Stay organized with collections
Save and categorize content based on your preferences.
This page describes all the roles and their respective permissions for using
Vertex AI services.
Google Distributed Cloud (GDC) air-gapped appliance offers Identity and Access Management (IAM) for
granular access to specific GDC air-gapped appliance resources and prevents
unwanted access to other resources. IAM operates on the security
principle of least privilege and controls who can access given resources using
IAM roles and permissions.
A role is a collection of specific permissions mapped to certain actions on
resources and assigned to individual subjects, such as users, groups of users,
or service accounts. Therefore, you must have the proper IAM
roles and permissions to use Vertex AI services on
GDC air-gapped appliance.
Request the appropriate permissions from your Organization IAM Admin to set up
Vertex AI in an organization and manage the lifecycle of a
project that uses AI services.
The following table provides details about the permissions assigned to each
predefined role:
Role name
Kubernetes resource name
Permission description
Type
AI Platform Admin
ai-platform-admin
Grant permissions to manage pre-trained services.
ClusterRole
Project Creator
project-creator
Create new projects.
ClusterRole
Predefined roles at the project level
Request the appropriate permissions from your Project IAM Admin to use
Vertex AI services in a project. All Vertex AI
roles must bind to the project namespace where you are using the service.
The following table provides details about the permissions assigned to each
predefined role:
Vertex AI service
Role name
Kubernetes resource name
Permission description
Type
N/A
Project IAM Admin
project-iam-admin
Manage the IAM allow policies of projects and create service accounts.
Role
Optical Character Recognition (OCR)
AI OCR Developer
ai-ocr-developer
Access the OCR service to detect text in images.
Role
Speech-to-Text
AI Speech Developer
ai-speech-developer
Access the Speech-to-Text service to recognize speech and transcribe audio.
Role
Vertex AI Translation
AI Translation Developer
ai-translation-developer
Access the Vertex AI Translation service to translate text.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["# Prepare IAM permissions\n\nThis page describes all the roles and their respective permissions for using\nVertex AI services.\n\nGoogle Distributed Cloud (GDC) air-gapped appliance offers Identity and Access Management (IAM) for\ngranular access to specific GDC air-gapped appliance resources and prevents\nunwanted access to other resources. IAM operates on the security\nprinciple of least privilege and controls who can access given resources using\nIAM roles and permissions.\n\nA role is a collection of specific permissions mapped to certain actions on\nresources and assigned to individual subjects, such as users, groups of users,\nor service accounts. Therefore, you must have the proper IAM\nroles and permissions to use Vertex AI services on\nGDC air-gapped appliance.\n\nTo grant permissions or receive role access to resources, see\n[Grant and revoke access](/distributed-cloud/hosted/docs/latest/appliance/platform/pa-user/iam/set-up-role-bindings).\n| **Important:** If you can't access or use a Vertex AI service, contact your administrator to grant you the necessary roles. Request the appropriate permissions from your Project IAM Admin for a given project. If you require permissions at the organization level, ask your Organization IAM Admin instead.\n\nPredefined roles at the organization level\n------------------------------------------\n\nRequest the appropriate permissions from your Organization IAM Admin to set up\nVertex AI in an organization and manage the lifecycle of a\nproject that uses AI services.\n\nThe following table provides details about the permissions assigned to each\npredefined role:\n\nPredefined roles at the project level\n-------------------------------------\n\nRequest the appropriate permissions from your Project IAM Admin to use\nVertex AI services in a project. All Vertex AI\nroles must bind to the project namespace where you are using the service.\n\nThe following table provides details about the permissions assigned to each\npredefined role:"]]