This page describes all the roles and their respective permissions for using Vertex AI services.
Google Distributed Cloud (GDC) air-gapped appliance offers Identity and Access Management (IAM) for granular access to specific GDC air-gapped appliance resources and prevents unwanted access to other resources. IAM operates on the security principle of least privilege and controls who can access given resources using IAM roles and permissions.
A role is a collection of specific permissions mapped to certain actions on resources and assigned to individual subjects, such as users, groups of users, or service accounts. Therefore, you must have the proper IAM roles and permissions to use Vertex AI services on GDC air-gapped appliance.
To grant permissions or receive role access to resources, see Grant and revoke access.
Predefined roles at the organization level
Request the appropriate permissions from your Organization IAM Admin to set up Vertex AI in an organization and manage the lifecycle of a project that uses AI services.
The following table provides details about the permissions assigned to each predefined role:
| Role name | Kubernetes resource name | Permission description | Type |
|---|---|---|---|
| AI Platform Admin | ai-platform-admin |
Grant permissions to manage pre-trained services. | ClusterRole |
| Project Creator | project-creator |
Create new projects. | ClusterRole |
Predefined roles at the project level
Request the appropriate permissions from your Project IAM Admin to use Vertex AI services in a project. All Vertex AI roles must bind to the project namespace where you are using the service.
The following table provides details about the permissions assigned to each predefined role:
| Vertex AI service | Role name | Kubernetes resource name | Permission description | Type |
|---|---|---|---|---|
| N/A | Project IAM Admin | project-iam-admin |
Manage the IAM allow policies of projects and create service accounts. | Role |
| Optical Character Recognition (OCR) | AI OCR Developer | ai-ocr-developer |
Access the OCR service to detect text in images. | Role |
| Speech-to-Text | AI Speech Developer | ai-speech-developer |
Access the Speech-to-Text service to recognize speech and transcribe audio. | Role |
| Vertex AI Translation | AI Translation Developer | ai-translation-developer |
Access the Vertex AI Translation service to translate text. | Role |