Console
    Contact Us Start free

    IAM permissions

    Overview

    AML AI uses Identity and Access Management (IAM) for access control.

    You can configure access control for the Financial Services API at the project level. For example, you can grant access for developers to list and get all datasets within a project.

    For a detailed description of IAM and its features, see the IAM documentation . In particular, see the section on managing IAM policies .

    Every AML AI method requires the caller to have the necessary permissions. For more information, see Permissions and Roles .

    Permissions

    This section lists AML AI operations and their related permissions implemented by IAM.

    Required permissions

    The following tables list the IAM permissions that are associated with AML AI.

    projects.locations method name Required permissions
    projects.locations.get financialservices.locations.get on the specific Google Cloud project
    projects.locations.list financialservices.locations.list on the specific Google Cloud project
    instances method name Required permissions
    instances.create financialservices.v1instances.create on the parent location, which is a specific Google Cloud project and data location combination
    instances.delete financialservices.v1instances.delete on the instance resource
    instances.get financialservices.v1instances.get on the instance resource
    instances.list financialservices.v1instances.list on the parent location, which is a specific Google Cloud project and data location combination
    instances.patch financialservices.v1instances.update on the instance resource
    instances.importRegisteredParties financialservices.v1instances.importRegisteredParties on the instance resource
    instances.exportRegisteredParties financialservices.v1instances.exportRegisteredParties on the instance resource
    instances.engineConfigs method name Required permissions
    instances.engineConfigs.create financialservices.v1engineconfigs.create on the parent instance
    instances.engineConfigs.delete financialservices.v1engineconfigs.delete on the engine config resource
    instances.engineConfigs.get financialservices.v1engineconfigs.get on the engine config resource
    instances.engineConfigs.list financialservices.v1engineconfigs.list on the parent instance
    instances.engineConfigs.patch financialservices.v1engineconfigs.update on the engine config resource
    instances.engineConfigs.exportMetadata financialservices.v1engineconfigs.exportMetadata on the engine config resource
    instances.engineVersions method name Required permissions
    instances.engineVersions.get financialservices.v1engineversions.get on the engine version resource
    instances.engineVersions.list financialservices.v1engineversions.list on the parent instance
    instances.datasets method name Required permissions
    instances.datasets.create financialservices.v1datasets.create on the parent instance
    instances.datasets.delete financialservices.v1datasets.delete on the dataset resource
    instances.datasets.get financialservices.v1datasets.get on the dataset resource
    instances.datasets.list financialservices.v1datasets.list on the parent instance
    instances.datasets.patch financialservices.v1datasets.update on the dataset resource
    instances.models method name Required permissions
    instances.models.create financialservices.v1models.create on the parent instance
    instances.models.delete financialservices.v1models.delete on the model resource
    instances.models.get financialservices.v1models.get on the model resource
    instances.models.list financialservices.v1models.list on the parent instance
    instances.models.patch financialservices.v1models.update on the model resource
    instances.models.exportMetadata financialservices.v1models.exportMetadata on the model resource
    instances.backtestResults method name Required permissions
    instances.backtestResults.create financialservices.v1backtests.create on the parent instance
    instances.backtestResults.delete financialservices.v1backtests.delete on the backtest result resource
    instances.backtestResults.get financialservices.v1backtests.get on the backtest result resource
    instances.backtestResults.list financialservices.v1backtests.list on the parent instance
    instances.backtestResults.patch financialservices.v1backtests.update on the backtest result resource
    instances.backtestResults.exportMetadata financialservices.v1backtests.exportMetadata on the backtest result resource
    instances.predictionResults method name Required permissions
    instances.predictionResults.create financialservices.v1predictions.create on the parent instance
    instances.predictionResults.delete financialservices.v1predictions.delete on the prediction result resource
    instances.predictionResults.get financialservices.v1predictions.get on the prediction result resource
    instances.predictionResults.list financialservices.v1predictions.list on the parent instance
    instances.predictionResults.patch financialservices.v1predictions.update on the prediction result resource
    instances.predictionResults.exportMetadata financialservices.v1predictions.exportMetadata on the prediction result resource

    The following methods are inherited from google.longrunning.Operations .

    operations method name Required permissions
    operations.cancel financialservices.operations.cancel on the specific Google Cloud project
    operations.delete financialservices.operations.delete on the specific Google Cloud project
    operations.get financialservices.operations.get on the specific Google Cloud project
    operations.list financialservices.operations.list on the specific Google Cloud project

    Roles

    The following table lists the AML AI IAM roles, including the permissions associated with each role:

    IAM role
    Permissions

    ( roles/ financialservices.viewer )

    View access to all Financial Services API resources.

    financialservices.locations.*

    • financialservices. locations. get
    • financialservices. locations. list

    financialservices. operations. get

    financialservices. operations. list

    financialservices. v1backtests. exportMetadata

    financialservices. v1backtests. get

    financialservices. v1backtests. list

    financialservices. v1datasets. get

    financialservices. v1datasets. list

    financialservices. v1engineconfigs. exportMetadata

    financialservices. v1engineconfigs. get

    financialservices. v1engineconfigs. list

    financialservices. v1engineversions.*

    • financialservices. v1engineversions. get
    • financialservices. v1engineversions. list

    financialservices. v1instances. exportRegisteredParties

    financialservices. v1instances. get

    financialservices. v1instances. list

    financialservices. v1models. exportMetadata

    financialservices.v1models.get

    financialservices. v1models. list

    financialservices. v1predictions. exportMetadata

    financialservices. v1predictions. get

    financialservices. v1predictions. list

    resourcemanager.projects.get

    resourcemanager.projects.list

    ( roles/ financialservices.admin )

    Full access to all Financial Services API resources.

    financialservices.*

    • financialservices. locations. get
    • financialservices. locations. list
    • financialservices. operations. cancel
    • financialservices. operations. delete
    • financialservices. operations. get
    • financialservices. operations. list
    • financialservices. v1backtests. create
    • financialservices. v1backtests. delete
    • financialservices. v1backtests. exportMetadata
    • financialservices. v1backtests. get
    • financialservices. v1backtests. list
    • financialservices. v1backtests. update
    • financialservices. v1datasets. create
    • financialservices. v1datasets. delete
    • financialservices. v1datasets. get
    • financialservices. v1datasets. list
    • financialservices. v1datasets. update
    • financialservices. v1engineconfigs. create
    • financialservices. v1engineconfigs. delete
    • financialservices. v1engineconfigs. exportMetadata
    • financialservices. v1engineconfigs. get
    • financialservices. v1engineconfigs. list
    • financialservices. v1engineconfigs. update
    • financialservices. v1engineversions. get
    • financialservices. v1engineversions. list
    • financialservices. v1instances. create
    • financialservices. v1instances. delete
    • financialservices. v1instances. exportRegisteredParties
    • financialservices. v1instances. get
    • financialservices. v1instances. importRegisteredParties
    • financialservices. v1instances. list
    • financialservices. v1instances. update
    • financialservices. v1models. create
    • financialservices. v1models. delete
    • financialservices. v1models. exportMetadata
    • financialservices.v1models.get
    • financialservices. v1models. list
    • financialservices. v1models. update
    • financialservices. v1predictions. create
    • financialservices. v1predictions. delete
    • financialservices. v1predictions. exportMetadata
    • financialservices. v1predictions. get
    • financialservices. v1predictions. list
    • financialservices. v1predictions. update

    resourcemanager.projects.get

    resourcemanager.projects.list

    For more information about roles, see IAM basic and predefined roles reference .

    Custom roles

    If the predefined IAM roles for AML AI don't meet your needs, you can define custom roles. Custom roles enable you to choose a specific set of permissions, create your own role with those permissions, and grant the role to users in your organization. For more information, see Understanding IAM custom roles .
    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: