Manage access to a runtime template

This page describes how you can grant and revoke access to a runtime template in Colab Enterprise.

Before you begin

Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.

In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

Go to project selector

Make sure that billing is enabled for your Google Cloud project.

Enable the Vertex AI, Dataform, and Compute Engine APIs.

Enable the APIs

In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

Go to project selector

Make sure that billing is enabled for your Google Cloud project.

Enable the Vertex AI, Dataform, and Compute Engine APIs.

Enable the APIs

Required roles

To ensure that your user account has the necessary permissions to manage access to a runtime template, ask your administrator to grant your user account the Colab Enterprise Admin (roles/aiplatform.colabEnterpriseAdmin) IAM role on the project. For more information about granting roles, see Manage access.

Your administrator might also be able to give your user account the required permissions through custom roles or other predefined roles.

One or more of the required roles includes the dataform.repositories.list permission. Users who are granted the dataform.repositories.list permission or the Code Creator (roles/dataform.codeCreator) role in a project can list the names of code assets in that project by using the Dataform API or the Dataform command-line interface (CLI). Non-administrators using BigQuery Studio can only see code assets that they created or that were shared with them.

Grant access to a runtime template

To grant a principal access to a runtime template:

In the Google Cloud console, go to the Colab Enterprise Runtime Templates page.

Go to Runtime templates
In the Region menu, select the region that contains your runtime template.
In the Runtime template menu, select a runtime template. If there aren't any runtime templates listed, create a runtime template.
Click Permissions.
In the Permissions window, click Add principal.
In the Grant access dialog, in the New principals field, enter one or a comma separated list of principals.
In the Select a role menu, complete the dialog to assign a role.
Optional: Click Add another role, and repeat the last step.
Click Save.

Colab Enterprise principals are users, groups, or domains

You can grant access to users, groups, or domains. See the following table:

Principal	Example user account
Single user	`user@gmail.com`
Google group	`admins@googlegroups.com`
Google Workspace domain	`example.com`

Revoke access to a runtime template

To revoke access to a runtime template:

In the Google Cloud console, go to the IAM page.

Go to IAM
Select a project, folder, or organization.
Find the row containing the principal whose access you want to revoke. Then, click Edit principal in that row.

Note: You cannot edit inherited roles when managing access to a resource. To edit inherited roles, go to the resource where the role was granted.
Click the Delete button for the role that you want to revoke, and then click Save.

What's next

To learn how to grant access to a notebook, see Manage access to a notebook.