Access control

It is common for multiple team members to collaborate on building an agent. Using roles, you can control access and permissions granted to team members.

If you are using the API, you may also have one or more applications that send requests to an agent. In this case, you can control access with service accounts.

You can control access using either GCP IAM settings or the Dialogflow Console. There are some situations in which you must use the GCP Console:

  • The Dialogflow Console provides the Owner/Admin role to the user that created the agent. If you want to change the Owner/Admin, add multiple Owners/Admins for one agent, or remove Owners/Admins for an agent, you need to use the GCP Console.
  • If you have integrations with other GCP resources, like Cloud Functions, and you don't want to grant full project access to an application, you must assign the Dialogflow API roles (Admin, Client, or Reader) in the GCP IAM console.
  • A subset of the GCP IAM roles have corresponding Dialogflow Console roles. If you want to grant a role that does not exist on the Dialogflow Console, you need to use the GCP Console.

Roles

The following table lists all roles relevant to Dialogflow.

In order to modify access for an agent or delete an agent, you need an Owner/Admin role that provides "full access".

Dialogflow Console role GCP IAM role Permissions
Admin Project >
Owner
  • Full access to all GCP project resources using GCP Console or APIs.
  • Full access to Dialogflow Console to create and edit agents.
  • Can detect intent using API.
Developer Project >
Editor
  • Edit access to all GCP project resources using GCP Console or APIs.
  • Edit access to Dialogflow Console to edit agents.
  • Can detect intent using API.
Reviewer Project >
Viewer
  • Read access to all GCP project resources using GCP Console or APIs.
  • Read access to Dialogflow Console.
  • Cannot detect intent using API.
N/A Project >
Browser
  • Read access to all GCP project resources using GCP Console or APIs.
  • No access to Dialogflow Console.
  • Cannot detect intent using API.
N/A Dialogflow >
Dialogflow API Admin
  • Full access to Dialogflow using GCP Console or APIs.
  • Read access to Dialogflow Console.
  • Can detect intent using API.
N/A Dialogflow >
Dialogflow API Client
  • Edit access to Dialogflow using GCP Console or APIs.
  • No access to Dialogflow Console.
  • Can detect intent using API.
N/A Dialogflow >
Dialogflow Console Agent Editor
  • Full access to Dialogflow using GCP Console.
  • Edit access to most agent data using Dialogflow Console. Cannot access Inline Editor for Cloud Functions or Google Assistant integration.
  • Cannot detect intent using API.
N/A Dialogflow >
Dialogflow API Reader
  • Read access to Dialogflow using GCP Console or APIs.
  • Read access to Dialogflow Console.
  • Cannot detect intent using API.

Control access with the GCP Console

You can control access with GCP IAM settings. See the IAM quickstart for detailed instructions on adding, editing, and removing permissions.

Open the IAM main page to access the settings below.

Add a user or service account member to the project

You can provide permissions to either users or service accounts by adding them as members of your GCP project. Users are added by providing their email address. Service accounts are also added by providing their associated email address. You need to add service account members when you want to use one service account for multiple projects and agents. To find the email address associated with your service account, see the IAM service accounts page.

To add a member:

  1. Click the add add button at the top of the page.
  2. Enter the member's email address.
  3. Select a role.
  4. Click Save.

Change permissions

  1. Click the edit edit button for the member.
  2. Select a different role.
  3. Click Save.

Remove a member

  1. Click the delete delete button for the member.

Control access with the Dialogflow Console

Sharing options are found in the agent's settings. To open the agent sharing settings:

  1. Go to the Dialogflow Console.
  2. Select your agent near the top of the left sidebar menu.
  3. Click the settings settings button next to the agent name.
  4. Click the Share tab. If you do not see the Share tab, it is because you do not have the required Owner/Admin role.

Add a user

  1. Enter the user's email address under Invite New People.
  2. Select a role.
  3. Click Add.
  4. Click Save.

Change permissions

  1. Find the user in the list.
  2. Select a different role.
  3. Click Save.

Remove a user

  1. Find the user in the list.
  2. Click the delete clear button for the user.
  3. Click Save.
Var denne siden nyttig? Si fra hva du synes:

Send tilbakemelding om ...

Dialogflow Documentation
Trenger du hjelp? Gå til brukerstøttesiden vår.