Cross-Project file access setup

When you set up your Document AI processor in one project, you might want this project to access input files stored in a different project in the same org that hosts Document AI processors.

To allow cross-project access, you must grant the Storage Object Viewer role to the default Document AI service account, as shown in the following figure.

Cross-project file access

Example

Suppose Project A hosts Document AI processors, and optionally hosts a bucket to which processor output is written.
Project B owns the bucket that contains input files for Document AI processors.
To make files in Project B accessible to Project A, you must grant Storage Object Viewer permissions for the input bucket in Project B to the Document AI service account of Project A.

A Document AI Service account follows this naming convention:

service-{project number}@gcp-sa-prod-dai-core.iam.gserviceaccount.com

Example: service-361747088407@gcp-sa-prod-dai-core.iam.gserviceaccount.com

Bucket access

For more information about IAM and Storage Object Viewer, see IAM roles for Cloud Storage.