJobs.*
-
aiplatform.customJobs.cancel
-
aiplatform.customJobs.create
-
aiplatform.customJobs.delete
-
aiplatform.customJobs.get
-
aiplatform.customJobs.list
aiplatform.dataItems.*
-
aiplatform.dataItems.create
-
aiplatform.dataItems.delete
-
aiplatform.dataItems.get
-
aiplatform.dataItems.list
-
aiplatform.dataItems.update
aiplatform.dataLabelingJobs.*
-
aiplatform.
dataLabelingJobs. cancel -
aiplatform.
dataLabelingJobs. create -
aiplatform.
dataLabelingJobs. delete -
aiplatform.
dataLabelingJobs. get -
aiplatform.
dataLabelingJobs. list
aiplatform.datasetVersions.*
-
aiplatform.
datasetVersions. create -
aiplatform.
datasetVersions. delete -
aiplatform.datasetVersions.get
-
aiplatform.
datasetVersions. list -
aiplatform.
datasetVersions. restore
aiplatform.datasets.*
-
aiplatform.datasets.create
-
aiplatform.datasets.delete
-
aiplatform.datasets.export
-
aiplatform.datasets.get
-
aiplatform.datasets.import
-
aiplatform.datasets.list
-
aiplatform.datasets.update
aiplatform.
-
aiplatform.
deploymentResourcePools. create -
aiplatform.
deploymentResourcePools. delete -
aiplatform.
deploymentResourcePools. get -
aiplatform.
deploymentResourcePools. list -
aiplatform.
deploymentResourcePools. queryDeployedModels -
aiplatform.
deploymentResourcePools. update
aiplatform.
-
aiplatform.
edgeDeploymentJobs. create -
aiplatform.
edgeDeploymentJobs. delete -
aiplatform.
edgeDeploymentJobs. get -
aiplatform.
edgeDeploymentJobs. list
aiplatform.
aiplatform.edgeDevices.*
-
aiplatform.edgeDevices.create
-
aiplatform.edgeDevices.delete
-
aiplatform.edgeDevices.get
-
aiplatform.edgeDevices.list
-
aiplatform.edgeDevices.update
aiplatform.endpoints.create
aiplatform.endpoints.delete
aiplatform.endpoints.deploy
aiplatform.endpoints.explain
aiplatform.endpoints.get
aiplatform.endpoints.list
aiplatform.endpoints.predict
aiplatform.endpoints.undeploy
aiplatform.endpoints.update
aiplatform.entityTypes.create
aiplatform.entityTypes.delete
aiplatform.
aiplatform.
aiplatform.entityTypes.get
aiplatform.
aiplatform.entityTypes.list
aiplatform.
aiplatform.
aiplatform.entityTypes.update
aiplatform.
aiplatform.executions.*
-
aiplatform.
executions. addExecutionEvents -
aiplatform.executions.create
-
aiplatform.executions.delete
-
aiplatform.executions.get
-
aiplatform.executions.list
-
aiplatform.
executions. queryExecutionInputsAndOutputs -
aiplatform.executions.update
aiplatform.extensions.*
-
aiplatform.extensions.delete
-
aiplatform.extensions.execute
-
aiplatform.extensions.get
-
aiplatform.extensions.import
-
aiplatform.extensions.list
-
aiplatform.extensions.update
aiplatform.featureGroups.*
-
aiplatform.
featureGroups. create -
aiplatform.
featureGroups. delete -
aiplatform.featureGroups.get
-
aiplatform.featureGroups.list
-
aiplatform.
featureGroups. update
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.featureViewSyncs.*
-
aiplatform.
featureViewSyncs. get -
aiplatform.
featureViewSyncs. list
aiplatform.featureViews.create
aiplatform.featureViews.delete
aiplatform.
aiplatform.featureViews.get
aiplatform.featureViews.list
aiplatform.
aiplatform.featureViews.sync
aiplatform.featureViews.update
aiplatform.features.*
-
aiplatform.features.create
-
aiplatform.features.delete
-
aiplatform.features.get
-
aiplatform.features.list
-
aiplatform.features.update
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.featurestores.get
aiplatform.
aiplatform.featurestores.list
aiplatform.
aiplatform.
aiplatform.
aiplatform.humanInTheLoops.*
-
aiplatform.
humanInTheLoops. cancel -
aiplatform.
humanInTheLoops. create -
aiplatform.
humanInTheLoops. delete -
aiplatform.humanInTheLoops.get
-
aiplatform.
humanInTheLoops. list -
aiplatform.
humanInTheLoops. queryAnnotationStats -
aiplatform.
humanInTheLoops. send -
aiplatform.
humanInTheLoops. update
aiplatform.
-
aiplatform.
hyperparameterTuningJobs. cancel -
aiplatform.
hyperparameterTuningJobs. create -
aiplatform.
hyperparameterTuningJobs. delete -
aiplatform.
hyperparameterTuningJobs. get -
aiplatform.
hyperparameterTuningJobs. list
aiplatform.indexEndpoints.*
-
aiplatform.
indexEndpoints. create -
aiplatform.
indexEndpoints. delete -
aiplatform.
indexEndpoints. deploy -
aiplatform.indexEndpoints.get
-
aiplatform.indexEndpoints.list
-
aiplatform.
indexEndpoints. queryVectors -
aiplatform.
indexEndpoints. undeploy -
aiplatform.
indexEndpoints. update
aiplatform.indexes.*
-
aiplatform.indexes.create
-
aiplatform.indexes.delete
-
aiplatform.indexes.get
-
aiplatform.indexes.list
-
aiplatform.indexes.update
aiplatform.locations.*
-
aiplatform.locations.get
-
aiplatform.locations.list
aiplatform.metadataSchemas.*
-
aiplatform.
metadataSchemas. create -
aiplatform.
metadataSchemas. delete -
aiplatform.metadataSchemas.get
-
aiplatform.
metadataSchemas. list
aiplatform.metadataStores.*
-
aiplatform.
metadataStores. create -
aiplatform.
metadataStores. delete -
aiplatform.metadataStores.get
-
aiplatform.metadataStores.list
aiplatform.
-
aiplatform.
modelDeploymentMonitoringJobs. create -
aiplatform.
modelDeploymentMonitoringJobs. delete -
aiplatform.
modelDeploymentMonitoringJobs. get -
aiplatform.
modelDeploymentMonitoringJobs. list -
aiplatform.
modelDeploymentMonitoringJobs. pause -
aiplatform.
modelDeploymentMonitoringJobs. resume -
aiplatform.
modelDeploymentMonitoringJobs. searchStatsAnomalies -
aiplatform.
modelDeploymentMonitoringJobs. update
aiplatform.
-
aiplatform.
modelEvaluationSlices. get -
aiplatform.
modelEvaluationSlices. import -
aiplatform.
modelEvaluationSlices. list
aiplatform.modelEvaluations.*
-
aiplatform.
modelEvaluations. exportEvaluatedDataItems -
aiplatform.
modelEvaluations. get -
aiplatform.
modelEvaluations. import -
aiplatform.
modelEvaluations. list
aiplatform.models.*
-
aiplatform.models.delete
-
aiplatform.models.export
-
aiplatform.models.get
-
aiplatform.models.list
-
aiplatform.models.update
-
aiplatform.models.upload
aiplatform.nasJobs.*
-
aiplatform.nasJobs.cancel
-
aiplatform.nasJobs.create
-
aiplatform.nasJobs.delete
-
aiplatform.nasJobs.get
-
aiplatform.nasJobs.list
aiplatform.nasTrialDetails.*
-
aiplatform.nasTrialDetails.get
-
aiplatform.
nasTrialDetails. list
aiplatform.
-
aiplatform.
notebookExecutionJobs. create -
aiplatform.
notebookExecutionJobs. delete -
aiplatform.
notebookExecutionJobs. get -
aiplatform.
notebookExecutionJobs. list
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.notebookRuntimes.*
-
aiplatform.
notebookRuntimes. assign -
aiplatform.
notebookRuntimes. delete -
aiplatform.
notebookRuntimes. get -
aiplatform.
notebookRuntimes. list -
aiplatform.
notebookRuntimes. start -
aiplatform.
notebookRuntimes. update -
aiplatform.
notebookRuntimes. upgrade
aiplatform.operations.list
aiplatform.
aiplatform.
aiplatform.pipelineJobs.*
-
aiplatform.pipelineJobs.cancel
-
aiplatform.pipelineJobs.create
-
aiplatform.pipelineJobs.delete
-
aiplatform.pipelineJobs.get
-
aiplatform.pipelineJobs.list
aiplatform.reasoningEngines.*
-
aiplatform.
reasoningEngines. create -
aiplatform.
reasoningEngines. delete -
aiplatform.
reasoningEngines. get -
aiplatform.
reasoningEngines. list -
aiplatform.
reasoningEngines. query -
aiplatform.
reasoningEngines. update
aiplatform.schedules.*
-
aiplatform.schedules.create
-
aiplatform.schedules.delete
-
aiplatform.schedules.get
-
aiplatform.schedules.list
-
aiplatform.schedules.update
aiplatform.sessions.*
-
aiplatform.sessions.get
-
aiplatform.sessions.list
-
aiplatform.sessions.run
aiplatform.specialistPools.*
-
aiplatform.
specialistPools. create -
aiplatform.
specialistPools. delete -
aiplatform.specialistPools.get
-
aiplatform.
specialistPools. list -
aiplatform.
specialistPools. update
aiplatform.studies.*
-
aiplatform.studies.create
-
aiplatform.studies.delete
-
aiplatform.studies.get
-
aiplatform.studies.list
-
aiplatform.studies.update
aiplatform.
-
aiplatform.
tensorboardExperiments. create -
aiplatform.
tensorboardExperiments. delete -
aiplatform.
tensorboardExperiments. get -
aiplatform.
tensorboardExperiments. list -
aiplatform.
tensorboardExperiments. update -
aiplatform.
tensorboardExperiments. write
aiplatform.tensorboardRuns.*
-
aiplatform.
tensorboardRuns. batchCreate -
aiplatform.
tensorboardRuns. create -
aiplatform.
tensorboardRuns. delete -
aiplatform.tensorboardRuns.get
-
aiplatform.
tensorboardRuns. list -
aiplatform.
tensorboardRuns. update -
aiplatform.
tensorboardRuns. write
aiplatform.
-
aiplatform.
tensorboardTimeSeries. batchCreate -
aiplatform.
tensorboardTimeSeries. batchRead -
aiplatform.
tensorboardTimeSeries. create -
aiplatform.
tensorboardTimeSeries. delete -
aiplatform.
tensorboardTimeSeries. get -
aiplatform.
tensorboardTimeSeries. list -
aiplatform.
tensorboardTimeSeries. read -
aiplatform.
tensorboardTimeSeries. update
aiplatform.tensorboards.create
aiplatform.tensorboards.delete
aiplatform.tensorboards.get
aiplatform.tensorboards.list
aiplatform.tensorboards.update
aiplatform.trainingPipelines.*
-
aiplatform.
trainingPipelines. cancel -
aiplatform.
trainingPipelines. create -
aiplatform.
trainingPipelines. delete -
aiplatform.
trainingPipelines. get -
aiplatform.
trainingPipelines. list
aiplatform.trials.*
-
aiplatform.trials.create
-
aiplatform.trials.delete
-
aiplatform.trials.get
-
aiplatform.trials.list
-
aiplatform.trials.update
aiplatform.tuningJobs.*
-
aiplatform.tuningJobs.cancel
-
aiplatform.tuningJobs.create
-
aiplatform.tuningJobs.delete
-
aiplatform.tuningJobs.get
-
aiplatform.tuningJobs.list
-
aiplatform.
tuningJobs. vertexTune
artifactregistry.
artifactregistry.
artifactregistry.
artifactregistry.
artifactregistry.
artifactregistry.tags.get
artifactregistry.versions.get
automl.datasets.export
automl.datasets.get
automl.datasets.list
automl.modelEvaluations.list
automl.models.get
automl.models.list
automl.operations.get
automl.tableSpecs.get
bigquery.datasets.create
bigquery.datasets.get
bigquery.jobs.create
bigquery.jobs.get
bigquery.models.create
bigquery.models.export
bigquery.models.getData
bigquery.readsessions.create
bigquery.readsessions.getData
bigquery.tables.create
bigquery.tables.export
bigquery.tables.get
bigquery.tables.getData
bigquery.tables.update
bigquery.tables.updateData
bigtable.tables.get
bigtable.tables.list
bigtable.tables.readRows
compute.addresses.get
compute.addresses.list
compute.addresses.use
compute.addresses.useInternal
compute.disks.create
compute.disks.createSnapshot
compute.disks.createTagBinding
compute.disks.delete
compute.disks.get
compute.disks.setLabels
compute.disks.use
compute.disks.useReadOnly
compute.globalOperations.get
compute.instances.attachDisk
compute.instances.create
compute.
compute.instances.delete
compute.instances.detachDisk
compute.instances.get
compute.
compute.instances.setLabels
compute.instances.setMetadata
compute.
compute.instances.setTags
compute.instances.start
compute.instances.stop
compute.instances.useReadOnly
compute.machineTypes.get
compute.networks.get
compute.networks.use
compute.networks.useExternalIp
compute.snapshots.create
compute.snapshots.delete
compute.snapshots.useReadOnly
compute.subnetworks.get
compute.subnetworks.list
compute.subnetworks.use
compute.
compute.zoneOperations.get
dataflow.jobs.*
-
dataflow.jobs.cancel
-
dataflow.jobs.create
-
dataflow.jobs.get
-
dataflow.jobs.list
-
dataflow.jobs.snapshot
-
dataflow.jobs.updateContents
dataflow.messages.list
dataflow.metrics.get
dataflow.snapshots.*
-
dataflow.snapshots.delete
-
dataflow.snapshots.get
-
dataflow.snapshots.list
datalabeling.
datalabeling.datasets.export
datalabeling.datasets.get
datalabeling.datasets.list
datalabeling.operations.get
iam.serviceAccounts.actAs
iam.
logging.logEntries.create
logging.logEntries.route
ml.models.list
ml.operations.get
ml.versions.get
ml.versions.list
monitoring.
notebooks.instances.create
notebooks.instances.delete
notebooks.instances.get
resourcemanager.projects.get
resourcemanager.projects.list
run.executions.delete
run.executions.get
run.jobs.create
run.jobs.delete
run.jobs.get
run.jobs.run
run.jobs.update
run.operations.delete
run.operations.get
run.routes.invoke
run.services.create
run.services.delete
run.services.get
serviceusage.services.use
storage.buckets.create
storage.buckets.delete
storage.buckets.get
storage.buckets.list
storage.objects.create
storage.objects.delete
storage.objects.get
storage.objects.list
storage.objects.update
Vertex AI Custom Code Service Agent
( roles/
)
Gives Vertex AI Custom Code the proper permissions.
aiplatform.agentExamples.*
-
aiplatform.
agentExamples. create -
aiplatform.
agentExamples. delete -
aiplatform.agentExamples.get
-
aiplatform.agentExamples.list
-
aiplatform.
agentExamples. update
aiplatform.agents.*
-
aiplatform.agents.create
-
aiplatform.agents.delete
-
aiplatform.agents.get
-
aiplatform.agents.list
-
aiplatform.agents.update
aiplatform.annotationSpecs.*
-
aiplatform.
annotationSpecs. create -
aiplatform.
annotationSpecs. delete -
aiplatform.annotationSpecs.get
-
aiplatform.
annotationSpecs. list -
aiplatform.
annotationSpecs. update
aiplatform.annotations.*
-
aiplatform.annotations.create
-
aiplatform.annotations.delete
-
aiplatform.annotations.get
-
aiplatform.annotations.list
-
aiplatform.annotations.update
aiplatform.apps.*
-
aiplatform.apps.create
-
aiplatform.apps.delete
-
aiplatform.apps.get
-
aiplatform.apps.list
-
aiplatform.apps.update
aiplatform.artifacts.*
-
aiplatform.artifacts.create
-
aiplatform.artifacts.delete
-
aiplatform.artifacts.get
-
aiplatform.artifacts.list
-
aiplatform.artifacts.update
aiplatform.
-
aiplatform.
batchPredictionJobs. cancel -
aiplatform.
batchPredictionJobs. create -
aiplatform.
batchPredictionJobs. delete -
aiplatform.
batchPredictionJobs. get -
aiplatform.
batchPredictionJobs. list
aiplatform.cacheConfigs.get
aiplatform.consents.get
aiplatform.contexts.*
-
aiplatform.
contexts. addContextArtifactsAndExecutions -
aiplatform.
contexts. addContextChildren -
aiplatform.contexts.create
-
aiplatform.contexts.delete
-
aiplatform.contexts.get
-
aiplatform.contexts.list
-
aiplatform.
contexts. queryContextLineageSubgraph -
aiplatform.contexts.update
aiplatform.customJobs.*
-
aiplatform.customJobs.cancel
-
aiplatform.customJobs.create
-
aiplatform.customJobs.delete
-
aiplatform.customJobs.get
-
aiplatform.customJobs.list
aiplatform.dataItems.*
-
aiplatform.dataItems.create
-
aiplatform.dataItems.delete
-
aiplatform.dataItems.get
-
aiplatform.dataItems.list
-
aiplatform.dataItems.update
aiplatform.dataLabelingJobs.*
-
aiplatform.
dataLabelingJobs. cancel -
aiplatform.
dataLabelingJobs. create -
aiplatform.
dataLabelingJobs. delete -
aiplatform.
dataLabelingJobs. get -
aiplatform.
dataLabelingJobs. list
aiplatform.datasetVersions.*
-
aiplatform.
datasetVersions. create -
aiplatform.
datasetVersions. delete -
aiplatform.datasetVersions.get
-
aiplatform.
datasetVersions. list -
aiplatform.
datasetVersions. restore
aiplatform.datasets.*
-
aiplatform.datasets.create
-
aiplatform.datasets.delete
-
aiplatform.datasets.export
-
aiplatform.datasets.get
-
aiplatform.datasets.import
-
aiplatform.datasets.list
-
aiplatform.datasets.update
aiplatform.
-
aiplatform.
deploymentResourcePools. create -
aiplatform.
deploymentResourcePools. delete -
aiplatform.
deploymentResourcePools. get -
aiplatform.
deploymentResourcePools. list -
aiplatform.
deploymentResourcePools. queryDeployedModels -
aiplatform.
deploymentResourcePools. update
aiplatform.
-
aiplatform.
edgeDeploymentJobs. create -
aiplatform.
edgeDeploymentJobs. delete -
aiplatform.
edgeDeploymentJobs. get -
aiplatform.
edgeDeploymentJobs. list
aiplatform.
aiplatform.edgeDevices.*
-
aiplatform.edgeDevices.create
-
aiplatform.edgeDevices.delete
-
aiplatform.edgeDevices.get
-
aiplatform.edgeDevices.list
-
aiplatform.edgeDevices.update
aiplatform.endpoints.create
aiplatform.endpoints.delete
aiplatform.endpoints.deploy
aiplatform.endpoints.explain
aiplatform.endpoints.get
aiplatform.endpoints.list
aiplatform.endpoints.predict
aiplatform.endpoints.undeploy
aiplatform.endpoints.update
aiplatform.entityTypes.create
aiplatform.entityTypes.delete
aiplatform.
aiplatform.
aiplatform.entityTypes.get
aiplatform.
aiplatform.entityTypes.list
aiplatform.
aiplatform.
aiplatform.entityTypes.update
aiplatform.
aiplatform.executions.*
-
aiplatform.
executions. addExecutionEvents -
aiplatform.executions.create
-
aiplatform.executions.delete
-
aiplatform.executions.get
-
aiplatform.executions.list
-
aiplatform.
executions. queryExecutionInputsAndOutputs -
aiplatform.executions.update
aiplatform.extensions.*
-
aiplatform.extensions.delete
-
aiplatform.extensions.execute
-
aiplatform.extensions.get
-
aiplatform.extensions.import
-
aiplatform.extensions.list
-
aiplatform.extensions.update
aiplatform.featureGroups.*
-
aiplatform.
featureGroups. create -
aiplatform.
featureGroups. delete -
aiplatform.featureGroups.get
-
aiplatform.featureGroups.list
-
aiplatform.
featureGroups. update
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.featureViewSyncs.*
-
aiplatform.
featureViewSyncs. get -
aiplatform.
featureViewSyncs. list
aiplatform.featureViews.create
aiplatform.featureViews.delete
aiplatform.
aiplatform.featureViews.get
aiplatform.featureViews.list
aiplatform.
aiplatform.featureViews.sync
aiplatform.featureViews.update
aiplatform.features.*
-
aiplatform.features.create
-
aiplatform.features.delete
-
aiplatform.features.get
-
aiplatform.features.list
-
aiplatform.features.update
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.featurestores.get
aiplatform.
aiplatform.featurestores.list
aiplatform.
aiplatform.
aiplatform.
aiplatform.humanInTheLoops.*
-
aiplatform.
humanInTheLoops. cancel -
aiplatform.
humanInTheLoops. create -
aiplatform.
humanInTheLoops. delete -
aiplatform.humanInTheLoops.get
-
aiplatform.
humanInTheLoops. list -
aiplatform.
humanInTheLoops. queryAnnotationStats -
aiplatform.
humanInTheLoops. send -
aiplatform.
humanInTheLoops. update
aiplatform.
-
aiplatform.
hyperparameterTuningJobs. cancel -
aiplatform.
hyperparameterTuningJobs. create -
aiplatform.
hyperparameterTuningJobs. delete -
aiplatform.
hyperparameterTuningJobs. get -
aiplatform.
hyperparameterTuningJobs. list
aiplatform.indexEndpoints.*
-
aiplatform.
indexEndpoints. create -
aiplatform.
indexEndpoints. delete -
aiplatform.
indexEndpoints. deploy -
aiplatform.indexEndpoints.get
-
aiplatform.indexEndpoints.list
-
aiplatform.
indexEndpoints. queryVectors -
aiplatform.
indexEndpoints. undeploy -
aiplatform.
indexEndpoints. update
aiplatform.indexes.*
-
aiplatform.indexes.create
-
aiplatform.indexes.delete
-
aiplatform.indexes.get
-
aiplatform.indexes.list
-
aiplatform.indexes.update
aiplatform.locations.*
-
aiplatform.locations.get
-
aiplatform.locations.list
aiplatform.metadataSchemas.*
-
aiplatform.
metadataSchemas. create -
aiplatform.
metadataSchemas. delete -
aiplatform.metadataSchemas.get
-
aiplatform.
metadataSchemas. list
aiplatform.metadataStores.*
-
aiplatform.
metadataStores. create -
aiplatform.
metadataStores. delete -
aiplatform.metadataStores.get
-
aiplatform.metadataStores.list
aiplatform.
-
aiplatform.
modelDeploymentMonitoringJobs. create -
aiplatform.
modelDeploymentMonitoringJobs. delete -
aiplatform.
modelDeploymentMonitoringJobs. get -
aiplatform.
modelDeploymentMonitoringJobs. list -
aiplatform.
modelDeploymentMonitoringJobs. pause -
aiplatform.
modelDeploymentMonitoringJobs. resume -
aiplatform.
modelDeploymentMonitoringJobs. searchStatsAnomalies -
aiplatform.
modelDeploymentMonitoringJobs. update
aiplatform.
-
aiplatform.
modelEvaluationSlices. get -
aiplatform.
modelEvaluationSlices. import -
aiplatform.
modelEvaluationSlices. list
aiplatform.modelEvaluations.*
-
aiplatform.
modelEvaluations. exportEvaluatedDataItems -
aiplatform.
modelEvaluations. get -
aiplatform.
modelEvaluations. import -
aiplatform.
modelEvaluations. list
aiplatform.models.*
-
aiplatform.models.delete
-
aiplatform.models.export
-
aiplatform.models.get
-
aiplatform.models.list
-
aiplatform.models.update
-
aiplatform.models.upload
aiplatform.nasJobs.*
-
aiplatform.nasJobs.cancel
-
aiplatform.nasJobs.create
-
aiplatform.nasJobs.delete
-
aiplatform.nasJobs.get
-
aiplatform.nasJobs.list
aiplatform.nasTrialDetails.*
-
aiplatform.nasTrialDetails.get
-
aiplatform.
nasTrialDetails. list
aiplatform.
-
aiplatform.
notebookExecutionJobs. create -
aiplatform.
notebookExecutionJobs. delete -
aiplatform.
notebookExecutionJobs. get -
aiplatform.
notebookExecutionJobs. list
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.
aiplatform.notebookRuntimes.*
-
aiplatform.
notebookRuntimes. assign -
aiplatform.
notebookRuntimes. delete -
aiplatform.
notebookRuntimes. get -
aiplatform.
notebookRuntimes. list -
aiplatform.
notebookRuntimes. start -
aiplatform.
notebookRuntimes. update -
aiplatform.
notebookRuntimes. upgrade
aiplatform.operations.list
aiplatform.
aiplatform.
aiplatform.pipelineJobs.*
-
aiplatform.pipelineJobs.cancel
-
aiplatform.pipelineJobs.create
-
aiplatform.pipelineJobs.delete
-
aiplatform.pipelineJobs.get
-
aiplatform.pipelineJobs.list
aiplatform.reasoningEngines.*
-
aiplatform.
reasoningEngines. create -
aiplatform.
reasoningEngines. delete -
aiplatform.
reasoningEngines. get -
aiplatform.
reasoningEngines. list -
aiplatform.
reasoningEngines. query -
aiplatform.
reasoningEngines. update
aiplatform.schedules.*
-
aiplatform.schedules.create
-
aiplatform.schedules.delete
-
aiplatform.schedules.get
-
aiplatform.schedules.list
-
aiplatform.schedules.update
aiplatform.sessions.*
-
aiplatform.sessions.get
-
aiplatform.sessions.list
-
aiplatform.sessions.run
aiplatform.specialistPools.*
-
aiplatform.
specialistPools. create -
aiplatform.
specialistPools. delete -
aiplatform.specialistPools.get
-
aiplatform.
specialistPools. list -
aiplatform.
specialistPools. update
aiplatform.studies.*
-
aiplatform.studies.create
-
aiplatform.studies.delete
-
aiplatform.studies.get
-
aiplatform.studies.list
-
aiplatform.studies.update
aiplatform.
-
aiplatform.
tensorboardExperiments. create -
aiplatform.
tensorboardExperiments. delete -
aiplatform.
tensorboardExperiments. get -
aiplatform.
tensorboardExperiments. list -
aiplatform.
tensorboardExperiments. update -
aiplatform.
tensorboardExperiments. write
aiplatform.tensorboardRuns.*
-
aiplatform.
tensorboardRuns. batchCreate -
aiplatform.
tensorboardRuns. create -
aiplatform.
tensorboardRuns. delete -
aiplatform.tensorboardRuns.get
-
aiplatform.
tensorboardRuns. list -
aiplatform.
tensorboardRuns. update -
aiplatform.
tensorboardRuns. write
aiplatform.
-
aiplatform.
tensorboardTimeSeries. batchCreate -
aiplatform.
tensorboardTimeSeries. batchRead -
aiplatform.
tensorboardTimeSeries. create -
aiplatform.
tensorboardTimeSeries. delete -
aiplatform.
tensorboardTimeSeries. get -
aiplatform.
tensorboardTimeSeries. list -
aiplatform.
tensorboardTimeSeries. read -
aiplatform.
tensorboardTimeSeries. update
aiplatform.tensorboards.create
aiplatform.tensorboards.delete
aiplatform.tensorboards.get
aiplatform.tensorboards.list
aiplatform.tensorboards.update
aiplatform.trainingPipelines.*
-
aiplatform.
trainingPipelines. cancel -
aiplatform.
trainingPipelines. create -
aiplatform.
trainingPipelines. delete -
aiplatform.
trainingPipelines. get -
aiplatform.
trainingPipelines. list
aiplatform.trials.*
-
aiplatform.trials.create
-
aiplatform.trials.delete
-
aiplatform.trials.get
-
aiplatform.trials.list
-
aiplatform.trials.update
aiplatform.tuningJobs.*
-
aiplatform.tuningJobs.cancel
-
aiplatform.tuningJobs.create
-
aiplatform.tuningJobs.delete
-
aiplatform.tuningJobs.get
-
aiplatform.tuningJobs.list
-
aiplatform.
tuningJobs. vertexTune
artifactregistry.
artifactregistry.
artifactregistry.
artifactregistry.tags.get
artifactregistry.versions.get
bigquery.datasets.create
bigquery.datasets.get
bigquery.jobs.create
bigquery.jobs.get
bigquery.readsessions.create
bigquery.readsessions.getData
bigquery.tables.create
bigquery.tables.export
bigquery.tables.get
bigquery.tables.getData
bigquery.tables.update
bigquery.tables.updateData
iam.serviceAccounts.get
iam.
iam.
iam.
iam.serviceAccounts.list
iam.serviceAccounts.signBlob
iam.serviceAccounts.signJwt
logging.logEntries.create
logging.logEntries.route
monitoring.
monitoring.
monitoring.
monitoring.
-
monitoring.
monitoredResourceDescriptors. get -
monitoring.
monitoredResourceDescriptors. list
monitoring.timeSeries.create
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.services.use
storage.buckets.create
storage.buckets.delete
storage.buckets.get
storage.buckets.list
storage.objects.create
storage.objects.delete
storage.objects.get
storage.objects.list
storage.objects.update
AI Platform Notebooks Service Agent
( roles/
)
Provide access for notebooks service agent to manage notebook instances in user projects
aiplatform.customJobs.cancel
aiplatform.customJobs.create
aiplatform.customJobs.get
aiplatform.customJobs.list
compute.acceleratorTypes.*
-
compute.acceleratorTypes.get
-
compute.acceleratorTypes.list
compute.
compute.
compute.addresses.get
compute.addresses.list
compute.addresses.use
compute.addresses.useInternal
compute.autoscalers.*
-
compute.autoscalers.create
-
compute.autoscalers.delete
-
compute.autoscalers.get
-
compute.autoscalers.list
-
compute.autoscalers.update
compute.backendBuckets.get
compute.
compute.backendBuckets.list
compute.
compute.
compute.backendServices.get
compute.
compute.backendServices.list
compute.
compute.
compute.commitments.get
compute.commitments.list
compute.diskTypes.*
-
compute.diskTypes.get
-
compute.diskTypes.list
compute.disks.*
-
compute.
disks. addResourcePolicies -
compute.disks.create
-
compute.disks.createSnapshot
-
compute.disks.createTagBinding
-
compute.disks.delete
-
compute.disks.deleteTagBinding
-
compute.disks.get
-
compute.disks.getIamPolicy
-
compute.disks.list
-
compute.
disks. listEffectiveTags -
compute.disks.listTagBindings
-
compute.
disks. removeResourcePolicies -
compute.disks.resize
-
compute.disks.setIamPolicy
-
compute.disks.setLabels
-
compute.
disks. startAsyncReplication -
compute.
disks. stopAsyncReplication -
compute.
disks. stopGroupAsyncReplication -
compute.disks.update
-
compute.disks.use
-
compute.disks.useReadOnly
compute.
compute.
compute.firewallPolicies.get
compute.
compute.firewallPolicies.list
compute.
compute.
compute.firewalls.get
compute.firewalls.list
compute.
compute.
compute.forwardingRules.get
compute.forwardingRules.list
compute.
compute.
compute.futureReservations.get
compute.
compute.
compute.globalAddresses.get
compute.globalAddresses.list
compute.globalAddresses.use
compute.
compute.
compute.
compute.
compute.
compute.
-
compute.
globalNetworkEndpointGroups. attachNetworkEndpoints -
compute.
globalNetworkEndpointGroups. create -
compute.
globalNetworkEndpointGroups. createTagBinding -
compute.
globalNetworkEndpointGroups. delete -
compute.
globalNetworkEndpointGroups. deleteTagBinding -
compute.
globalNetworkEndpointGroups. detachNetworkEndpoints -
compute.
globalNetworkEndpointGroups. get -
compute.
globalNetworkEndpointGroups. list -
compute.
globalNetworkEndpointGroups. listEffectiveTags -
compute.
globalNetworkEndpointGroups. listTagBindings -
compute.
globalNetworkEndpointGroups. use
compute.globalOperations.get
compute.
compute.globalOperations.list
compute.
compute.
compute.healthChecks.get
compute.healthChecks.list
compute.
compute.
compute.httpHealthChecks.get
compute.httpHealthChecks.list
compute.
compute.
compute.httpsHealthChecks.get
compute.httpsHealthChecks.list
compute.
compute.
compute.images.*
-
compute.images.create
-
compute.
images. createTagBinding -
compute.images.delete
-
compute.
images. deleteTagBinding -
compute.images.deprecate
-
compute.images.get
-
compute.images.getFromFamily
-
compute.images.getIamPolicy
-
compute.images.list
-
compute.
images. listEffectiveTags -
compute.images.listTagBindings
-
compute.images.setIamPolicy
-
compute.images.setLabels
-
compute.images.update
-
compute.images.useReadOnly
compute.
-
compute.
instanceGroupManagers. create -
compute.
instanceGroupManagers. createTagBinding -
compute.
instanceGroupManagers. delete -
compute.
instanceGroupManagers. deleteTagBinding -
compute.
instanceGroupManagers. get -
compute.
instanceGroupManagers. list -
compute.
instanceGroupManagers. listEffectiveTags -
compute.
instanceGroupManagers. listTagBindings -
compute.
instanceGroupManagers. update -
compute.
instanceGroupManagers. use
compute.instanceGroups.*
-
compute.instanceGroups.create
-
compute.instanceGroups.delete
-
compute.instanceGroups.get
-
compute.instanceGroups.list
-
compute.instanceGroups.update
-
compute.instanceGroups.use
compute.instanceSettings.*
-
compute.instanceSettings.get
-
compute.
instanceSettings. update
compute.instanceTemplates.*
-
compute.
instanceTemplates. create -
compute.
instanceTemplates. delete -
compute.instanceTemplates.get
-
compute.
instanceTemplates. getIamPolicy -
compute.instanceTemplates.list
-
compute.
instanceTemplates. setIamPolicy -
compute.
instanceTemplates. useReadOnly
compute.instances.*
-
compute.
instances. addAccessConfig -
compute.
instances. addMaintenancePolicies -
compute.
instances. addResourcePolicies -
compute.instances.attachDisk
-
compute.instances.create
-
compute.
instances. createTagBinding -
compute.instances.delete
-
compute.
instances. deleteAccessConfig -
compute.
instances. deleteTagBinding -
compute.instances.detachDisk
-
compute.instances.get
-
compute.
instances. getEffectiveFirewalls -
compute.
instances. getGuestAttributes -
compute.instances.getIamPolicy
-
compute.
instances. getScreenshot -
compute.
instances. getSerialPortOutput -
compute.
instances. getShieldedInstanceIdentity -
compute.
instances. getShieldedVmIdentity -
compute.instances.list
-
compute.
instances. listEffectiveTags -
compute.
instances. listReferrers -
compute.
instances. listTagBindings -
compute.instances.osAdminLogin
-
compute.instances.osLogin
-
compute.
instances. pscInterfaceCreate -
compute.
instances. removeMaintenancePolicies -
compute.
instances. removeResourcePolicies -
compute.instances.reset
-
compute.instances.resume
-
compute.
instances. sendDiagnosticInterrupt -
compute.
instances. setDeletionProtection -
compute.
instances. setDiskAutoDelete -
compute.instances.setIamPolicy
-
compute.instances.setLabels
-
compute.
instances. setMachineResources -
compute.
instances. setMachineType -
compute.instances.setMetadata
-
compute.
instances. setMinCpuPlatform -
compute.instances.setName
-
compute.
instances. setScheduling -
compute.
instances. setSecurityPolicy -
compute.
instances. setServiceAccount -
compute.
instances. setShieldedInstanceIntegrityPolicy -
compute.
instances. setShieldedVmIntegrityPolicy -
compute.instances.setTags
-
compute.
instances. simulateMaintenanceEvent -
compute.instances.start
-
compute.
instances. startWithEncryptionKey -
compute.instances.stop
-
compute.instances.suspend
-
compute.instances.update
-
compute.
instances. updateAccessConfig -
compute.
instances. updateDisplayDevice -
compute.
instances. updateNetworkInterface -
compute.
instances. updateSecurity -
compute.
instances. updateShieldedInstanceConfig -
compute.
instances. updateShieldedVmConfig -
compute.instances.use
-
compute.instances.useReadOnly
compute.instantSnapshots.*
-
compute.
instantSnapshots. create -
compute.
instantSnapshots. delete -
compute.
instantSnapshots. export -
compute.instantSnapshots.get
-
compute.
instantSnapshots. getIamPolicy -
compute.instantSnapshots.list
-
compute.
instantSnapshots. setIamPolicy -
compute.
instantSnapshots. setLabels -
compute.
instantSnapshots. useReadOnly
compute.
compute.
compute.
-
compute.
interconnectLocations. get -
compute.
interconnectLocations. list
compute.
-
compute.
interconnectRemoteLocations. get -
compute.
interconnectRemoteLocations. list
compute.interconnects.get
compute.interconnects.list
compute.licenseCodes.*
-
compute.licenseCodes.get
-
compute.
licenseCodes. getIamPolicy -
compute.licenseCodes.list
-
compute.
licenseCodes. setIamPolicy -
compute.licenseCodes.update
-
compute.licenseCodes.use
compute.licenses.*
-
compute.licenses.create
-
compute.licenses.delete
-
compute.licenses.get
-
compute.licenses.getIamPolicy
-
compute.licenses.list
-
compute.licenses.setIamPolicy
compute.machineImages.*
-
compute.machineImages.create
-
compute.machineImages.delete
-
compute.machineImages.get
-
compute.
machineImages. getIamPolicy -
compute.machineImages.list
-
compute.
machineImages. setIamPolicy -
compute.
machineImages. useReadOnly
compute.machineTypes.*
-
compute.machineTypes.get
-
compute.machineTypes.list
compute.
compute.
compute.
compute.networkAttachments.get
compute.
compute.
compute.
compute.
compute.
-
compute.
networkEndpointGroups. attachNetworkEndpoints -
compute.
networkEndpointGroups. create -
compute.
networkEndpointGroups. createTagBinding -
compute.
networkEndpointGroups. delete -
compute.
networkEndpointGroups. deleteTagBinding -
compute.
networkEndpointGroups. detachNetworkEndpoints -
compute.
networkEndpointGroups. get -
compute.
networkEndpointGroups. getIamPolicy -
compute.
networkEndpointGroups. list -
compute.
networkEndpointGroups. listEffectiveTags -
compute.
networkEndpointGroups. listTagBindings -
compute.
networkEndpointGroups. setIamPolicy -
compute.
networkEndpointGroups. use
compute.networks.get
compute.
compute.
compute.networks.list
compute.
compute.
compute.
compute.networks.use
compute.networks.useExternalIp
compute.nodeGroups.get
compute.
compute.nodeGroups.list
compute.nodeTemplates.get
compute.
compute.nodeTemplates.list
compute.nodeTypes.*
-
compute.nodeTypes.get
-
compute.nodeTypes.list
compute.
compute.packetMirrorings.get
compute.packetMirrorings.list
compute.projects.get
compute.
compute.
compute.
compute.
compute.
compute.
compute.
compute.
compute.
compute.
compute.
compute.
compute.
compute.
compute.
compute.
compute.
compute.regionHealthChecks.get
compute.
compute.
compute.
compute.
-
compute.
regionNetworkEndpointGroups. attachNetworkEndpoints -
compute.
regionNetworkEndpointGroups. create -
compute.
regionNetworkEndpointGroups. createTagBinding -
compute.
regionNetworkEndpointGroups. delete -
compute.
regionNetworkEndpointGroups. deleteTagBinding -
compute.
regionNetworkEndpointGroups. detachNetworkEndpoints -
compute.
regionNetworkEndpointGroups. get -
compute.
regionNetworkEndpointGroups. list -
compute.
regionNetworkEndpointGroups. listEffectiveTags -
compute.
regionNetworkEndpointGroups. listTagBindings -
compute.
regionNetworkEndpointGroups. use
compute.
compute.
compute.regionOperations.get
compute.
compute.regionOperations.list
compute.
compute.
compute.
compute.
compute.
compute.
compute.
compute.
compute.regionSslPolicies.get
compute.regionSslPolicies.list
compute.
compute.
compute.
compute.
compute.
compute.
compute.
compute.
compute.
compute.
compute.
compute.regionUrlMaps.get
compute.regionUrlMaps.list
compute.
compute.
compute.regionUrlMaps.validate
compute.regions.*
-
compute.regions.get
-
compute.regions.list
compute.reservations.get
compute.reservations.list
compute.resourcePolicies.*
-
compute.
resourcePolicies. create -
compute.
resourcePolicies. delete -
compute.resourcePolicies.get
-
compute.
resourcePolicies. getIamPolicy -
compute.resourcePolicies.list
-
compute.
resourcePolicies. setIamPolicy -
compute.
resourcePolicies. update -
compute.resourcePolicies.use
-
compute.
resourcePolicies. useReadOnly
compute.routers.get
compute.routers.getRoutePolicy
compute.routers.list
compute.routers.listBgpRoutes
compute.
compute.routes.get
compute.routes.list
compute.
compute.routes.listTagBindings
compute.securityPolicies.get
compute.
compute.securityPolicies.list
compute.
compute.
compute.serviceAttachments.get
compute.
compute.
compute.snapshotSettings.get
compute.snapshots.*
-
compute.snapshots.create
-
compute.
snapshots. createTagBinding -
compute.snapshots.delete
-
compute.
snapshots. deleteTagBinding -
compute.snapshots.get
-
compute.snapshots.getIamPolicy
-
compute.snapshots.list
-
compute.
snapshots. listEffectiveTags -
compute.
snapshots. listTagBindings -
compute.snapshots.setIamPolicy
-
compute.snapshots.setLabels
-
compute.snapshots.useReadOnly
compute.sslCertificates.get
compute.sslCertificates.list
compute.
compute.
compute.sslPolicies.get
compute.sslPolicies.list
compute.
compute.
compute.
compute.storagePools.get
compute.
compute.storagePools.list
compute.storagePools.use
compute.subnetworks.get
compute.
compute.subnetworks.list
compute.
compute.
compute.subnetworks.use
compute.
compute.targetGrpcProxies.get
compute.targetGrpcProxies.list
compute.targetHttpProxies.get
compute.targetHttpProxies.list
compute.
compute.
compute.targetHttpsProxies.get
compute.
compute.
compute.
compute.targetInstances.get
compute.targetInstances.list
compute.
compute.
compute.targetPools.get
compute.targetPools.list
compute.
compute.
compute.targetSslProxies.get
compute.targetSslProxies.list
compute.
compute.
compute.targetTcpProxies.get
compute.targetTcpProxies.list
compute.
compute.
compute.targetVpnGateways.get
compute.targetVpnGateways.list
compute.urlMaps.get
compute.urlMaps.list
compute.
compute.
compute.urlMaps.validate
compute.vpnGateways.get
compute.vpnGateways.list
compute.vpnTunnels.get
compute.vpnTunnels.list
compute.zoneOperations.get
compute.
compute.zoneOperations.list
compute.zones.*
-
compute.zones.get
-
compute.zones.list
dataproc.clusters.get
dataproc.clusters.use
dataproc.jobs.cancel
dataproc.jobs.create
dataproc.jobs.delete
dataproc.jobs.get
dataproc.jobs.list
dataproc.jobs.update
iam.serviceAccounts.actAs
iam.serviceAccounts.get
iam.
iam.serviceAccounts.list
ml.jobs.create
ml.jobs.get
ml.jobs.list
notebooks.*
-
notebooks.environments.create
-
notebooks.environments.delete
-
notebooks.environments.get
-
notebooks.
environments. getIamPolicy -
notebooks.environments.list
-
notebooks.
environments. setIamPolicy -
notebooks.executions.create
-
notebooks.executions.delete
-
notebooks.executions.get
-
notebooks.
executions. getIamPolicy -
notebooks.executions.list
-
notebooks.
executions. setIamPolicy -
notebooks.
instances. checkUpgradability -
notebooks.instances.create
-
notebooks.instances.delete
-
notebooks.instances.diagnose
-
notebooks.instances.get
-
notebooks.instances.getHealth
-
notebooks.
instances. getIamPolicy -
notebooks.instances.list
-
notebooks.instances.reset
-
notebooks.
instances. setAccelerator -
notebooks.
instances. setIamPolicy -
notebooks.instances.setLabels
-
notebooks.
instances. setMachineType -
notebooks.instances.start
-
notebooks.instances.stop
-
notebooks.instances.update
-
notebooks.
instances. updateConfig -
notebooks.
instances. updateShieldInstanceConfig -
notebooks.instances.upgrade
-
notebooks.instances.use
-
notebooks.locations.get
-
notebooks.locations.list
-
notebooks.operations.cancel
-
notebooks.operations.delete
-
notebooks.operations.get
-
notebooks.operations.list
-
notebooks.runtimes.create
-
notebooks.runtimes.delete
-
notebooks.runtimes.diagnose
-
notebooks.runtimes.get
-
notebooks.
runtimes. getIamPolicy -
notebooks.runtimes.list
-
notebooks.runtimes.reset
-
notebooks.
runtimes. setIamPolicy -
notebooks.runtimes.start
-
notebooks.runtimes.stop
-
notebooks.runtimes.switch
-
notebooks.runtimes.update
-
notebooks.runtimes.upgrade
-
notebooks.schedules.create
-
notebooks.schedules.delete
-
notebooks.schedules.get
-
notebooks.
schedules. getIamPolicy -
notebooks.schedules.list
-
notebooks.
schedules. setIamPolicy
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
Grant Vertex AI service agents access to other resources
Sometimes you need to grant additional roles to a Vertex AI service agent. For example, if you need Vertex AI to access a Cloud Storage bucket in a different project, you will need to grant one or more additional roles to the service agent.
Role addition requirements for BigQuery
The following table describes the required additional roles needed to be added to the Vertex AI Service Agent for BigQuery tables or view in a different project or backed by an external data source.
The term home project refers to the project where the Vertex AI dataset or model is located. The term different project refers to any other project.
Table type | Table project | Data source project | Role addition required |
---|---|---|---|
Home project | N/A | None. | |
Different project | N/A | BigQuery Data Viewer
for different project. Learn more
. |
|
Home project | N/A | None. | |
Different project | N/A | BigQuery Data Viewer
for different project. Learn more
. |
|
Home project | Home project | Bigtable Reader
for home project. Learn more
. |
|
Home project | Different project | Bigtable Reader
for different project. Learn more
. |
|
Different project | Different project | BigQuery Reader
and Bigtable Reader
for different project. Learn more
. |
|
Home project | Home project | None. | |
Home project | Different project | Storage Object Viewer
for different project. Learn more
. |
|
Different project | Different project | Storage Object Viewer
and BigQuery Data Viewer
for different project. Learn more
. |
|
Home project | N/A | Share your Sheets file with the Vertex AI service account. Learn more . | |
Different project | N/A | BigQuery Reader
for different project
and share your Sheets file with the Vertex AI service account
. |
Role addition requirements for Cloud Storage
If you are accessing data in a Cloud Storage bucket in a different
project, you must give the Storage > Storage Object Viewer
role to
Vertex AI in that project. Learn more
.
If you are using a Cloud Storage bucket to receive data from your local
computer for an import operation, and the bucket is in a different project than
Google Cloud project, you must give the Storage > Storage Object Creator
role to Vertex AI in that project. Learn more
.
Grant access to Vertex AI to resources in your home project
To grant additional roles to a service agent for Vertex AI in your home project:
-
Go to the IAMpage of the Google Cloud console for your home project.
-
Select the Include Google-provided role grantscheckbox.
-
Determine the service agent you want to grant the permissions to and click the edit pencil icon.
You can filter for Principal:@gcp-sa-aiplatform-cc.iam.gserviceaccount.comto find the Vertex AI service agents.
-
Grant the required roles to the service account and save your changes.
Grant access to Vertex AI to resources in a different project
When you use data sources or destinations in a different project, you must give the Vertex AI service account permissions in that project. The Vertex AI service account is created after you start the first asynchronous job (for example, creating an endpoint). You can also explicitly create the Vertex AI service account by using gcloud CLI following these instructions . This gcloud command will create both the default service account and the custom code service account, though only the default service account will be returned in the response.
To add permissions to Vertex AI in a different project:
-
Go to the IAMpage of the Google Cloud console for your home project (the project where you are using Vertex AI).
-
Select the Include Google-provided role grantscheckbox.
-
Determine the service agent you want to grant the permissions to and copy its email address (listed under Principal).
You can filter for Principal:@gcp-sa-aiplatform-cc.iam.gserviceaccount.comto find the Vertex AI service agents.
-
Change projects to the project where you need to grant the permissions.
-
Click Add, and enter the email address in New principals.
-
Add all required roles and click Save.
Provide access to Google Sheets
If you use an external BigQuery data source backed by Google Sheets, you must share your sheet with the Vertex AI service account. The Vertex AI service account is created after you start the first asynchronous job (for example, creating an endpoint). You can also explicitly create the Vertex AI service account by using gcloud CLI by following this instruction .
To authorize Vertex AI to access your Sheets file:
-
Go to the IAMpage of the Google Cloud console.
-
Look for the service account with the name
Vertex AI Service Agent
and copy its email address (listed under Principal). -
Open your Sheets file and share it with that address.