AI Platform Notebooks has a specific set of Cloud Identity and Access Management (Cloud IAM) roles. Each predefined role contains a set of permissions.
When you add a new member to a project, you can use an IAM policy to give that member one or more Cloud IAM roles. Each Cloud IAM role contains permissions that grant the member access to specific resources.
What is Cloud IAM?
Google Cloud offers Cloud IAM, which lets you give granular access to specific Google Cloud resources and prevents unwanted access to other resources. Cloud IAM lets you adopt the security principle of least privilege, so you grant only the necessary access to your resources.
Cloud IAM lets you control who has what
permission to which resources by setting Cloud IAM policies.
Cloud IAM policies grant specific role(s) to a project member,
giving the identity specific permissions. For example, for a specific resource,
such as a project, you can assign the
roles/notebooks.viewer role to
a user to allow that user to view notebooks within that project.
To learn more, read the Cloud IAM documentation.
Predefined AI Platform Notebooks Cloud IAM roles
With Cloud IAM, every API method in AI Platform Notebooks requires that the identity making the API request has the appropriate permissions to use the resource. Permissions are granted by setting policies that grant roles to a member (user, group, or service account) of your project.
The following table describes the predefined AI Platform Notebooks
Cloud IAM roles,
as well as the permissions contained within each role. Each role contains a set
of permissions that is suitable for a specific task. For example,
the Notebooks Viewer (
roles/notebooks.viewer) role grants read-only access
to the specified resource.
||Notebooks Admin Beta||Full access to AI Platform Notebooks, all resources.||
||Notebooks Legacy Admin Beta||Full access to Notebooks all resources through compute API.||
||Notebooks Legacy Viewer Beta||Read-only access to Notebooks all resources through compute API.||
||Notebooks Runner Beta||Restricted access for running scheduled Notebooks.||
||Notebooks Viewer Beta||Read-only access to AI Platform Notebooks, all resources.||
- Learn more about Cloud IAM.
- Grant AI Platform Notebooks Cloud IAM roles to members of your projects.
- Learn how to create and manage custom Cloud IAM roles.