IAM を使用した Vertex AI のアクセス制御

このページでは、Identity and Access Management(IAM)を使用して Vertex AI リソースへのアクセスを管理する方法について説明します。Vertex AI Workbench インスタンスへのアクセスを管理するには、Vertex AI Workbench インスタンスのアクセス制御をご覧ください。

Vertex AI は、IAM を使用してリソースへのアクセスを管理します。プロジェクト レベルまたはリソースレベルでアクセスを管理できます。プロジェクト レベルでリソースへのアクセス権を付与するには、プリンシパル(ユーザー、グループ、またはサービス アカウント)に 1 つ以上のロールを割り当てます。特定のリソースへのアクセス権を付与するには、そのリソースに IAM ポリシーを設定します。リソースで、リソースレベルのポリシーがサポートされている必要があります。このポリシーでは、どのプリンシパルをどのロールに割り当てるかを定義します。

Vertex AI で使用できる IAM ロールには次のような種類があります。

  • 事前定義ロールを使用すると、Vertex AI のリソースに関連する一連の権限をプロジェクト レベルで付与できます。

  • 基本ロール(オーナー、編集者、閲覧者)は、Vertex AI のリソースに対するアクセス権をプロジェクト レベルで付与します。すべての Google Cloud サービスに共通のロールです。

  • カスタムロールを使用すると、特定の権限セットを選択し、それらの権限を持つ独自のロールを作成して、組織内のユーザーに付与できます。

Vertex AI のプロジェクトで、これらのロールを追加、更新または削除する方法については、アクセス権の付与、変更、取り消しに関するドキュメントをご覧ください。

Vertex AI の事前定義ロール

Role Permissions

(roles/aiplatform.admin)

Grants full access to all resources in Vertex AI

aiplatform.*

  • aiplatform.agentExamples.create
  • aiplatform.agentExamples.delete
  • aiplatform.agentExamples.get
  • aiplatform.agentExamples.list
  • aiplatform.agentExamples.update
  • aiplatform.agents.create
  • aiplatform.agents.delete
  • aiplatform.agents.get
  • aiplatform.agents.list
  • aiplatform.agents.update
  • aiplatform.annotationSpecs.create
  • aiplatform.annotationSpecs.delete
  • aiplatform.annotationSpecs.get
  • aiplatform.annotationSpecs.list
  • aiplatform.annotationSpecs.update
  • aiplatform.annotations.create
  • aiplatform.annotations.delete
  • aiplatform.annotations.get
  • aiplatform.annotations.list
  • aiplatform.annotations.update
  • aiplatform.apps.create
  • aiplatform.apps.delete
  • aiplatform.apps.get
  • aiplatform.apps.list
  • aiplatform.apps.update
  • aiplatform.artifacts.create
  • aiplatform.artifacts.delete
  • aiplatform.artifacts.get
  • aiplatform.artifacts.list
  • aiplatform.artifacts.update
  • aiplatform.batchPredictionJobs.cancel
  • aiplatform.batchPredictionJobs.create
  • aiplatform.batchPredictionJobs.delete
  • aiplatform.batchPredictionJobs.get
  • aiplatform.batchPredictionJobs.list
  • aiplatform.cacheConfigs.get
  • aiplatform.cacheConfigs.update
  • aiplatform.cachedContents.create
  • aiplatform.cachedContents.delete
  • aiplatform.cachedContents.get
  • aiplatform.cachedContents.list
  • aiplatform.cachedContents.update
  • aiplatform.consents.get
  • aiplatform.consents.update
  • aiplatform.contexts.addContextArtifactsAndExecutions
  • aiplatform.contexts.addContextChildren
  • aiplatform.contexts.create
  • aiplatform.contexts.delete
  • aiplatform.contexts.get
  • aiplatform.contexts.list
  • aiplatform.contexts.queryContextLineageSubgraph
  • aiplatform.contexts.update
  • aiplatform.customJobs.cancel
  • aiplatform.customJobs.create
  • aiplatform.customJobs.delete
  • aiplatform.customJobs.get
  • aiplatform.customJobs.list
  • aiplatform.dataItems.create
  • aiplatform.dataItems.delete
  • aiplatform.dataItems.get
  • aiplatform.dataItems.list
  • aiplatform.dataItems.update
  • aiplatform.dataLabelingJobs.cancel
  • aiplatform.dataLabelingJobs.create
  • aiplatform.dataLabelingJobs.delete
  • aiplatform.dataLabelingJobs.get
  • aiplatform.dataLabelingJobs.list
  • aiplatform.datasetVersions.create
  • aiplatform.datasetVersions.delete
  • aiplatform.datasetVersions.get
  • aiplatform.datasetVersions.list
  • aiplatform.datasetVersions.restore
  • aiplatform.datasets.create
  • aiplatform.datasets.delete
  • aiplatform.datasets.export
  • aiplatform.datasets.get
  • aiplatform.datasets.import
  • aiplatform.datasets.list
  • aiplatform.datasets.update
  • aiplatform.deploymentResourcePools.create
  • aiplatform.deploymentResourcePools.delete
  • aiplatform.deploymentResourcePools.get
  • aiplatform.deploymentResourcePools.list
  • aiplatform.deploymentResourcePools.queryDeployedModels
  • aiplatform.deploymentResourcePools.update
  • aiplatform.edgeDeploymentJobs.create
  • aiplatform.edgeDeploymentJobs.delete
  • aiplatform.edgeDeploymentJobs.get
  • aiplatform.edgeDeploymentJobs.list
  • aiplatform.edgeDeviceDebugInfo.get
  • aiplatform.edgeDevices.create
  • aiplatform.edgeDevices.delete
  • aiplatform.edgeDevices.get
  • aiplatform.edgeDevices.list
  • aiplatform.edgeDevices.update
  • aiplatform.endpoints.create
  • aiplatform.endpoints.delete
  • aiplatform.endpoints.deploy
  • aiplatform.endpoints.explain
  • aiplatform.endpoints.get
  • aiplatform.endpoints.getIamPolicy
  • aiplatform.endpoints.list
  • aiplatform.endpoints.predict
  • aiplatform.endpoints.setIamPolicy
  • aiplatform.endpoints.undeploy
  • aiplatform.endpoints.update
  • aiplatform.entityTypes.create
  • aiplatform.entityTypes.delete
  • aiplatform.entityTypes.deleteFeatureValues
  • aiplatform.entityTypes.exportFeatureValues
  • aiplatform.entityTypes.get
  • aiplatform.entityTypes.getIamPolicy
  • aiplatform.entityTypes.importFeatureValues
  • aiplatform.entityTypes.list
  • aiplatform.entityTypes.readFeatureValues
  • aiplatform.entityTypes.setIamPolicy
  • aiplatform.entityTypes.streamingReadFeatureValues
  • aiplatform.entityTypes.update
  • aiplatform.entityTypes.writeFeatureValues
  • aiplatform.executions.addExecutionEvents
  • aiplatform.executions.create
  • aiplatform.executions.delete
  • aiplatform.executions.get
  • aiplatform.executions.list
  • aiplatform.executions.queryExecutionInputsAndOutputs
  • aiplatform.executions.update
  • aiplatform.extensions.delete
  • aiplatform.extensions.execute
  • aiplatform.extensions.get
  • aiplatform.extensions.import
  • aiplatform.extensions.list
  • aiplatform.extensions.update
  • aiplatform.featureGroups.create
  • aiplatform.featureGroups.delete
  • aiplatform.featureGroups.get
  • aiplatform.featureGroups.list
  • aiplatform.featureGroups.update
  • aiplatform.featureOnlineStores.create
  • aiplatform.featureOnlineStores.delete
  • aiplatform.featureOnlineStores.get
  • aiplatform.featureOnlineStores.getIamPolicy
  • aiplatform.featureOnlineStores.list
  • aiplatform.featureOnlineStores.setIamPolicy
  • aiplatform.featureOnlineStores.update
  • aiplatform.featureViewSyncs.get
  • aiplatform.featureViewSyncs.list
  • aiplatform.featureViews.create
  • aiplatform.featureViews.delete
  • aiplatform.featureViews.fetchFeatureValues
  • aiplatform.featureViews.get
  • aiplatform.featureViews.getIamPolicy
  • aiplatform.featureViews.list
  • aiplatform.featureViews.searchNearestEntities
  • aiplatform.featureViews.setIamPolicy
  • aiplatform.featureViews.sync
  • aiplatform.featureViews.update
  • aiplatform.features.create
  • aiplatform.features.delete
  • aiplatform.features.get
  • aiplatform.features.list
  • aiplatform.features.update
  • aiplatform.featurestores.batchReadFeatureValues
  • aiplatform.featurestores.create
  • aiplatform.featurestores.delete
  • aiplatform.featurestores.exportFeatures
  • aiplatform.featurestores.get
  • aiplatform.featurestores.getIamPolicy
  • aiplatform.featurestores.importFeatures
  • aiplatform.featurestores.list
  • aiplatform.featurestores.readFeatures
  • aiplatform.featurestores.setIamPolicy
  • aiplatform.featurestores.update
  • aiplatform.featurestores.writeFeatures
  • aiplatform.humanInTheLoops.cancel
  • aiplatform.humanInTheLoops.create
  • aiplatform.humanInTheLoops.delete
  • aiplatform.humanInTheLoops.get
  • aiplatform.humanInTheLoops.list
  • aiplatform.humanInTheLoops.queryAnnotationStats
  • aiplatform.humanInTheLoops.send
  • aiplatform.humanInTheLoops.update
  • aiplatform.hyperparameterTuningJobs.cancel
  • aiplatform.hyperparameterTuningJobs.create
  • aiplatform.hyperparameterTuningJobs.delete
  • aiplatform.hyperparameterTuningJobs.get
  • aiplatform.hyperparameterTuningJobs.list
  • aiplatform.indexEndpoints.create
  • aiplatform.indexEndpoints.delete
  • aiplatform.indexEndpoints.deploy
  • aiplatform.indexEndpoints.get
  • aiplatform.indexEndpoints.list
  • aiplatform.indexEndpoints.queryVectors
  • aiplatform.indexEndpoints.undeploy
  • aiplatform.indexEndpoints.update
  • aiplatform.indexes.create
  • aiplatform.indexes.delete
  • aiplatform.indexes.get
  • aiplatform.indexes.list
  • aiplatform.indexes.update
  • aiplatform.locations.get
  • aiplatform.locations.list
  • aiplatform.metadataSchemas.create
  • aiplatform.metadataSchemas.delete
  • aiplatform.metadataSchemas.get
  • aiplatform.metadataSchemas.list
  • aiplatform.metadataStores.create
  • aiplatform.metadataStores.delete
  • aiplatform.metadataStores.get
  • aiplatform.metadataStores.list
  • aiplatform.migratableResources.migrate
  • aiplatform.migratableResources.search
  • aiplatform.modelDeploymentMonitoringJobs.create
  • aiplatform.modelDeploymentMonitoringJobs.delete
  • aiplatform.modelDeploymentMonitoringJobs.get
  • aiplatform.modelDeploymentMonitoringJobs.list
  • aiplatform.modelDeploymentMonitoringJobs.pause
  • aiplatform.modelDeploymentMonitoringJobs.resume
  • aiplatform.modelDeploymentMonitoringJobs.searchStatsAnomalies
  • aiplatform.modelDeploymentMonitoringJobs.update
  • aiplatform.modelEvaluationSlices.get
  • aiplatform.modelEvaluationSlices.import
  • aiplatform.modelEvaluationSlices.list
  • aiplatform.modelEvaluations.exportEvaluatedDataItems
  • aiplatform.modelEvaluations.get
  • aiplatform.modelEvaluations.import
  • aiplatform.modelEvaluations.list
  • aiplatform.modelMonitoringJobs.create
  • aiplatform.modelMonitoringJobs.delete
  • aiplatform.modelMonitoringJobs.get
  • aiplatform.modelMonitoringJobs.list
  • aiplatform.modelMonitors.create
  • aiplatform.modelMonitors.delete
  • aiplatform.modelMonitors.get
  • aiplatform.modelMonitors.list
  • aiplatform.modelMonitors.searchModelMonitoringAlerts
  • aiplatform.modelMonitors.searchModelMonitoringStats
  • aiplatform.modelMonitors.update
  • aiplatform.models.delete
  • aiplatform.models.export
  • aiplatform.models.get
  • aiplatform.models.list
  • aiplatform.models.update
  • aiplatform.models.upload
  • aiplatform.nasJobs.cancel
  • aiplatform.nasJobs.create
  • aiplatform.nasJobs.delete
  • aiplatform.nasJobs.get
  • aiplatform.nasJobs.list
  • aiplatform.nasTrialDetails.get
  • aiplatform.nasTrialDetails.list
  • aiplatform.notebookExecutionJobs.create
  • aiplatform.notebookExecutionJobs.delete
  • aiplatform.notebookExecutionJobs.get
  • aiplatform.notebookExecutionJobs.list
  • aiplatform.notebookRuntimeTemplates.apply
  • aiplatform.notebookRuntimeTemplates.create
  • aiplatform.notebookRuntimeTemplates.delete
  • aiplatform.notebookRuntimeTemplates.get
  • aiplatform.notebookRuntimeTemplates.getIamPolicy
  • aiplatform.notebookRuntimeTemplates.list
  • aiplatform.notebookRuntimeTemplates.setIamPolicy
  • aiplatform.notebookRuntimeTemplates.update
  • aiplatform.notebookRuntimes.assign
  • aiplatform.notebookRuntimes.delete
  • aiplatform.notebookRuntimes.get
  • aiplatform.notebookRuntimes.list
  • aiplatform.notebookRuntimes.start
  • aiplatform.notebookRuntimes.update
  • aiplatform.notebookRuntimes.upgrade
  • aiplatform.operations.list
  • aiplatform.persistentResources.create
  • aiplatform.persistentResources.delete
  • aiplatform.persistentResources.get
  • aiplatform.persistentResources.list
  • aiplatform.pipelineJobs.cancel
  • aiplatform.pipelineJobs.create
  • aiplatform.pipelineJobs.delete
  • aiplatform.pipelineJobs.get
  • aiplatform.pipelineJobs.list
  • aiplatform.reasoningEngines.create
  • aiplatform.reasoningEngines.delete
  • aiplatform.reasoningEngines.get
  • aiplatform.reasoningEngines.list
  • aiplatform.reasoningEngines.query
  • aiplatform.reasoningEngines.update
  • aiplatform.schedules.create
  • aiplatform.schedules.delete
  • aiplatform.schedules.get
  • aiplatform.schedules.list
  • aiplatform.schedules.update
  • aiplatform.sessions.get
  • aiplatform.sessions.list
  • aiplatform.sessions.run
  • aiplatform.specialistPools.create
  • aiplatform.specialistPools.delete
  • aiplatform.specialistPools.get
  • aiplatform.specialistPools.list
  • aiplatform.specialistPools.update
  • aiplatform.studies.create
  • aiplatform.studies.delete
  • aiplatform.studies.get
  • aiplatform.studies.list
  • aiplatform.studies.update
  • aiplatform.tensorboardExperiments.create
  • aiplatform.tensorboardExperiments.delete
  • aiplatform.tensorboardExperiments.get
  • aiplatform.tensorboardExperiments.list
  • aiplatform.tensorboardExperiments.update
  • aiplatform.tensorboardExperiments.write
  • aiplatform.tensorboardRuns.batchCreate
  • aiplatform.tensorboardRuns.create
  • aiplatform.tensorboardRuns.delete
  • aiplatform.tensorboardRuns.get
  • aiplatform.tensorboardRuns.list
  • aiplatform.tensorboardRuns.update
  • aiplatform.tensorboardRuns.write
  • aiplatform.tensorboardTimeSeries.batchCreate
  • aiplatform.tensorboardTimeSeries.batchRead
  • aiplatform.tensorboardTimeSeries.create
  • aiplatform.tensorboardTimeSeries.delete
  • aiplatform.tensorboardTimeSeries.get
  • aiplatform.tensorboardTimeSeries.list
  • aiplatform.tensorboardTimeSeries.read
  • aiplatform.tensorboardTimeSeries.update
  • aiplatform.tensorboards.create
  • aiplatform.tensorboards.delete
  • aiplatform.tensorboards.get
  • aiplatform.tensorboards.list
  • aiplatform.tensorboards.recordAccess
  • aiplatform.tensorboards.update
  • aiplatform.trainingPipelines.cancel
  • aiplatform.trainingPipelines.create
  • aiplatform.trainingPipelines.delete
  • aiplatform.trainingPipelines.get
  • aiplatform.trainingPipelines.list
  • aiplatform.trials.create
  • aiplatform.trials.delete
  • aiplatform.trials.get
  • aiplatform.trials.list
  • aiplatform.trials.update
  • aiplatform.tuningJobs.cancel
  • aiplatform.tuningJobs.create
  • aiplatform.tuningJobs.delete
  • aiplatform.tuningJobs.get
  • aiplatform.tuningJobs.list
  • aiplatform.tuningJobs.vertexTune

resourcemanager.projects.get

resourcemanager.projects.list

(roles/aiplatform.colabEnterpriseAdmin)

Admin role of using colab enterprise.

aiplatform.notebookExecutionJobs.*

  • aiplatform.notebookExecutionJobs.create
  • aiplatform.notebookExecutionJobs.delete
  • aiplatform.notebookExecutionJobs.get
  • aiplatform.notebookExecutionJobs.list

aiplatform.notebookRuntimeTemplates.*

  • aiplatform.notebookRuntimeTemplates.apply
  • aiplatform.notebookRuntimeTemplates.create
  • aiplatform.notebookRuntimeTemplates.delete
  • aiplatform.notebookRuntimeTemplates.get
  • aiplatform.notebookRuntimeTemplates.getIamPolicy
  • aiplatform.notebookRuntimeTemplates.list
  • aiplatform.notebookRuntimeTemplates.setIamPolicy
  • aiplatform.notebookRuntimeTemplates.update

aiplatform.notebookRuntimes.*

  • aiplatform.notebookRuntimes.assign
  • aiplatform.notebookRuntimes.delete
  • aiplatform.notebookRuntimes.get
  • aiplatform.notebookRuntimes.list
  • aiplatform.notebookRuntimes.start
  • aiplatform.notebookRuntimes.update
  • aiplatform.notebookRuntimes.upgrade

aiplatform.operations.list

aiplatform.pipelineJobs.create

aiplatform.schedules.*

  • aiplatform.schedules.create
  • aiplatform.schedules.delete
  • aiplatform.schedules.get
  • aiplatform.schedules.list
  • aiplatform.schedules.update

compute.reservations.get

compute.reservations.list

dataform.*

  • dataform.compilationResults.create
  • dataform.compilationResults.get
  • dataform.compilationResults.list
  • dataform.compilationResults.query
  • dataform.config.get
  • dataform.config.update
  • dataform.locations.get
  • dataform.locations.list
  • dataform.releaseConfigs.create
  • dataform.releaseConfigs.delete
  • dataform.releaseConfigs.get
  • dataform.releaseConfigs.list
  • dataform.releaseConfigs.update
  • dataform.repositories.commit
  • dataform.repositories.computeAccessTokenStatus
  • dataform.repositories.create
  • dataform.repositories.delete
  • dataform.repositories.fetchHistory
  • dataform.repositories.fetchRemoteBranches
  • dataform.repositories.get
  • dataform.repositories.getIamPolicy
  • dataform.repositories.list
  • dataform.repositories.queryDirectoryContents
  • dataform.repositories.readFile
  • dataform.repositories.setIamPolicy
  • dataform.repositories.update
  • dataform.workflowConfigs.create
  • dataform.workflowConfigs.delete
  • dataform.workflowConfigs.get
  • dataform.workflowConfigs.list
  • dataform.workflowConfigs.update
  • dataform.workflowInvocations.cancel
  • dataform.workflowInvocations.create
  • dataform.workflowInvocations.delete
  • dataform.workflowInvocations.get
  • dataform.workflowInvocations.list
  • dataform.workflowInvocations.query
  • dataform.workspaces.commit
  • dataform.workspaces.create
  • dataform.workspaces.delete
  • dataform.workspaces.fetchFileDiff
  • dataform.workspaces.fetchFileGitStatuses
  • dataform.workspaces.fetchGitAheadBehind
  • dataform.workspaces.get
  • dataform.workspaces.getIamPolicy
  • dataform.workspaces.installNpmPackages
  • dataform.workspaces.list
  • dataform.workspaces.makeDirectory
  • dataform.workspaces.moveDirectory
  • dataform.workspaces.moveFile
  • dataform.workspaces.pull
  • dataform.workspaces.push
  • dataform.workspaces.queryDirectoryContents
  • dataform.workspaces.readFile
  • dataform.workspaces.removeDirectory
  • dataform.workspaces.removeFile
  • dataform.workspaces.reset
  • dataform.workspaces.searchFiles
  • dataform.workspaces.setIamPolicy
  • dataform.workspaces.writeFile

resourcemanager.projects.get

resourcemanager.projects.list

(roles/aiplatform.colabEnterpriseUser)

User role of using colab enterprise.

aiplatform.notebookExecutionJobs.*

  • aiplatform.notebookExecutionJobs.create
  • aiplatform.notebookExecutionJobs.delete
  • aiplatform.notebookExecutionJobs.get
  • aiplatform.notebookExecutionJobs.list

aiplatform.notebookRuntimeTemplates.apply

aiplatform.notebookRuntimeTemplates.get

aiplatform.notebookRuntimeTemplates.getIamPolicy

aiplatform.notebookRuntimeTemplates.list

aiplatform.notebookRuntimes.assign

aiplatform.notebookRuntimes.get

aiplatform.notebookRuntimes.list

aiplatform.operations.list

aiplatform.pipelineJobs.create

aiplatform.schedules.*

  • aiplatform.schedules.create
  • aiplatform.schedules.delete
  • aiplatform.schedules.get
  • aiplatform.schedules.list
  • aiplatform.schedules.update

dataform.locations.*

  • dataform.locations.get
  • dataform.locations.list

dataform.repositories.create

dataform.repositories.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/aiplatform.entityTypeOwner)

Provides full access to all permissions for a particular entity type resource.

Lowest-level resources where you can grant this role:

  • Entity type

aiplatform.entityTypes.delete

aiplatform.entityTypes.deleteFeatureValues

aiplatform.entityTypes.exportFeatureValues

aiplatform.entityTypes.get

aiplatform.entityTypes.getIamPolicy

aiplatform.entityTypes.importFeatureValues

aiplatform.entityTypes.readFeatureValues

aiplatform.entityTypes.setIamPolicy

aiplatform.entityTypes.streamingReadFeatureValues

aiplatform.entityTypes.update

aiplatform.entityTypes.writeFeatureValues

aiplatform.featureGroups.get

aiplatform.featureGroups.list

aiplatform.featureOnlineStores.get

aiplatform.featureOnlineStores.list

aiplatform.featureViewSyncs.*

  • aiplatform.featureViewSyncs.get
  • aiplatform.featureViewSyncs.list

aiplatform.featureViews.fetchFeatureValues

aiplatform.featureViews.get

aiplatform.featureViews.list

aiplatform.featureViews.searchNearestEntities

aiplatform.features.*

  • aiplatform.features.create
  • aiplatform.features.delete
  • aiplatform.features.get
  • aiplatform.features.list
  • aiplatform.features.update

aiplatform.featurestores.batchReadFeatureValues

resourcemanager.projects.get

resourcemanager.projects.list

(roles/aiplatform.expressAdmin)

Grants admin access to Vertex AI Express

aiplatform.datasetVersions.*

  • aiplatform.datasetVersions.create
  • aiplatform.datasetVersions.delete
  • aiplatform.datasetVersions.get
  • aiplatform.datasetVersions.list
  • aiplatform.datasetVersions.restore

aiplatform.datasets.create

aiplatform.datasets.delete

aiplatform.datasets.get

aiplatform.datasets.list

aiplatform.datasets.update

aiplatform.endpoints.predict

(roles/aiplatform.expressUser)

Grants user access to Vertex AI Express

aiplatform.endpoints.predict

(roles/aiplatform.featurestoreAdmin)

Grants full access to all resources in Vertex AI Feature Store

Lowest-level resources where you can grant this role:

  • Entity type

aiplatform.entityTypes.*

  • aiplatform.entityTypes.create
  • aiplatform.entityTypes.delete
  • aiplatform.entityTypes.deleteFeatureValues
  • aiplatform.entityTypes.exportFeatureValues
  • aiplatform.entityTypes.get
  • aiplatform.entityTypes.getIamPolicy
  • aiplatform.entityTypes.importFeatureValues
  • aiplatform.entityTypes.list
  • aiplatform.entityTypes.readFeatureValues
  • aiplatform.entityTypes.setIamPolicy
  • aiplatform.entityTypes.streamingReadFeatureValues
  • aiplatform.entityTypes.update
  • aiplatform.entityTypes.writeFeatureValues

aiplatform.featureGroups.*

  • aiplatform.featureGroups.create
  • aiplatform.featureGroups.delete
  • aiplatform.featureGroups.get
  • aiplatform.featureGroups.list
  • aiplatform.featureGroups.update

aiplatform.featureOnlineStores.*

  • aiplatform.featureOnlineStores.create
  • aiplatform.featureOnlineStores.delete
  • aiplatform.featureOnlineStores.get
  • aiplatform.featureOnlineStores.getIamPolicy
  • aiplatform.featureOnlineStores.list
  • aiplatform.featureOnlineStores.setIamPolicy
  • aiplatform.featureOnlineStores.update

aiplatform.featureViewSyncs.*

  • aiplatform.featureViewSyncs.get
  • aiplatform.featureViewSyncs.list

aiplatform.featureViews.*

  • aiplatform.featureViews.create
  • aiplatform.featureViews.delete
  • aiplatform.featureViews.fetchFeatureValues
  • aiplatform.featureViews.get
  • aiplatform.featureViews.getIamPolicy
  • aiplatform.featureViews.list
  • aiplatform.featureViews.searchNearestEntities
  • aiplatform.featureViews.setIamPolicy
  • aiplatform.featureViews.sync
  • aiplatform.featureViews.update

aiplatform.features.*

  • aiplatform.features.create
  • aiplatform.features.delete
  • aiplatform.features.get
  • aiplatform.features.list
  • aiplatform.features.update

aiplatform.featurestores.*

  • aiplatform.featurestores.batchReadFeatureValues
  • aiplatform.featurestores.create
  • aiplatform.featurestores.delete
  • aiplatform.featurestores.exportFeatures
  • aiplatform.featurestores.get
  • aiplatform.featurestores.getIamPolicy
  • aiplatform.featurestores.importFeatures
  • aiplatform.featurestores.list
  • aiplatform.featurestores.readFeatures
  • aiplatform.featurestores.setIamPolicy
  • aiplatform.featurestores.update
  • aiplatform.featurestores.writeFeatures

aiplatform.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/aiplatform.featurestoreDataViewer)

This role provides permissions to read Feature data.

Lowest-level resources where you can grant this role:

  • Entity type

aiplatform.entityTypes.exportFeatureValues

aiplatform.entityTypes.get

aiplatform.entityTypes.readFeatureValues

aiplatform.entityTypes.streamingReadFeatureValues

aiplatform.featureGroups.get

aiplatform.featureGroups.list

aiplatform.featureOnlineStores.get

aiplatform.featureOnlineStores.list

aiplatform.featureViewSyncs.*

  • aiplatform.featureViewSyncs.get
  • aiplatform.featureViewSyncs.list

aiplatform.featureViews.fetchFeatureValues

aiplatform.featureViews.get

aiplatform.featureViews.list

aiplatform.featureViews.searchNearestEntities

aiplatform.features.get

aiplatform.features.list

aiplatform.featurestores.batchReadFeatureValues

resourcemanager.projects.get

resourcemanager.projects.list

(roles/aiplatform.featurestoreDataWriter)

This role provides permissions to read and write Feature data.

Lowest-level resources where you can grant this role:

  • Entity type

aiplatform.entityTypes.deleteFeatureValues

aiplatform.entityTypes.exportFeatureValues

aiplatform.entityTypes.get

aiplatform.entityTypes.importFeatureValues

aiplatform.entityTypes.readFeatureValues

aiplatform.entityTypes.streamingReadFeatureValues

aiplatform.entityTypes.writeFeatureValues

aiplatform.featureGroups.get

aiplatform.featureGroups.list

aiplatform.featureOnlineStores.get

aiplatform.featureOnlineStores.list

aiplatform.featureViewSyncs.*

  • aiplatform.featureViewSyncs.get
  • aiplatform.featureViewSyncs.list

aiplatform.featureViews.fetchFeatureValues

aiplatform.featureViews.get

aiplatform.featureViews.list

aiplatform.featureViews.searchNearestEntities

aiplatform.features.get

aiplatform.features.list

aiplatform.featurestores.batchReadFeatureValues

resourcemanager.projects.get

resourcemanager.projects.list

(roles/aiplatform.featurestoreInstanceCreator)

Administrator of Featurestore resources, but not the child resources under Featurestores.

Lowest-level resources where you can grant this role:

  • Featurestore

aiplatform.featurestores.create

aiplatform.featurestores.delete

aiplatform.featurestores.get

aiplatform.featurestores.list

aiplatform.featurestores.update

(roles/aiplatform.featurestoreResourceViewer)

Viewer of all resources in Vertex AI Feature Store but cannot make changes.

Lowest-level resources where you can grant this role:

  • Entity type

aiplatform.entityTypes.get

aiplatform.entityTypes.list

aiplatform.featureGroups.get

aiplatform.featureGroups.list

aiplatform.featureOnlineStores.get

aiplatform.featureOnlineStores.list

aiplatform.featureViewSyncs.*

  • aiplatform.featureViewSyncs.get
  • aiplatform.featureViewSyncs.list

aiplatform.featureViews.get

aiplatform.featureViews.list

aiplatform.features.get

aiplatform.features.list

aiplatform.featurestores.get

aiplatform.featurestores.list

aiplatform.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/aiplatform.featurestoreUser)

Deprecated. Use featurestoreAdmin instead.

aiplatform.entityTypes.*

  • aiplatform.entityTypes.create
  • aiplatform.entityTypes.delete
  • aiplatform.entityTypes.deleteFeatureValues
  • aiplatform.entityTypes.exportFeatureValues
  • aiplatform.entityTypes.get
  • aiplatform.entityTypes.getIamPolicy
  • aiplatform.entityTypes.importFeatureValues
  • aiplatform.entityTypes.list
  • aiplatform.entityTypes.readFeatureValues
  • aiplatform.entityTypes.setIamPolicy
  • aiplatform.entityTypes.streamingReadFeatureValues
  • aiplatform.entityTypes.update
  • aiplatform.entityTypes.writeFeatureValues

aiplatform.features.*

  • aiplatform.features.create
  • aiplatform.features.delete
  • aiplatform.features.get
  • aiplatform.features.list
  • aiplatform.features.update

aiplatform.featurestores.*

  • aiplatform.featurestores.batchReadFeatureValues
  • aiplatform.featurestores.create
  • aiplatform.featurestores.delete
  • aiplatform.featurestores.exportFeatures
  • aiplatform.featurestores.get
  • aiplatform.featurestores.getIamPolicy
  • aiplatform.featurestores.importFeatures
  • aiplatform.featurestores.list
  • aiplatform.featurestores.readFeatures
  • aiplatform.featurestores.setIamPolicy
  • aiplatform.featurestores.update
  • aiplatform.featurestores.writeFeatures

aiplatform.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/aiplatform.migrator)

Grants access to use migration service in Vertex AI

aiplatform.migratableResources.*

  • aiplatform.migratableResources.migrate
  • aiplatform.migratableResources.search

(roles/aiplatform.notebookExecutorUser)

Grants users full access to schedules and notebook execution jobs.

aiplatform.notebookExecutionJobs.*

  • aiplatform.notebookExecutionJobs.create
  • aiplatform.notebookExecutionJobs.delete
  • aiplatform.notebookExecutionJobs.get
  • aiplatform.notebookExecutionJobs.list

aiplatform.operations.list

aiplatform.pipelineJobs.create

aiplatform.schedules.*

  • aiplatform.schedules.create
  • aiplatform.schedules.delete
  • aiplatform.schedules.get
  • aiplatform.schedules.list
  • aiplatform.schedules.update

(roles/aiplatform.notebookRuntimeAdmin)

Grants full access to all runtime templates and runtimes in Notebook Service.

aiplatform.notebookRuntimeTemplates.*

  • aiplatform.notebookRuntimeTemplates.apply
  • aiplatform.notebookRuntimeTemplates.create
  • aiplatform.notebookRuntimeTemplates.delete
  • aiplatform.notebookRuntimeTemplates.get
  • aiplatform.notebookRuntimeTemplates.getIamPolicy
  • aiplatform.notebookRuntimeTemplates.list
  • aiplatform.notebookRuntimeTemplates.setIamPolicy
  • aiplatform.notebookRuntimeTemplates.update

aiplatform.notebookRuntimes.*

  • aiplatform.notebookRuntimes.assign
  • aiplatform.notebookRuntimes.delete
  • aiplatform.notebookRuntimes.get
  • aiplatform.notebookRuntimes.list
  • aiplatform.notebookRuntimes.start
  • aiplatform.notebookRuntimes.update
  • aiplatform.notebookRuntimes.upgrade

aiplatform.operations.list

compute.reservations.get

compute.reservations.list

(roles/aiplatform.notebookRuntimeUser)

Grants users permissions to create runtime resources using a runtime template and manage the runtime resources they created.

aiplatform.notebookRuntimeTemplates.apply

aiplatform.notebookRuntimeTemplates.get

aiplatform.notebookRuntimeTemplates.getIamPolicy

aiplatform.notebookRuntimeTemplates.list

aiplatform.notebookRuntimes.assign

aiplatform.notebookRuntimes.get

aiplatform.notebookRuntimes.list

aiplatform.operations.list

(roles/aiplatform.tensorboardWebAppUser)

Grants access to the Vertex AI TensorBoard web app.

aiplatform.tensorboards.recordAccess

(roles/aiplatform.user)

Grants access to use all resource in Vertex AI

aiplatform.agentExamples.*

  • aiplatform.agentExamples.create
  • aiplatform.agentExamples.delete
  • aiplatform.agentExamples.get
  • aiplatform.agentExamples.list
  • aiplatform.agentExamples.update

aiplatform.agents.*

  • aiplatform.agents.create
  • aiplatform.agents.delete
  • aiplatform.agents.get
  • aiplatform.agents.list
  • aiplatform.agents.update

aiplatform.annotationSpecs.*

  • aiplatform.annotationSpecs.create
  • aiplatform.annotationSpecs.delete
  • aiplatform.annotationSpecs.get
  • aiplatform.annotationSpecs.list
  • aiplatform.annotationSpecs.update

aiplatform.annotations.*

  • aiplatform.annotations.create
  • aiplatform.annotations.delete
  • aiplatform.annotations.get
  • aiplatform.annotations.list
  • aiplatform.annotations.update

aiplatform.apps.*

  • aiplatform.apps.create
  • aiplatform.apps.delete
  • aiplatform.apps.get
  • aiplatform.apps.list
  • aiplatform.apps.update

aiplatform.artifacts.*

  • aiplatform.artifacts.create
  • aiplatform.artifacts.delete
  • aiplatform.artifacts.get
  • aiplatform.artifacts.list
  • aiplatform.artifacts.update

aiplatform.batchPredictionJobs.*

  • aiplatform.batchPredictionJobs.cancel
  • aiplatform.batchPredictionJobs.create
  • aiplatform.batchPredictionJobs.delete
  • aiplatform.batchPredictionJobs.get
  • aiplatform.batchPredictionJobs.list

aiplatform.cacheConfigs.get

aiplatform.cachedContents.*

  • aiplatform.cachedContents.create
  • aiplatform.cachedContents.delete
  • aiplatform.cachedContents.get
  • aiplatform.cachedContents.list
  • aiplatform.cachedContents.update

aiplatform.consents.get

aiplatform.contexts.*

  • aiplatform.contexts.addContextArtifactsAndExecutions
  • aiplatform.contexts.addContextChildren
  • aiplatform.contexts.create
  • aiplatform.contexts.delete
  • aiplatform.contexts.get
  • aiplatform.contexts.list
  • aiplatform.contexts.queryContextLineageSubgraph
  • aiplatform.contexts.update

aiplatform.customJobs.*

  • aiplatform.customJobs.cancel
  • aiplatform.customJobs.create
  • aiplatform.customJobs.delete
  • aiplatform.customJobs.get
  • aiplatform.customJobs.list

aiplatform.dataItems.*

  • aiplatform.dataItems.create
  • aiplatform.dataItems.delete
  • aiplatform.dataItems.get
  • aiplatform.dataItems.list
  • aiplatform.dataItems.update

aiplatform.dataLabelingJobs.*

  • aiplatform.dataLabelingJobs.cancel
  • aiplatform.dataLabelingJobs.create
  • aiplatform.dataLabelingJobs.delete
  • aiplatform.dataLabelingJobs.get
  • aiplatform.dataLabelingJobs.list

aiplatform.datasetVersions.*

  • aiplatform.datasetVersions.create
  • aiplatform.datasetVersions.delete
  • aiplatform.datasetVersions.get
  • aiplatform.datasetVersions.list
  • aiplatform.datasetVersions.restore

aiplatform.datasets.*

  • aiplatform.datasets.create
  • aiplatform.datasets.delete
  • aiplatform.datasets.export
  • aiplatform.datasets.get
  • aiplatform.datasets.import
  • aiplatform.datasets.list
  • aiplatform.datasets.update

aiplatform.deploymentResourcePools.*

  • aiplatform.deploymentResourcePools.create
  • aiplatform.deploymentResourcePools.delete
  • aiplatform.deploymentResourcePools.get
  • aiplatform.deploymentResourcePools.list
  • aiplatform.deploymentResourcePools.queryDeployedModels
  • aiplatform.deploymentResourcePools.update

aiplatform.edgeDeploymentJobs.*

  • aiplatform.edgeDeploymentJobs.create
  • aiplatform.edgeDeploymentJobs.delete
  • aiplatform.edgeDeploymentJobs.get
  • aiplatform.edgeDeploymentJobs.list

aiplatform.edgeDeviceDebugInfo.get

aiplatform.edgeDevices.*

  • aiplatform.edgeDevices.create
  • aiplatform.edgeDevices.delete
  • aiplatform.edgeDevices.get
  • aiplatform.edgeDevices.list
  • aiplatform.edgeDevices.update

aiplatform.endpoints.create

aiplatform.endpoints.delete

aiplatform.endpoints.deploy

aiplatform.endpoints.explain

aiplatform.endpoints.get

aiplatform.endpoints.list

aiplatform.endpoints.predict

aiplatform.endpoints.undeploy

aiplatform.endpoints.update

aiplatform.entityTypes.create

aiplatform.entityTypes.delete

aiplatform.entityTypes.deleteFeatureValues

aiplatform.entityTypes.exportFeatureValues

aiplatform.entityTypes.get

aiplatform.entityTypes.importFeatureValues

aiplatform.entityTypes.list

aiplatform.entityTypes.readFeatureValues

aiplatform.entityTypes.streamingReadFeatureValues

aiplatform.entityTypes.update

aiplatform.entityTypes.writeFeatureValues

aiplatform.executions.*

  • aiplatform.executions.addExecutionEvents
  • aiplatform.executions.create
  • aiplatform.executions.delete
  • aiplatform.executions.get
  • aiplatform.executions.list
  • aiplatform.executions.queryExecutionInputsAndOutputs
  • aiplatform.executions.update

aiplatform.extensions.*

  • aiplatform.extensions.delete
  • aiplatform.extensions.execute
  • aiplatform.extensions.get
  • aiplatform.extensions.import
  • aiplatform.extensions.list
  • aiplatform.extensions.update

aiplatform.featureGroups.*

  • aiplatform.featureGroups.create
  • aiplatform.featureGroups.delete
  • aiplatform.featureGroups.get
  • aiplatform.featureGroups.list
  • aiplatform.featureGroups.update

aiplatform.featureOnlineStores.create

aiplatform.featureOnlineStores.delete

aiplatform.featureOnlineStores.get

aiplatform.featureOnlineStores.list

aiplatform.featureOnlineStores.update

aiplatform.featureViewSyncs.*

  • aiplatform.featureViewSyncs.get
  • aiplatform.featureViewSyncs.list

aiplatform.featureViews.create

aiplatform.featureViews.delete

aiplatform.featureViews.fetchFeatureValues

aiplatform.featureViews.get

aiplatform.featureViews.list

aiplatform.featureViews.searchNearestEntities

aiplatform.featureViews.sync

aiplatform.featureViews.update

aiplatform.features.*

  • aiplatform.features.create
  • aiplatform.features.delete
  • aiplatform.features.get
  • aiplatform.features.list
  • aiplatform.features.update

aiplatform.featurestores.batchReadFeatureValues

aiplatform.featurestores.create

aiplatform.featurestores.delete

aiplatform.featurestores.exportFeatures

aiplatform.featurestores.get

aiplatform.featurestores.importFeatures

aiplatform.featurestores.list

aiplatform.featurestores.readFeatures

aiplatform.featurestores.update

aiplatform.featurestores.writeFeatures

aiplatform.humanInTheLoops.*

  • aiplatform.humanInTheLoops.cancel
  • aiplatform.humanInTheLoops.create
  • aiplatform.humanInTheLoops.delete
  • aiplatform.humanInTheLoops.get
  • aiplatform.humanInTheLoops.list
  • aiplatform.humanInTheLoops.queryAnnotationStats
  • aiplatform.humanInTheLoops.send
  • aiplatform.humanInTheLoops.update

aiplatform.hyperparameterTuningJobs.*

  • aiplatform.hyperparameterTuningJobs.cancel
  • aiplatform.hyperparameterTuningJobs.create
  • aiplatform.hyperparameterTuningJobs.delete
  • aiplatform.hyperparameterTuningJobs.get
  • aiplatform.hyperparameterTuningJobs.list

aiplatform.indexEndpoints.*

  • aiplatform.indexEndpoints.create
  • aiplatform.indexEndpoints.delete
  • aiplatform.indexEndpoints.deploy
  • aiplatform.indexEndpoints.get
  • aiplatform.indexEndpoints.list
  • aiplatform.indexEndpoints.queryVectors
  • aiplatform.indexEndpoints.undeploy
  • aiplatform.indexEndpoints.update

aiplatform.indexes.*

  • aiplatform.indexes.create
  • aiplatform.indexes.delete
  • aiplatform.indexes.get
  • aiplatform.indexes.list
  • aiplatform.indexes.update

aiplatform.locations.*

  • aiplatform.locations.get
  • aiplatform.locations.list

aiplatform.metadataSchemas.*

  • aiplatform.metadataSchemas.create
  • aiplatform.metadataSchemas.delete
  • aiplatform.metadataSchemas.get
  • aiplatform.metadataSchemas.list

aiplatform.metadataStores.*

  • aiplatform.metadataStores.create
  • aiplatform.metadataStores.delete
  • aiplatform.metadataStores.get
  • aiplatform.metadataStores.list

aiplatform.modelDeploymentMonitoringJobs.*

  • aiplatform.modelDeploymentMonitoringJobs.create
  • aiplatform.modelDeploymentMonitoringJobs.delete
  • aiplatform.modelDeploymentMonitoringJobs.get
  • aiplatform.modelDeploymentMonitoringJobs.list
  • aiplatform.modelDeploymentMonitoringJobs.pause
  • aiplatform.modelDeploymentMonitoringJobs.resume
  • aiplatform.modelDeploymentMonitoringJobs.searchStatsAnomalies
  • aiplatform.modelDeploymentMonitoringJobs.update

aiplatform.modelEvaluationSlices.*

  • aiplatform.modelEvaluationSlices.get
  • aiplatform.modelEvaluationSlices.import
  • aiplatform.modelEvaluationSlices.list

aiplatform.modelEvaluations.*

  • aiplatform.modelEvaluations.exportEvaluatedDataItems
  • aiplatform.modelEvaluations.get
  • aiplatform.modelEvaluations.import
  • aiplatform.modelEvaluations.list

aiplatform.modelMonitoringJobs.*

  • aiplatform.modelMonitoringJobs.create
  • aiplatform.modelMonitoringJobs.delete
  • aiplatform.modelMonitoringJobs.get
  • aiplatform.modelMonitoringJobs.list

aiplatform.modelMonitors.*

  • aiplatform.modelMonitors.create
  • aiplatform.modelMonitors.delete
  • aiplatform.modelMonitors.get
  • aiplatform.modelMonitors.list
  • aiplatform.modelMonitors.searchModelMonitoringAlerts
  • aiplatform.modelMonitors.searchModelMonitoringStats
  • aiplatform.modelMonitors.update

aiplatform.models.*

  • aiplatform.models.delete
  • aiplatform.models.export
  • aiplatform.models.get
  • aiplatform.models.list
  • aiplatform.models.update
  • aiplatform.models.upload

aiplatform.nasJobs.*

  • aiplatform.nasJobs.cancel
  • aiplatform.nasJobs.create
  • aiplatform.nasJobs.delete
  • aiplatform.nasJobs.get
  • aiplatform.nasJobs.list

aiplatform.nasTrialDetails.*

  • aiplatform.nasTrialDetails.get
  • aiplatform.nasTrialDetails.list

aiplatform.notebookExecutionJobs.*

  • aiplatform.notebookExecutionJobs.create
  • aiplatform.notebookExecutionJobs.delete
  • aiplatform.notebookExecutionJobs.get
  • aiplatform.notebookExecutionJobs.list

aiplatform.notebookRuntimeTemplates.apply

aiplatform.notebookRuntimeTemplates.create

aiplatform.notebookRuntimeTemplates.delete

aiplatform.notebookRuntimeTemplates.get

aiplatform.notebookRuntimeTemplates.list

aiplatform.notebookRuntimeTemplates.update

aiplatform.notebookRuntimes.*

  • aiplatform.notebookRuntimes.assign
  • aiplatform.notebookRuntimes.delete
  • aiplatform.notebookRuntimes.get
  • aiplatform.notebookRuntimes.list
  • aiplatform.notebookRuntimes.start
  • aiplatform.notebookRuntimes.update
  • aiplatform.notebookRuntimes.upgrade

aiplatform.operations.list

aiplatform.persistentResources.get

aiplatform.persistentResources.list

aiplatform.pipelineJobs.*

  • aiplatform.pipelineJobs.cancel
  • aiplatform.pipelineJobs.create
  • aiplatform.pipelineJobs.delete
  • aiplatform.pipelineJobs.get
  • aiplatform.pipelineJobs.list

aiplatform.reasoningEngines.*

  • aiplatform.reasoningEngines.create
  • aiplatform.reasoningEngines.delete
  • aiplatform.reasoningEngines.get
  • aiplatform.reasoningEngines.list
  • aiplatform.reasoningEngines.query
  • aiplatform.reasoningEngines.update

aiplatform.schedules.*

  • aiplatform.schedules.create
  • aiplatform.schedules.delete
  • aiplatform.schedules.get
  • aiplatform.schedules.list
  • aiplatform.schedules.update

aiplatform.sessions.*

  • aiplatform.sessions.get
  • aiplatform.sessions.list
  • aiplatform.sessions.run

aiplatform.specialistPools.*

  • aiplatform.specialistPools.create
  • aiplatform.specialistPools.delete
  • aiplatform.specialistPools.get
  • aiplatform.specialistPools.list
  • aiplatform.specialistPools.update

aiplatform.studies.*

  • aiplatform.studies.create
  • aiplatform.studies.delete
  • aiplatform.studies.get
  • aiplatform.studies.list
  • aiplatform.studies.update

aiplatform.tensorboardExperiments.*

  • aiplatform.tensorboardExperiments.create
  • aiplatform.tensorboardExperiments.delete
  • aiplatform.tensorboardExperiments.get
  • aiplatform.tensorboardExperiments.list
  • aiplatform.tensorboardExperiments.update
  • aiplatform.tensorboardExperiments.write

aiplatform.tensorboardRuns.*

  • aiplatform.tensorboardRuns.batchCreate
  • aiplatform.tensorboardRuns.create
  • aiplatform.tensorboardRuns.delete
  • aiplatform.tensorboardRuns.get
  • aiplatform.tensorboardRuns.list
  • aiplatform.tensorboardRuns.update
  • aiplatform.tensorboardRuns.write

aiplatform.tensorboardTimeSeries.*

  • aiplatform.tensorboardTimeSeries.batchCreate
  • aiplatform.tensorboardTimeSeries.batchRead
  • aiplatform.tensorboardTimeSeries.create
  • aiplatform.tensorboardTimeSeries.delete
  • aiplatform.tensorboardTimeSeries.get
  • aiplatform.tensorboardTimeSeries.list
  • aiplatform.tensorboardTimeSeries.read
  • aiplatform.tensorboardTimeSeries.update

aiplatform.tensorboards.create

aiplatform.tensorboards.delete

aiplatform.tensorboards.get

aiplatform.tensorboards.list

aiplatform.tensorboards.update

aiplatform.trainingPipelines.*

  • aiplatform.trainingPipelines.cancel
  • aiplatform.trainingPipelines.create
  • aiplatform.trainingPipelines.delete
  • aiplatform.trainingPipelines.get
  • aiplatform.trainingPipelines.list

aiplatform.trials.*

  • aiplatform.trials.create
  • aiplatform.trials.delete
  • aiplatform.trials.get
  • aiplatform.trials.list
  • aiplatform.trials.update

aiplatform.tuningJobs.*

  • aiplatform.tuningJobs.cancel
  • aiplatform.tuningJobs.create
  • aiplatform.tuningJobs.delete
  • aiplatform.tuningJobs.get
  • aiplatform.tuningJobs.list
  • aiplatform.tuningJobs.vertexTune

resourcemanager.projects.get

resourcemanager.projects.list

(roles/aiplatform.viewer)

Grants access to view all resource in Vertex AI

aiplatform.agentExamples.get

aiplatform.agentExamples.list

aiplatform.agents.get

aiplatform.agents.list

aiplatform.annotationSpecs.get

aiplatform.annotationSpecs.list

aiplatform.annotations.get

aiplatform.annotations.list

aiplatform.apps.get

aiplatform.apps.list

aiplatform.artifacts.get

aiplatform.artifacts.list

aiplatform.batchPredictionJobs.get

aiplatform.batchPredictionJobs.list

aiplatform.cacheConfigs.get

aiplatform.cachedContents.get

aiplatform.cachedContents.list

aiplatform.consents.get

aiplatform.contexts.get

aiplatform.contexts.list

aiplatform.contexts.queryContextLineageSubgraph

aiplatform.customJobs.get

aiplatform.customJobs.list

aiplatform.dataItems.get

aiplatform.dataItems.list

aiplatform.dataLabelingJobs.get

aiplatform.dataLabelingJobs.list

aiplatform.datasetVersions.get

aiplatform.datasetVersions.list

aiplatform.datasets.get

aiplatform.datasets.list

aiplatform.deploymentResourcePools.get

aiplatform.deploymentResourcePools.list

aiplatform.deploymentResourcePools.queryDeployedModels

aiplatform.edgeDeploymentJobs.get

aiplatform.edgeDeploymentJobs.list

aiplatform.edgeDeviceDebugInfo.get

aiplatform.edgeDevices.get

aiplatform.edgeDevices.list

aiplatform.endpoints.get

aiplatform.endpoints.list

aiplatform.entityTypes.get

aiplatform.entityTypes.list

aiplatform.executions.get

aiplatform.executions.list

aiplatform.executions.queryExecutionInputsAndOutputs

aiplatform.extensions.get

aiplatform.extensions.list

aiplatform.featureGroups.get

aiplatform.featureGroups.list

aiplatform.featureOnlineStores.get

aiplatform.featureOnlineStores.list

aiplatform.featureViewSyncs.*

  • aiplatform.featureViewSyncs.get
  • aiplatform.featureViewSyncs.list

aiplatform.featureViews.fetchFeatureValues

aiplatform.featureViews.get

aiplatform.featureViews.list

aiplatform.featureViews.searchNearestEntities

aiplatform.features.get

aiplatform.features.list

aiplatform.featurestores.get

aiplatform.featurestores.list

aiplatform.humanInTheLoops.get

aiplatform.humanInTheLoops.list

aiplatform.hyperparameterTuningJobs.get

aiplatform.hyperparameterTuningJobs.list

aiplatform.indexEndpoints.get

aiplatform.indexEndpoints.list

aiplatform.indexEndpoints.queryVectors

aiplatform.indexes.get

aiplatform.indexes.list

aiplatform.locations.*

  • aiplatform.locations.get
  • aiplatform.locations.list

aiplatform.metadataSchemas.get

aiplatform.metadataSchemas.list

aiplatform.metadataStores.get

aiplatform.metadataStores.list

aiplatform.modelDeploymentMonitoringJobs.get

aiplatform.modelDeploymentMonitoringJobs.list

aiplatform.modelDeploymentMonitoringJobs.searchStatsAnomalies

aiplatform.modelEvaluationSlices.get

aiplatform.modelEvaluationSlices.list

aiplatform.modelEvaluations.get

aiplatform.modelEvaluations.list

aiplatform.modelMonitoringJobs.get

aiplatform.modelMonitoringJobs.list

aiplatform.modelMonitors.get

aiplatform.modelMonitors.list

aiplatform.modelMonitors.searchModelMonitoringAlerts

aiplatform.modelMonitors.searchModelMonitoringStats

aiplatform.models.get

aiplatform.models.list

aiplatform.nasJobs.get

aiplatform.nasJobs.list

aiplatform.nasTrialDetails.*

  • aiplatform.nasTrialDetails.get
  • aiplatform.nasTrialDetails.list

aiplatform.notebookExecutionJobs.get

aiplatform.notebookExecutionJobs.list

aiplatform.notebookRuntimeTemplates.get

aiplatform.notebookRuntimeTemplates.list

aiplatform.notebookRuntimes.get

aiplatform.notebookRuntimes.list

aiplatform.operations.list

aiplatform.persistentResources.get

aiplatform.persistentResources.list

aiplatform.pipelineJobs.get

aiplatform.pipelineJobs.list

aiplatform.reasoningEngines.get

aiplatform.reasoningEngines.list

aiplatform.reasoningEngines.query

aiplatform.schedules.get

aiplatform.schedules.list

aiplatform.sessions.get

aiplatform.sessions.list

aiplatform.specialistPools.get

aiplatform.specialistPools.list

aiplatform.specialistPools.update

aiplatform.studies.get

aiplatform.studies.list

aiplatform.tensorboardExperiments.get

aiplatform.tensorboardExperiments.list

aiplatform.tensorboardRuns.get

aiplatform.tensorboardRuns.list

aiplatform.tensorboardTimeSeries.batchRead

aiplatform.tensorboardTimeSeries.get

aiplatform.tensorboardTimeSeries.list

aiplatform.tensorboardTimeSeries.read

aiplatform.tensorboards.get

aiplatform.tensorboards.list

aiplatform.trainingPipelines.get

aiplatform.trainingPipelines.list

aiplatform.trials.get

aiplatform.trials.list

aiplatform.tuningJobs.get

aiplatform.tuningJobs.list

resourcemanager.projects.get

resourcemanager.projects.list

基本ロール

従来の Google Cloud 基本ロールは、すべての Google Cloud サービスで共通です。オーナー、編集者、閲覧者のロールがあります。

基本ロールは、Vertex AI だけでなく Google Cloud 全体に対する権限を付与します。このため、可能であれば Vertex AI のロールを使用してください。

カスタムロール

Vertex AI の IAM 事前定義ロールがニーズに合わない場合は、カスタムロールを定義できます。カスタムロールを使用すると、特定の権限セットを選択し、それらの権限を持つ独自のロールを作成して、組織内のユーザーに付与できます。詳細については、IAM カスタムロールについてをご覧ください。

プロジェクト レベルとリソースレベルのポリシー

リソースレベルでポリシーを設定しても、プロジェクト レベルのポリシーには影響しません。リソースは祖先からすべてのポリシーを継承します。この 2 つのレベルを使用して、権限をカスタマイズできます。たとえば、ユーザーにプロジェクト レベルで読み取り権限を付与し、プロジェクト内のすべてのリソースを読み取るようにした後、リソースごとに(リソースレベルで)書き込み権限を付与できます。

Vertex AI の事前定義ロールとリソースがすべてリソースレベルのポリシーをサポートしているわけではありません。どのリソースでどのロールを使用できるかを確認するには、各ロールの説明を確認してください。

サポートされているリソース

Vertex AI は、Vertex AI Feature Store の featurestore リソースとエンティティ タイプのリソースをサポートしています。詳細については、Vertex AI Feature Store リソースへのアクセスを制御するをご覧ください。

リソースへのアクセス権の付与または取り消しを行った後、これらの変更が反映されるまでに時間がかかります。詳細については、アクセス権変更の伝播をご覧ください。

サービス アカウントとサービス エージェントについて

サービス アカウント

サービス アカウントは、ユーザーではなく、アプリケーションや仮想マシン(VM)インスタンスで使用される特別なアカウントです。サービス アカウントを作成して権限を割り当てることで、リソースまたはアプリケーションに特定の権限を付与できます。

サービス アカウントを使用して、カスタム トレーニング コンテナの権限またはカスタム トレーニング モデルのオンライン予測を提供するコンテナの権限をカスタマイズする方法については、カスタム サービス アカウントの使用をご覧ください。

サービス アカウントはメールアドレスで識別されます。

サービス エージェント

サービス エージェントは、Google が管理するサービス アカウントで、自動的に提供されます。これにより、ユーザーに代わってサービスがリソースにアクセスできるようになります。

サービス エージェントが作成されると、サービス エージェントにプロジェクトの事前定義ロールが付与されます。次の表に、Vertex AI サービス エージェント、そのメールアドレス、それぞれのロールを示します。

名前 用途 メールアドレス ロール
Vertex AI サービス エージェント Vertex AI の機能 service-PROJECT_NUMBER@gcp-sa-aiplatform.iam.gserviceaccount.com roles/aiplatform.serviceAgent
Vertex AI Custom Code サービス エージェント カスタム トレーニング コード service-PROJECT_NUMBER@gcp-sa-aiplatform-cc.iam.gserviceaccount.com roles/aiplatform.customCodeServiceAgent
Vertex AI Extension サービス エージェント Vertex の拡張機能 service-PROJECT_NUMBER@gcp-sa-vertex-ex.iam.gserviceaccount.com roles/aiplatform.extensionServiceAgent
Cloud AI Platform Notebooks サービス アカウント Vertex AI Workbench の機能 service-PROJECT_NUMBER@gcp-sa-notebooks.iam.gserviceaccount.com roles/notebooks.serviceAgent

Vertex AI Custom Code サービス エージェントは、カスタム トレーニング コードでトレーニング済みのモデルをトレーニングした場合にのみ作成されます。

サービス エージェントのロールと権限

Vertex AI サービス エージェントに付与されている次のロールと権限をご覧ください。

ロール 権限

roles/aiplatform.serviceAgent

動作に必要となる権限を Vertex AI に付与します。

aiplatform.annotationSpecs.*

  • aiplatform.annotationSpecs.create
  • aiplatform.annotationSpecs.delete
  • aiplatform.annotationSpecs.get
  • aiplatform.annotationSpecs.list
  • aiplatform.annotationSpecs.update

aiplatform.annotations.*

  • aiplatform.annotations.create
  • aiplatform.annotations.delete
  • aiplatform.annotations.get
  • aiplatform.annotations.list
  • aiplatform.annotations.update

aiplatform.artifacts.*

  • aiplatform.artifacts.create
  • aiplatform.artifacts.delete
  • aiplatform.artifacts.get
  • aiplatform.artifacts.list
  • aiplatform.artifacts.update

aiplatform.batchPredictionJobs.*

  • aiplatform.batchPredictionJobs.cancel
  • aiplatform.batchPredictionJobs.create
  • aiplatform.batchPredictionJobs.delete
  • aiplatform.batchPredictionJobs.get
  • aiplatform.batchPredictionJobs.list

aiplatform.contexts.*

  • aiplatform.contexts.addContextArtifactsAndExecutions
  • aiplatform.contexts.addContextChildren
  • aiplatform.contexts.create
  • aiplatform.contexts.delete
  • aiplatform.contexts.get
  • aiplatform.contexts.list
  • aiplatform.contexts.queryContextLineageSubgraph
  • aiplatform.contexts.update

aiplatform.customJobs.*

  • aiplatform.customJobs.cancel
  • aiplatform.customJobs.create
  • aiplatform.customJobs.delete
  • aiplatform.customJobs.get
  • aiplatform.customJobs.list

aiplatform.dataItems.*

  • aiplatform.dataItems.create
  • aiplatform.dataItems.delete
  • aiplatform.dataItems.get
  • aiplatform.dataItems.list
  • aiplatform.dataItems.update

aiplatform.dataLabelingJobs.*

  • aiplatform.dataLabelingJobs.cancel
  • aiplatform.dataLabelingJobs.create
  • aiplatform.dataLabelingJobs.delete
  • aiplatform.dataLabelingJobs.get
  • aiplatform.dataLabelingJobs.list

aiplatform.datasetVersions.*

  • aiplatform.datasetVersions.create
  • aiplatform.datasetVersions.delete
  • aiplatform.datasetVersions.get
  • aiplatform.datasetVersions.list
  • aiplatform.datasetVersions.restore

aiplatform.datasets.*

  • aiplatform.datasets.create
  • aiplatform.datasets.delete
  • aiplatform.datasets.export
  • aiplatform.datasets.get
  • aiplatform.datasets.import
  • aiplatform.datasets.list
  • aiplatform.datasets.update

aiplatform.deploymentResourcePools.*

  • aiplatform.deploymentResourcePools.create
  • aiplatform.deploymentResourcePools.delete
  • aiplatform.deploymentResourcePools.get
  • aiplatform.deploymentResourcePools.list
  • aiplatform.deploymentResourcePools.queryDeployedModels
  • aiplatform.deploymentResourcePools.update

aiplatform.edgeDeploymentJobs.*

  • aiplatform.edgeDeploymentJobs.create
  • aiplatform.edgeDeploymentJobs.delete
  • aiplatform.edgeDeploymentJobs.get
  • aiplatform.edgeDeploymentJobs.list

aiplatform.edgeDeviceDebugInfo.get

aiplatform.edgeDevices.*

  • aiplatform.edgeDevices.create
  • aiplatform.edgeDevices.delete
  • aiplatform.edgeDevices.get
  • aiplatform.edgeDevices.list
  • aiplatform.edgeDevices.update

aiplatform.endpoints.create

aiplatform.endpoints.delete

aiplatform.endpoints.deploy

aiplatform.endpoints.explain

aiplatform.endpoints.get

aiplatform.endpoints.list

aiplatform.endpoints.predict

aiplatform.endpoints.undeploy

aiplatform.endpoints.update

aiplatform.entityTypes.create

aiplatform.entityTypes.delete

aiplatform.entityTypes.deleteFeatureValues

aiplatform.entityTypes.exportFeatureValues

aiplatform.entityTypes.get

aiplatform.entityTypes.importFeatureValues

aiplatform.entityTypes.list

aiplatform.entityTypes.readFeatureValues

aiplatform.entityTypes.streamingReadFeatureValues

aiplatform.entityTypes.update

aiplatform.entityTypes.writeFeatureValues

aiplatform.executions.*

  • aiplatform.executions.addExecutionEvents
  • aiplatform.executions.create
  • aiplatform.executions.delete
  • aiplatform.executions.get
  • aiplatform.executions.list
  • aiplatform.executions.queryExecutionInputsAndOutputs
  • aiplatform.executions.update

aiplatform.extensions.*

  • aiplatform.extensions.delete
  • aiplatform.extensions.execute
  • aiplatform.extensions.get
  • aiplatform.extensions.import
  • aiplatform.extensions.list
  • aiplatform.extensions.update

aiplatform.featureGroups.*

  • aiplatform.featureGroups.create
  • aiplatform.featureGroups.delete
  • aiplatform.featureGroups.get
  • aiplatform.featureGroups.list
  • aiplatform.featureGroups.update

aiplatform.featureOnlineStores.*

  • aiplatform.featureOnlineStores.create
  • aiplatform.featureOnlineStores.delete
  • aiplatform.featureOnlineStores.get
  • aiplatform.featureOnlineStores.list
  • aiplatform.featureOnlineStores.update

aiplatform.featureViewSyncs.*

  • aiplatform.featureViewSyncs.get
  • aiplatform.featureViewSyncs.list

aiplatform.featureViews.*

  • aiplatform.featureViews.create
  • aiplatform.featureViews.delete
  • aiplatform.featureViews.fetchFeatureValues
  • aiplatform.featureViews.get
  • aiplatform.featureViews.list
  • aiplatform.featureViews.searchNearestEntities
  • aiplatform.featureViews.sync
  • aiplatform.featureViews.update

aiplatform.features.*

  • aiplatform.features.create
  • aiplatform.features.delete
  • aiplatform.features.get
  • aiplatform.features.list
  • aiplatform.features.update

aiplatform.featurestores.batchReadFeatureValues

aiplatform.featurestores.create

aiplatform.featurestores.delete

aiplatform.featurestores.exportFeatures

aiplatform.featurestores.get

aiplatform.featurestores.importFeatures

aiplatform.featurestores.list

aiplatform.featurestores.readFeatures

aiplatform.featurestores.update

aiplatform.featurestores.writeFeatures

aiplatform.humanInTheLoops.*

  • aiplatform.humanInTheLoops.cancel
  • aiplatform.humanInTheLoops.create
  • aiplatform.humanInTheLoops.delete
  • aiplatform.humanInTheLoops.get
  • aiplatform.humanInTheLoops.list
  • aiplatform.humanInTheLoops.queryAnnotationStats
  • aiplatform.humanInTheLoops.send
  • aiplatform.humanInTheLoops.update

aiplatform.hyperparameterTuningJobs.*

  • aiplatform.hyperparameterTuningJobs.cancel
  • aiplatform.hyperparameterTuningJobs.create
  • aiplatform.hyperparameterTuningJobs.delete
  • aiplatform.hyperparameterTuningJobs.get
  • aiplatform.hyperparameterTuningJobs.list

aiplatform.indexEndpoints.*

  • aiplatform.indexEndpoints.create
  • aiplatform.indexEndpoints.delete
  • aiplatform.indexEndpoints.deploy
  • aiplatform.indexEndpoints.get
  • aiplatform.indexEndpoints.list
  • aiplatform.indexEndpoints.queryVectors
  • aiplatform.indexEndpoints.undeploy
  • aiplatform.indexEndpoints.update

aiplatform.indexes.*

  • aiplatform.indexes.create
  • aiplatform.indexes.delete
  • aiplatform.indexes.get
  • aiplatform.indexes.list
  • aiplatform.indexes.update

aiplatform.locations.*

  • aiplatform.locations.get
  • aiplatform.locations.list

aiplatform.metadataSchemas.*

  • aiplatform.metadataSchemas.create
  • aiplatform.metadataSchemas.delete
  • aiplatform.metadataSchemas.get
  • aiplatform.metadataSchemas.list

aiplatform.metadataStores.*

  • aiplatform.metadataStores.create
  • aiplatform.metadataStores.delete
  • aiplatform.metadataStores.get
  • aiplatform.metadataStores.list

aiplatform.modelDeploymentMonitoringJobs.*

  • aiplatform.modelDeploymentMonitoringJobs.create
  • aiplatform.modelDeploymentMonitoringJobs.delete
  • aiplatform.modelDeploymentMonitoringJobs.get
  • aiplatform.modelDeploymentMonitoringJobs.list
  • aiplatform.modelDeploymentMonitoringJobs.pause
  • aiplatform.modelDeploymentMonitoringJobs.resume
  • aiplatform.modelDeploymentMonitoringJobs.searchStatsAnomalies
  • aiplatform.modelDeploymentMonitoringJobs.update

aiplatform.modelEvaluationSlices.*

  • aiplatform.modelEvaluationSlices.get
  • aiplatform.modelEvaluationSlices.import
  • aiplatform.modelEvaluationSlices.list

aiplatform.modelEvaluations.*

  • aiplatform.modelEvaluations.exportEvaluatedDataItems
  • aiplatform.modelEvaluations.get
  • aiplatform.modelEvaluations.import
  • aiplatform.modelEvaluations.list

aiplatform.models.*

  • aiplatform.models.delete
  • aiplatform.models.export
  • aiplatform.models.get
  • aiplatform.models.list
  • aiplatform.models.update
  • aiplatform.models.upload

aiplatform.nasJobs.*

  • aiplatform.nasJobs.cancel
  • aiplatform.nasJobs.create
  • aiplatform.nasJobs.delete
  • aiplatform.nasJobs.get
  • aiplatform.nasJobs.list

aiplatform.nasTrialDetails.*

  • aiplatform.nasTrialDetails.get
  • aiplatform.nasTrialDetails.list

aiplatform.notebookRuntimeTemplates.apply

aiplatform.notebookRuntimeTemplates.create

aiplatform.notebookRuntimeTemplates.delete

aiplatform.notebookRuntimeTemplates.get

aiplatform.notebookRuntimeTemplates.list

aiplatform.notebookRuntimeTemplates.update

aiplatform.notebookRuntimes.*

  • aiplatform.notebookRuntimes.assign
  • aiplatform.notebookRuntimes.delete
  • aiplatform.notebookRuntimes.get
  • aiplatform.notebookRuntimes.list
  • aiplatform.notebookRuntimes.start
  • aiplatform.notebookRuntimes.update
  • aiplatform.notebookRuntimes.upgrade

aiplatform.operations.list

aiplatform.persistentResources.get

aiplatform.persistentResources.list

aiplatform.pipelineJobs.*

  • aiplatform.pipelineJobs.cancel
  • aiplatform.pipelineJobs.create
  • aiplatform.pipelineJobs.delete
  • aiplatform.pipelineJobs.get
  • aiplatform.pipelineJobs.list

aiplatform.schedules.*

  • aiplatform.schedules.create
  • aiplatform.schedules.delete
  • aiplatform.schedules.get
  • aiplatform.schedules.list
  • aiplatform.schedules.update

aiplatform.specialistPools.*

  • aiplatform.specialistPools.create
  • aiplatform.specialistPools.delete
  • aiplatform.specialistPools.get
  • aiplatform.specialistPools.list
  • aiplatform.specialistPools.update

aiplatform.studies.*

  • aiplatform.studies.create
  • aiplatform.studies.delete
  • aiplatform.studies.get
  • aiplatform.studies.list
  • aiplatform.studies.update

aiplatform.tensorboardExperiments.*

  • aiplatform.tensorboardExperiments.create
  • aiplatform.tensorboardExperiments.delete
  • aiplatform.tensorboardExperiments.get
  • aiplatform.tensorboardExperiments.list
  • aiplatform.tensorboardExperiments.update
  • aiplatform.tensorboardExperiments.write

aiplatform.tensorboardRuns.*

  • aiplatform.tensorboardRuns.batchCreate
  • aiplatform.tensorboardRuns.create
  • aiplatform.tensorboardRuns.delete
  • aiplatform.tensorboardRuns.get
  • aiplatform.tensorboardRuns.list
  • aiplatform.tensorboardRuns.update
  • aiplatform.tensorboardRuns.write

aiplatform.tensorboardTimeSeries.*

  • aiplatform.tensorboardTimeSeries.batchCreate
  • aiplatform.tensorboardTimeSeries.batchRead
  • aiplatform.tensorboardTimeSeries.create
  • aiplatform.tensorboardTimeSeries.delete
  • aiplatform.tensorboardTimeSeries.get
  • aiplatform.tensorboardTimeSeries.list
  • aiplatform.tensorboardTimeSeries.read
  • aiplatform.tensorboardTimeSeries.update

aiplatform.tensorboards.create

aiplatform.tensorboards.delete

aiplatform.tensorboards.get

aiplatform.tensorboards.list

aiplatform.tensorboards.update

aiplatform.trainingPipelines.*

  • aiplatform.trainingPipelines.cancel
  • aiplatform.trainingPipelines.create
  • aiplatform.trainingPipelines.delete
  • aiplatform.trainingPipelines.get
  • aiplatform.trainingPipelines.list

aiplatform.trials.*

  • aiplatform.trials.create
  • aiplatform.trials.delete
  • aiplatform.trials.get
  • aiplatform.trials.list
  • aiplatform.trials.update

artifactregistry.repositories.create

artifactregistry.repositories.downloadArtifacts

artifactregistry.repositories.get

artifactregistry.repositories.list

artifactregistry.repositories.uploadArtifacts

artifactregistry.tags.get

artifactregistry.versions.get

automl.datasets.export

automl.datasets.get

automl.datasets.list

automl.modelEvaluations.list

automl.models.get

automl.models.list

automl.operations.get

automl.tableSpecs.get

bigquery.datasets.create

bigquery.datasets.get

bigquery.jobs.create

bigquery.jobs.get

bigquery.models.create

bigquery.models.export

bigquery.models.getData

bigquery.readsessions.create

bigquery.readsessions.getData

bigquery.tables.create

bigquery.tables.export

bigquery.tables.get

bigquery.tables.getData

bigquery.tables.update

bigquery.tables.updateData

bigtable.tables.get

bigtable.tables.list

bigtable.tables.readRows

compute.addresses.get

compute.addresses.list

compute.addresses.use

compute.addresses.useInternal

compute.disks.create

compute.disks.createSnapshot

compute.disks.createTagBinding

compute.disks.delete

compute.disks.get

compute.disks.setLabels

compute.disks.use

compute.disks.useReadOnly

compute.globalOperations.get

compute.instances.attachDisk

compute.instances.create

compute.instances.createTagBinding

compute.instances.delete

compute.instances.detachDisk

compute.instances.get

compute.instances.setLabels

compute.instances.setMetadata

compute.instances.setServiceAccount

compute.instances.setTags

compute.instances.start

compute.instances.stop

compute.instances.useReadOnly

compute.machineTypes.get

compute.networks.get

compute.networks.use

compute.networks.useExternalIp

compute.snapshots.create

compute.snapshots.delete

compute.snapshots.useReadOnly

compute.subnetworks.get

compute.subnetworks.list

compute.subnetworks.use

compute.subnetworks.useExternalIp

compute.zoneOperations.get

dataflow.jobs.*

  • dataflow.jobs.cancel
  • dataflow.jobs.create
  • dataflow.jobs.get
  • dataflow.jobs.list
  • dataflow.jobs.snapshot
  • dataflow.jobs.updateContents

dataflow.messages.list

dataflow.metrics.get

dataflow.snapshots.*

  • dataflow.snapshots.delete
  • dataflow.snapshots.get
  • dataflow.snapshots.list

datalabeling.annotateddatasets.get

datalabeling.datasets.export

datalabeling.datasets.get

datalabeling.datasets.list

datalabeling.operations.get

iam.serviceAccounts.actAs

iam.serviceAccounts.getAccessToken

logging.logEntries.create

logging.logEntries.route

ml.models.list

ml.operations.get

ml.versions.get

ml.versions.list

monitoring.notificationChannels.get

notebooks.instances.create

notebooks.instances.delete

notebooks.instances.get

resourcemanager.projects.get

resourcemanager.projects.list

run.executions.delete

run.executions.get

run.jobs.create

run.jobs.delete

run.jobs.get

run.jobs.run

run.jobs.update

run.operations.delete

run.operations.get

run.routes.invoke

run.services.create

run.services.delete

run.services.get

serviceusage.services.use

storage.buckets.create

storage.buckets.delete

storage.buckets.get

storage.buckets.list

storage.objects.create

storage.objects.delete

storage.objects.get

storage.objects.list

storage.objects.update

roles/aiplatform.customCodeServiceAgent

Vertex AI Custom Code に適切な権限を付与します。

aiplatform.annotationSpecs.*

  • aiplatform.annotationSpecs.create
  • aiplatform.annotationSpecs.delete
  • aiplatform.annotationSpecs.get
  • aiplatform.annotationSpecs.list
  • aiplatform.annotationSpecs.update

aiplatform.annotations.*

  • aiplatform.annotations.create
  • aiplatform.annotations.delete
  • aiplatform.annotations.get
  • aiplatform.annotations.list
  • aiplatform.annotations.update

aiplatform.artifacts.*

  • aiplatform.artifacts.create
  • aiplatform.artifacts.delete
  • aiplatform.artifacts.get
  • aiplatform.artifacts.list
  • aiplatform.artifacts.update

aiplatform.batchPredictionJobs.*

  • aiplatform.batchPredictionJobs.cancel
  • aiplatform.batchPredictionJobs.create
  • aiplatform.batchPredictionJobs.delete
  • aiplatform.batchPredictionJobs.get
  • aiplatform.batchPredictionJobs.list

aiplatform.contexts.*

  • aiplatform.contexts.addContextArtifactsAndExecutions
  • aiplatform.contexts.addContextChildren
  • aiplatform.contexts.create
  • aiplatform.contexts.delete
  • aiplatform.contexts.get
  • aiplatform.contexts.list
  • aiplatform.contexts.queryContextLineageSubgraph
  • aiplatform.contexts.update

aiplatform.customJobs.*

  • aiplatform.customJobs.cancel
  • aiplatform.customJobs.create
  • aiplatform.customJobs.delete
  • aiplatform.customJobs.get
  • aiplatform.customJobs.list

aiplatform.dataItems.*

  • aiplatform.dataItems.create
  • aiplatform.dataItems.delete
  • aiplatform.dataItems.get
  • aiplatform.dataItems.list
  • aiplatform.dataItems.update

aiplatform.dataLabelingJobs.*

  • aiplatform.dataLabelingJobs.cancel
  • aiplatform.dataLabelingJobs.create
  • aiplatform.dataLabelingJobs.delete
  • aiplatform.dataLabelingJobs.get
  • aiplatform.dataLabelingJobs.list

aiplatform.datasetVersions.*

  • aiplatform.datasetVersions.create
  • aiplatform.datasetVersions.delete
  • aiplatform.datasetVersions.get
  • aiplatform.datasetVersions.list
  • aiplatform.datasetVersions.restore

aiplatform.datasets.*

  • aiplatform.datasets.create
  • aiplatform.datasets.delete
  • aiplatform.datasets.export
  • aiplatform.datasets.get
  • aiplatform.datasets.import
  • aiplatform.datasets.list
  • aiplatform.datasets.update

aiplatform.deploymentResourcePools.*

  • aiplatform.deploymentResourcePools.create
  • aiplatform.deploymentResourcePools.delete
  • aiplatform.deploymentResourcePools.get
  • aiplatform.deploymentResourcePools.list
  • aiplatform.deploymentResourcePools.queryDeployedModels
  • aiplatform.deploymentResourcePools.update

aiplatform.edgeDeploymentJobs.*

  • aiplatform.edgeDeploymentJobs.create
  • aiplatform.edgeDeploymentJobs.delete
  • aiplatform.edgeDeploymentJobs.get
  • aiplatform.edgeDeploymentJobs.list

aiplatform.edgeDeviceDebugInfo.get

aiplatform.edgeDevices.*

  • aiplatform.edgeDevices.create
  • aiplatform.edgeDevices.delete
  • aiplatform.edgeDevices.get
  • aiplatform.edgeDevices.list
  • aiplatform.edgeDevices.update

aiplatform.endpoints.create

aiplatform.endpoints.delete

aiplatform.endpoints.deploy

aiplatform.endpoints.explain

aiplatform.endpoints.get

aiplatform.endpoints.list

aiplatform.endpoints.predict

aiplatform.endpoints.undeploy

aiplatform.endpoints.update

aiplatform.entityTypes.create

aiplatform.entityTypes.delete

aiplatform.entityTypes.deleteFeatureValues

aiplatform.entityTypes.exportFeatureValues

aiplatform.entityTypes.get

aiplatform.entityTypes.importFeatureValues

aiplatform.entityTypes.list

aiplatform.entityTypes.readFeatureValues

aiplatform.entityTypes.streamingReadFeatureValues

aiplatform.entityTypes.update

aiplatform.entityTypes.writeFeatureValues

aiplatform.executions.*

  • aiplatform.executions.addExecutionEvents
  • aiplatform.executions.create
  • aiplatform.executions.delete
  • aiplatform.executions.get
  • aiplatform.executions.list
  • aiplatform.executions.queryExecutionInputsAndOutputs
  • aiplatform.executions.update

aiplatform.extensions.*

  • aiplatform.extensions.delete
  • aiplatform.extensions.execute
  • aiplatform.extensions.get
  • aiplatform.extensions.import
  • aiplatform.extensions.list
  • aiplatform.extensions.update

aiplatform.featureGroups.*

  • aiplatform.featureGroups.create
  • aiplatform.featureGroups.delete
  • aiplatform.featureGroups.get
  • aiplatform.featureGroups.list
  • aiplatform.featureGroups.update

aiplatform.featureOnlineStores.*

  • aiplatform.featureOnlineStores.create
  • aiplatform.featureOnlineStores.delete
  • aiplatform.featureOnlineStores.get
  • aiplatform.featureOnlineStores.list
  • aiplatform.featureOnlineStores.update

aiplatform.featureViewSyncs.*

  • aiplatform.featureViewSyncs.get
  • aiplatform.featureViewSyncs.list

aiplatform.featureViews.*

  • aiplatform.featureViews.create
  • aiplatform.featureViews.delete
  • aiplatform.featureViews.fetchFeatureValues
  • aiplatform.featureViews.get
  • aiplatform.featureViews.list
  • aiplatform.featureViews.searchNearestEntities
  • aiplatform.featureViews.sync
  • aiplatform.featureViews.update

aiplatform.features.*

  • aiplatform.features.create
  • aiplatform.features.delete
  • aiplatform.features.get
  • aiplatform.features.list
  • aiplatform.features.update

aiplatform.featurestores.batchReadFeatureValues

aiplatform.featurestores.create

aiplatform.featurestores.delete

aiplatform.featurestores.exportFeatures

aiplatform.featurestores.get

aiplatform.featurestores.importFeatures

aiplatform.featurestores.list

aiplatform.featurestores.readFeatures

aiplatform.featurestores.update

aiplatform.featurestores.writeFeatures

aiplatform.humanInTheLoops.*

  • aiplatform.humanInTheLoops.cancel
  • aiplatform.humanInTheLoops.create
  • aiplatform.humanInTheLoops.delete
  • aiplatform.humanInTheLoops.get
  • aiplatform.humanInTheLoops.list
  • aiplatform.humanInTheLoops.queryAnnotationStats
  • aiplatform.humanInTheLoops.send
  • aiplatform.humanInTheLoops.update

aiplatform.hyperparameterTuningJobs.*

  • aiplatform.hyperparameterTuningJobs.cancel
  • aiplatform.hyperparameterTuningJobs.create
  • aiplatform.hyperparameterTuningJobs.delete
  • aiplatform.hyperparameterTuningJobs.get
  • aiplatform.hyperparameterTuningJobs.list

aiplatform.indexEndpoints.*

  • aiplatform.indexEndpoints.create
  • aiplatform.indexEndpoints.delete
  • aiplatform.indexEndpoints.deploy
  • aiplatform.indexEndpoints.get
  • aiplatform.indexEndpoints.list
  • aiplatform.indexEndpoints.queryVectors
  • aiplatform.indexEndpoints.undeploy
  • aiplatform.indexEndpoints.update

aiplatform.indexes.*

  • aiplatform.indexes.create
  • aiplatform.indexes.delete
  • aiplatform.indexes.get
  • aiplatform.indexes.list
  • aiplatform.indexes.update

aiplatform.locations.*

  • aiplatform.locations.get
  • aiplatform.locations.list

aiplatform.metadataSchemas.*

  • aiplatform.metadataSchemas.create
  • aiplatform.metadataSchemas.delete
  • aiplatform.metadataSchemas.get
  • aiplatform.metadataSchemas.list

aiplatform.metadataStores.*

  • aiplatform.metadataStores.create
  • aiplatform.metadataStores.delete
  • aiplatform.metadataStores.get
  • aiplatform.metadataStores.list

aiplatform.modelDeploymentMonitoringJobs.*

  • aiplatform.modelDeploymentMonitoringJobs.create
  • aiplatform.modelDeploymentMonitoringJobs.delete
  • aiplatform.modelDeploymentMonitoringJobs.get
  • aiplatform.modelDeploymentMonitoringJobs.list
  • aiplatform.modelDeploymentMonitoringJobs.pause
  • aiplatform.modelDeploymentMonitoringJobs.resume
  • aiplatform.modelDeploymentMonitoringJobs.searchStatsAnomalies
  • aiplatform.modelDeploymentMonitoringJobs.update

aiplatform.modelEvaluationSlices.*

  • aiplatform.modelEvaluationSlices.get
  • aiplatform.modelEvaluationSlices.import
  • aiplatform.modelEvaluationSlices.list

aiplatform.modelEvaluations.*

  • aiplatform.modelEvaluations.exportEvaluatedDataItems
  • aiplatform.modelEvaluations.get
  • aiplatform.modelEvaluations.import
  • aiplatform.modelEvaluations.list

aiplatform.models.*

  • aiplatform.models.delete
  • aiplatform.models.export
  • aiplatform.models.get
  • aiplatform.models.list
  • aiplatform.models.update
  • aiplatform.models.upload

aiplatform.nasJobs.*

  • aiplatform.nasJobs.cancel
  • aiplatform.nasJobs.create
  • aiplatform.nasJobs.delete
  • aiplatform.nasJobs.get
  • aiplatform.nasJobs.list

aiplatform.nasTrialDetails.*

  • aiplatform.nasTrialDetails.get
  • aiplatform.nasTrialDetails.list

aiplatform.notebookRuntimeTemplates.apply

aiplatform.notebookRuntimeTemplates.create

aiplatform.notebookRuntimeTemplates.delete

aiplatform.notebookRuntimeTemplates.get

aiplatform.notebookRuntimeTemplates.list

aiplatform.notebookRuntimeTemplates.update

aiplatform.notebookRuntimes.*

  • aiplatform.notebookRuntimes.assign
  • aiplatform.notebookRuntimes.delete
  • aiplatform.notebookRuntimes.get
  • aiplatform.notebookRuntimes.list
  • aiplatform.notebookRuntimes.start
  • aiplatform.notebookRuntimes.update
  • aiplatform.notebookRuntimes.upgrade

aiplatform.operations.list

aiplatform.persistentResources.get

aiplatform.persistentResources.list

aiplatform.pipelineJobs.*

  • aiplatform.pipelineJobs.cancel
  • aiplatform.pipelineJobs.create
  • aiplatform.pipelineJobs.delete
  • aiplatform.pipelineJobs.get
  • aiplatform.pipelineJobs.list

aiplatform.schedules.*

  • aiplatform.schedules.create
  • aiplatform.schedules.delete
  • aiplatform.schedules.get
  • aiplatform.schedules.list
  • aiplatform.schedules.update

aiplatform.specialistPools.*

  • aiplatform.specialistPools.create
  • aiplatform.specialistPools.delete
  • aiplatform.specialistPools.get
  • aiplatform.specialistPools.list
  • aiplatform.specialistPools.update

aiplatform.studies.*

  • aiplatform.studies.create
  • aiplatform.studies.delete
  • aiplatform.studies.get
  • aiplatform.studies.list
  • aiplatform.studies.update

aiplatform.tensorboardExperiments.*

  • aiplatform.tensorboardExperiments.create
  • aiplatform.tensorboardExperiments.delete
  • aiplatform.tensorboardExperiments.get
  • aiplatform.tensorboardExperiments.list
  • aiplatform.tensorboardExperiments.update
  • aiplatform.tensorboardExperiments.write

aiplatform.tensorboardRuns.*

  • aiplatform.tensorboardRuns.batchCreate
  • aiplatform.tensorboardRuns.create
  • aiplatform.tensorboardRuns.delete
  • aiplatform.tensorboardRuns.get
  • aiplatform.tensorboardRuns.list
  • aiplatform.tensorboardRuns.update
  • aiplatform.tensorboardRuns.write

aiplatform.tensorboardTimeSeries.*

  • aiplatform.tensorboardTimeSeries.batchCreate
  • aiplatform.tensorboardTimeSeries.batchRead
  • aiplatform.tensorboardTimeSeries.create
  • aiplatform.tensorboardTimeSeries.delete
  • aiplatform.tensorboardTimeSeries.get
  • aiplatform.tensorboardTimeSeries.list
  • aiplatform.tensorboardTimeSeries.read
  • aiplatform.tensorboardTimeSeries.update

aiplatform.tensorboards.create

aiplatform.tensorboards.delete

aiplatform.tensorboards.get

aiplatform.tensorboards.list

aiplatform.tensorboards.update

aiplatform.trainingPipelines.*

  • aiplatform.trainingPipelines.cancel
  • aiplatform.trainingPipelines.create
  • aiplatform.trainingPipelines.delete
  • aiplatform.trainingPipelines.get
  • aiplatform.trainingPipelines.list

aiplatform.trials.*

  • aiplatform.trials.create
  • aiplatform.trials.delete
  • aiplatform.trials.get
  • aiplatform.trials.list
  • aiplatform.trials.update

artifactregistry.repositories.downloadArtifacts

artifactregistry.repositories.get

artifactregistry.repositories.list

artifactregistry.tags.get

artifactregistry.versions.get

bigquery.datasets.create

bigquery.datasets.get

bigquery.jobs.create

bigquery.jobs.get

bigquery.readsessions.create

bigquery.readsessions.getData

bigquery.tables.create

bigquery.tables.export

bigquery.tables.get

bigquery.tables.getData

bigquery.tables.update

bigquery.tables.updateData

iam.serviceAccounts.get

iam.serviceAccounts.getAccessToken

iam.serviceAccounts.getOpenIdToken

iam.serviceAccounts.implicitDelegation

iam.serviceAccounts.list

iam.serviceAccounts.signBlob

iam.serviceAccounts.signJwt

logging.logEntries.create

logging.logEntries.route

monitoring.metricDescriptors.create

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

  • monitoring.monitoredResourceDescriptors.get
  • monitoring.monitoredResourceDescriptors.list

monitoring.timeSeries.create

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.services.use

storage.buckets.create

storage.buckets.delete

storage.buckets.get

storage.buckets.list

storage.objects.create

storage.objects.delete

storage.objects.get

storage.objects.list

storage.objects.update

roles/notebooks.serviceAgent

ノートブックのサービス エージェントでユーザー プロジェクトのノートブック インスタンスを管理するためのアクセス権を付与します。

aiplatform.customJobs.cancel

aiplatform.customJobs.create

aiplatform.customJobs.get

aiplatform.customJobs.list

compute.acceleratorTypes.*

  • compute.acceleratorTypes.get
  • compute.acceleratorTypes.list

compute.addresses.createInternal

compute.addresses.deleteInternal

compute.addresses.get

compute.addresses.list

compute.addresses.use

compute.addresses.useInternal

compute.autoscalers.*

  • compute.autoscalers.create
  • compute.autoscalers.delete
  • compute.autoscalers.get
  • compute.autoscalers.list
  • compute.autoscalers.update

compute.backendBuckets.get

compute.backendBuckets.getIamPolicy

compute.backendBuckets.list

compute.backendBuckets.listEffectiveTags

compute.backendBuckets.listTagBindings

compute.backendServices.get

compute.backendServices.getIamPolicy

compute.backendServices.list

compute.backendServices.listEffectiveTags

compute.backendServices.listTagBindings

compute.commitments.get

compute.commitments.list

compute.diskTypes.*

  • compute.diskTypes.get
  • compute.diskTypes.list

compute.disks.*

  • compute.disks.addResourcePolicies
  • compute.disks.create
  • compute.disks.createSnapshot
  • compute.disks.createTagBinding
  • compute.disks.delete
  • compute.disks.deleteTagBinding
  • compute.disks.get
  • compute.disks.getIamPolicy
  • compute.disks.list
  • compute.disks.listEffectiveTags
  • compute.disks.listTagBindings
  • compute.disks.removeResourcePolicies
  • compute.disks.resize
  • compute.disks.setIamPolicy
  • compute.disks.setLabels
  • compute.disks.startAsyncReplication
  • compute.disks.stopAsyncReplication
  • compute.disks.stopGroupAsyncReplication
  • compute.disks.update
  • compute.disks.use
  • compute.disks.useReadOnly

compute.externalVpnGateways.get

compute.externalVpnGateways.list

compute.firewallPolicies.get

compute.firewallPolicies.getIamPolicy

compute.firewallPolicies.list

compute.firewallPolicies.listEffectiveTags

compute.firewallPolicies.listTagBindings

compute.firewalls.get

compute.firewalls.list

compute.firewalls.listEffectiveTags

compute.firewalls.listTagBindings

compute.forwardingRules.get

compute.forwardingRules.list

compute.forwardingRules.listEffectiveTags

compute.forwardingRules.listTagBindings

compute.futureReservations.get

compute.futureReservations.getIamPolicy

compute.futureReservations.list

compute.globalAddresses.get

compute.globalAddresses.list

compute.globalAddresses.use

compute.globalForwardingRules.get

compute.globalForwardingRules.list

compute.globalForwardingRules.listEffectiveTags

compute.globalForwardingRules.listTagBindings

compute.globalForwardingRules.pscGet

compute.globalNetworkEndpointGroups.*

  • compute.globalNetworkEndpointGroups.attachNetworkEndpoints
  • compute.globalNetworkEndpointGroups.create
  • compute.globalNetworkEndpointGroups.createTagBinding
  • compute.globalNetworkEndpointGroups.delete
  • compute.globalNetworkEndpointGroups.deleteTagBinding
  • compute.globalNetworkEndpointGroups.detachNetworkEndpoints
  • compute.globalNetworkEndpointGroups.get
  • compute.globalNetworkEndpointGroups.list
  • compute.globalNetworkEndpointGroups.listEffectiveTags
  • compute.globalNetworkEndpointGroups.listTagBindings
  • compute.globalNetworkEndpointGroups.use

compute.globalOperations.get

compute.globalOperations.getIamPolicy

compute.globalOperations.list

compute.globalPublicDelegatedPrefixes.get

compute.globalPublicDelegatedPrefixes.list

compute.healthChecks.get

compute.healthChecks.list

compute.healthChecks.listEffectiveTags

compute.healthChecks.listTagBindings

compute.httpHealthChecks.get

compute.httpHealthChecks.list

compute.httpHealthChecks.listEffectiveTags

compute.httpHealthChecks.listTagBindings

compute.httpsHealthChecks.get

compute.httpsHealthChecks.list

compute.httpsHealthChecks.listEffectiveTags

compute.httpsHealthChecks.listTagBindings

compute.images.*

  • compute.images.create
  • compute.images.createTagBinding
  • compute.images.delete
  • compute.images.deleteTagBinding
  • compute.images.deprecate
  • compute.images.get
  • compute.images.getFromFamily
  • compute.images.getIamPolicy
  • compute.images.list
  • compute.images.listEffectiveTags
  • compute.images.listTagBindings
  • compute.images.setIamPolicy
  • compute.images.setLabels
  • compute.images.update
  • compute.images.useReadOnly

compute.instanceGroupManagers.*

  • compute.instanceGroupManagers.create
  • compute.instanceGroupManagers.createTagBinding
  • compute.instanceGroupManagers.delete
  • compute.instanceGroupManagers.deleteTagBinding
  • compute.instanceGroupManagers.get
  • compute.instanceGroupManagers.list
  • compute.instanceGroupManagers.listEffectiveTags
  • compute.instanceGroupManagers.listTagBindings
  • compute.instanceGroupManagers.update
  • compute.instanceGroupManagers.use

compute.instanceGroups.*

  • compute.instanceGroups.create
  • compute.instanceGroups.delete
  • compute.instanceGroups.get
  • compute.instanceGroups.list
  • compute.instanceGroups.update
  • compute.instanceGroups.use

compute.instanceSettings.*

  • compute.instanceSettings.get
  • compute.instanceSettings.update

compute.instanceTemplates.*

  • compute.instanceTemplates.create
  • compute.instanceTemplates.delete
  • compute.instanceTemplates.get
  • compute.instanceTemplates.getIamPolicy
  • compute.instanceTemplates.list
  • compute.instanceTemplates.setIamPolicy
  • compute.instanceTemplates.useReadOnly

compute.instances.*

  • compute.instances.addAccessConfig
  • compute.instances.addMaintenancePolicies
  • compute.instances.addResourcePolicies
  • compute.instances.attachDisk
  • compute.instances.create
  • compute.instances.createTagBinding
  • compute.instances.delete
  • compute.instances.deleteAccessConfig
  • compute.instances.deleteTagBinding
  • compute.instances.detachDisk
  • compute.instances.get
  • compute.instances.getEffectiveFirewalls
  • compute.instances.getGuestAttributes
  • compute.instances.getIamPolicy
  • compute.instances.getScreenshot
  • compute.instances.getSerialPortOutput
  • compute.instances.getShieldedInstanceIdentity
  • compute.instances.getShieldedVmIdentity
  • compute.instances.list
  • compute.instances.listEffectiveTags
  • compute.instances.listReferrers
  • compute.instances.listTagBindings
  • compute.instances.osAdminLogin
  • compute.instances.osLogin
  • compute.instances.pscInterfaceCreate
  • compute.instances.removeMaintenancePolicies
  • compute.instances.removeResourcePolicies
  • compute.instances.reset
  • compute.instances.resume
  • compute.instances.sendDiagnosticInterrupt
  • compute.instances.setDeletionProtection
  • compute.instances.setDiskAutoDelete
  • compute.instances.setIamPolicy
  • compute.instances.setLabels
  • compute.instances.setMachineResources
  • compute.instances.setMachineType
  • compute.instances.setMetadata
  • compute.instances.setMinCpuPlatform
  • compute.instances.setName
  • compute.instances.setScheduling
  • compute.instances.setSecurityPolicy
  • compute.instances.setServiceAccount
  • compute.instances.setShieldedInstanceIntegrityPolicy
  • compute.instances.setShieldedVmIntegrityPolicy
  • compute.instances.setTags
  • compute.instances.simulateMaintenanceEvent
  • compute.instances.start
  • compute.instances.startWithEncryptionKey
  • compute.instances.stop
  • compute.instances.suspend
  • compute.instances.update
  • compute.instances.updateAccessConfig
  • compute.instances.updateDisplayDevice
  • compute.instances.updateNetworkInterface
  • compute.instances.updateSecurity
  • compute.instances.updateShieldedInstanceConfig
  • compute.instances.updateShieldedVmConfig
  • compute.instances.use
  • compute.instances.useReadOnly

compute.instantSnapshots.*

  • compute.instantSnapshots.create
  • compute.instantSnapshots.delete
  • compute.instantSnapshots.export
  • compute.instantSnapshots.get
  • compute.instantSnapshots.getIamPolicy
  • compute.instantSnapshots.list
  • compute.instantSnapshots.setIamPolicy
  • compute.instantSnapshots.setLabels
  • compute.instantSnapshots.useReadOnly

compute.interconnectAttachments.get

compute.interconnectAttachments.list

compute.interconnectLocations.*

  • compute.interconnectLocations.get
  • compute.interconnectLocations.list

compute.interconnectRemoteLocations.*

  • compute.interconnectRemoteLocations.get
  • compute.interconnectRemoteLocations.list

compute.interconnects.get

compute.interconnects.list

compute.licenseCodes.*

  • compute.licenseCodes.get
  • compute.licenseCodes.getIamPolicy
  • compute.licenseCodes.list
  • compute.licenseCodes.setIamPolicy
  • compute.licenseCodes.update
  • compute.licenseCodes.use

compute.licenses.*

  • compute.licenses.create
  • compute.licenses.delete
  • compute.licenses.get
  • compute.licenses.getIamPolicy
  • compute.licenses.list
  • compute.licenses.setIamPolicy

compute.machineImages.*

  • compute.machineImages.create
  • compute.machineImages.delete
  • compute.machineImages.get
  • compute.machineImages.getIamPolicy
  • compute.machineImages.list
  • compute.machineImages.setIamPolicy
  • compute.machineImages.useReadOnly

compute.machineTypes.*

  • compute.machineTypes.get
  • compute.machineTypes.list

compute.maintenancePolicies.get

compute.maintenancePolicies.getIamPolicy

compute.maintenancePolicies.list

compute.networkAttachments.get

compute.networkAttachments.getIamPolicy

compute.networkAttachments.list

compute.networkEdgeSecurityServices.get

compute.networkEdgeSecurityServices.list

compute.networkEndpointGroups.*

  • compute.networkEndpointGroups.attachNetworkEndpoints
  • compute.networkEndpointGroups.create
  • compute.networkEndpointGroups.createTagBinding
  • compute.networkEndpointGroups.delete
  • compute.networkEndpointGroups.deleteTagBinding
  • compute.networkEndpointGroups.detachNetworkEndpoints
  • compute.networkEndpointGroups.get
  • compute.networkEndpointGroups.getIamPolicy
  • compute.networkEndpointGroups.list
  • compute.networkEndpointGroups.listEffectiveTags
  • compute.networkEndpointGroups.listTagBindings
  • compute.networkEndpointGroups.setIamPolicy
  • compute.networkEndpointGroups.use

compute.networks.get

compute.networks.getEffectiveFirewalls

compute.networks.getRegionEffectiveFirewalls

compute.networks.list

compute.networks.listEffectiveTags

compute.networks.listPeeringRoutes

compute.networks.listTagBindings

compute.networks.use

compute.networks.useExternalIp

compute.nodeGroups.get

compute.nodeGroups.getIamPolicy

compute.nodeGroups.list

compute.nodeTemplates.get

compute.nodeTemplates.getIamPolicy

compute.nodeTemplates.list

compute.nodeTypes.*

  • compute.nodeTypes.get
  • compute.nodeTypes.list

compute.organizations.listAssociations

compute.packetMirrorings.get

compute.packetMirrorings.list

compute.projects.get

compute.projects.setCommonInstanceMetadata

compute.publicAdvertisedPrefixes.get

compute.publicAdvertisedPrefixes.list

compute.publicDelegatedPrefixes.get

compute.publicDelegatedPrefixes.list

compute.regionBackendServices.get

compute.regionBackendServices.getIamPolicy

compute.regionBackendServices.list

compute.regionBackendServices.listEffectiveTags

compute.regionBackendServices.listTagBindings

compute.regionFirewallPolicies.get

compute.regionFirewallPolicies.getIamPolicy

compute.regionFirewallPolicies.list

compute.regionFirewallPolicies.listEffectiveTags

compute.regionFirewallPolicies.listTagBindings

compute.regionHealthCheckServices.get

compute.regionHealthCheckServices.list

compute.regionHealthChecks.get

compute.regionHealthChecks.list

compute.regionHealthChecks.listEffectiveTags

compute.regionHealthChecks.listTagBindings

compute.regionNetworkEndpointGroups.*

  • compute.regionNetworkEndpointGroups.attachNetworkEndpoints
  • compute.regionNetworkEndpointGroups.create
  • compute.regionNetworkEndpointGroups.createTagBinding
  • compute.regionNetworkEndpointGroups.delete
  • compute.regionNetworkEndpointGroups.deleteTagBinding
  • compute.regionNetworkEndpointGroups.detachNetworkEndpoints
  • compute.regionNetworkEndpointGroups.get
  • compute.regionNetworkEndpointGroups.list
  • compute.regionNetworkEndpointGroups.listEffectiveTags
  • compute.regionNetworkEndpointGroups.listTagBindings
  • compute.regionNetworkEndpointGroups.use

compute.regionNotificationEndpoints.get

compute.regionNotificationEndpoints.list

compute.regionOperations.get

compute.regionOperations.getIamPolicy

compute.regionOperations.list

compute.regionSecurityPolicies.get

compute.regionSecurityPolicies.list

compute.regionSecurityPolicies.listEffectiveTags

compute.regionSecurityPolicies.listTagBindings

compute.regionSslCertificates.get

compute.regionSslCertificates.list

compute.regionSslCertificates.listEffectiveTags

compute.regionSslCertificates.listTagBindings

compute.regionSslPolicies.get

compute.regionSslPolicies.list

compute.regionSslPolicies.listAvailableFeatures

compute.regionTargetHttpProxies.get

compute.regionTargetHttpProxies.list

compute.regionTargetHttpProxies.listEffectiveTags

compute.regionTargetHttpProxies.listTagBindings

compute.regionTargetHttpsProxies.get

compute.regionTargetHttpsProxies.list

compute.regionTargetHttpsProxies.listEffectiveTags

compute.regionTargetHttpsProxies.listTagBindings

compute.regionTargetTcpProxies.get

compute.regionTargetTcpProxies.list

compute.regionUrlMaps.get

compute.regionUrlMaps.list

compute.regionUrlMaps.listEffectiveTags

compute.regionUrlMaps.listTagBindings

compute.regionUrlMaps.validate

compute.regions.*

  • compute.regions.get
  • compute.regions.list

compute.reservations.get

compute.reservations.list

compute.resourcePolicies.*

  • compute.resourcePolicies.create
  • compute.resourcePolicies.delete
  • compute.resourcePolicies.get
  • compute.resourcePolicies.getIamPolicy
  • compute.resourcePolicies.list
  • compute.resourcePolicies.setIamPolicy
  • compute.resourcePolicies.update
  • compute.resourcePolicies.use
  • compute.resourcePolicies.useReadOnly

compute.routers.get

compute.routers.getRoutePolicy

compute.routers.list

compute.routers.listBgpRoutes

compute.routers.listRoutePolicies

compute.routes.get

compute.routes.list

compute.routes.listEffectiveTags

compute.routes.listTagBindings

compute.securityPolicies.get

compute.securityPolicies.getIamPolicy

compute.securityPolicies.list

compute.securityPolicies.listEffectiveTags

compute.securityPolicies.listTagBindings

compute.serviceAttachments.get

compute.serviceAttachments.getIamPolicy

compute.serviceAttachments.list

compute.snapshotSettings.get

compute.snapshots.*

  • compute.snapshots.create
  • compute.snapshots.createTagBinding
  • compute.snapshots.delete
  • compute.snapshots.deleteTagBinding
  • compute.snapshots.get
  • compute.snapshots.getIamPolicy
  • compute.snapshots.list
  • compute.snapshots.listEffectiveTags
  • compute.snapshots.listTagBindings
  • compute.snapshots.setIamPolicy
  • compute.snapshots.setLabels
  • compute.snapshots.useReadOnly

compute.sslCertificates.get

compute.sslCertificates.list

compute.sslCertificates.listEffectiveTags

compute.sslCertificates.listTagBindings

compute.sslPolicies.get

compute.sslPolicies.list

compute.sslPolicies.listAvailableFeatures

compute.sslPolicies.listEffectiveTags

compute.sslPolicies.listTagBindings

compute.storagePools.get

compute.storagePools.getIamPolicy

compute.storagePools.list

compute.storagePools.use

compute.subnetworks.get

compute.subnetworks.getIamPolicy

compute.subnetworks.list

compute.subnetworks.listEffectiveTags

compute.subnetworks.listTagBindings

compute.subnetworks.use

compute.subnetworks.useExternalIp

compute.targetGrpcProxies.get

compute.targetGrpcProxies.list

compute.targetHttpProxies.get

compute.targetHttpProxies.list

compute.targetHttpProxies.listEffectiveTags

compute.targetHttpProxies.listTagBindings

compute.targetHttpsProxies.get

compute.targetHttpsProxies.list

compute.targetHttpsProxies.listEffectiveTags

compute.targetHttpsProxies.listTagBindings

compute.targetInstances.get

compute.targetInstances.list

compute.targetInstances.listEffectiveTags

compute.targetInstances.listTagBindings

compute.targetPools.get

compute.targetPools.list

compute.targetPools.listEffectiveTags

compute.targetPools.listTagBindings

compute.targetSslProxies.get

compute.targetSslProxies.list

compute.targetSslProxies.listEffectiveTags

compute.targetSslProxies.listTagBindings

compute.targetTcpProxies.get

compute.targetTcpProxies.list

compute.targetTcpProxies.listEffectiveTags

compute.targetTcpProxies.listTagBindings

compute.targetVpnGateways.get

compute.targetVpnGateways.list

compute.urlMaps.get

compute.urlMaps.list

compute.urlMaps.listEffectiveTags

compute.urlMaps.listTagBindings

compute.urlMaps.validate

compute.vpnGateways.get

compute.vpnGateways.list

compute.vpnTunnels.get

compute.vpnTunnels.list

compute.zoneOperations.get

compute.zoneOperations.getIamPolicy

compute.zoneOperations.list

compute.zones.*

  • compute.zones.get
  • compute.zones.list

dataproc.clusters.get

dataproc.clusters.use

dataproc.jobs.cancel

dataproc.jobs.create

dataproc.jobs.delete

dataproc.jobs.get

dataproc.jobs.list

dataproc.jobs.update

iam.serviceAccounts.actAs

iam.serviceAccounts.get

iam.serviceAccounts.getAccessToken

iam.serviceAccounts.list

ml.jobs.create

ml.jobs.get

ml.jobs.list

notebooks.*

  • notebooks.environments.create
  • notebooks.environments.delete
  • notebooks.environments.get
  • notebooks.environments.getIamPolicy
  • notebooks.environments.list
  • notebooks.environments.setIamPolicy
  • notebooks.executions.create
  • notebooks.executions.delete
  • notebooks.executions.get
  • notebooks.executions.getIamPolicy
  • notebooks.executions.list
  • notebooks.executions.setIamPolicy
  • notebooks.instances.checkUpgradability
  • notebooks.instances.create
  • notebooks.instances.delete
  • notebooks.instances.diagnose
  • notebooks.instances.get
  • notebooks.instances.getHealth
  • notebooks.instances.getIamPolicy
  • notebooks.instances.list
  • notebooks.instances.reset
  • notebooks.instances.setAccelerator
  • notebooks.instances.setIamPolicy
  • notebooks.instances.setLabels
  • notebooks.instances.setMachineType
  • notebooks.instances.start
  • notebooks.instances.stop
  • notebooks.instances.update
  • notebooks.instances.updateConfig
  • notebooks.instances.updateShieldInstanceConfig
  • notebooks.instances.upgrade
  • notebooks.instances.use
  • notebooks.locations.get
  • notebooks.locations.list
  • notebooks.operations.cancel
  • notebooks.operations.delete
  • notebooks.operations.get
  • notebooks.operations.list
  • notebooks.runtimes.create
  • notebooks.runtimes.delete
  • notebooks.runtimes.diagnose
  • notebooks.runtimes.get
  • notebooks.runtimes.getIamPolicy
  • notebooks.runtimes.list
  • notebooks.runtimes.reset
  • notebooks.runtimes.setIamPolicy
  • notebooks.runtimes.start
  • notebooks.runtimes.stop
  • notebooks.runtimes.switch
  • notebooks.runtimes.update
  • notebooks.runtimes.upgrade
  • notebooks.schedules.create
  • notebooks.schedules.delete
  • notebooks.schedules.get
  • notebooks.schedules.getIamPolicy
  • notebooks.schedules.list
  • notebooks.schedules.setIamPolicy

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Vertex AI サービス エージェントに他のリソースへのアクセス権を付与する

場合によっては、Vertex AI サービス エージェントに追加のロールを付与する必要があります。たとえば、Vertex AI が別のプロジェクトの Cloud Storage バケットにアクセスする必要がある場合は、サービス エージェントに 1 つ以上の追加のロールを付与する必要があります。

BigQuery のロールの追加要件

次の表に、BigQuery で別のプロジェクトのテーブルまたはビュー、あるいは外部データソースを使用するテーブルやビューを使用する場合に、Vertex AI サービス エージェントに追加する必要があるロールについて説明します。

ホーム プロジェクトとは、Vertex AI のデータセットまたはモデルが配置されているプロジェクトを指します。外部プロジェクトは、別のプロジェクトを指します。

テーブルタイプ テーブル プロジェクト データソース プロジェクト 追加が必要なロール
ネイティブの BigQuery テーブル ホーム プロジェクト なし なし
ネイティブの BigQuery テーブル 別のプロジェクト なし BigQuery Data Viewer(別のプロジェクト)。詳細
BigQuery ビュー ホーム プロジェクト なし なし
BigQuery ビュー 別のプロジェクト なし BigQuery Data Viewer(別のプロジェクト)。詳細
Bigtable でサポートされる外部 BigQuery データソース ホーム プロジェクト ホーム プロジェクト ホーム プロジェクトの Bigtable Reader詳細
Bigtable でサポートされる外部 BigQuery データソース ホーム プロジェクト 別のプロジェクト Bigtable Reader(別のプロジェクト)。詳細
Bigtable でサポートされる外部 BigQuery データソース 別のプロジェクト 別のプロジェクト 別のプロジェクトの BigQuery ReaderBigtable Reader詳細
Cloud Storage でサポートされる外部 BigQuery データソース ホーム プロジェクト ホーム プロジェクト なし
Cloud Storage でサポートされる外部 BigQuery データソース ホーム プロジェクト 別のプロジェクト Storage Object Viewer(別のプロジェクト)。詳細
Cloud Storage でサポートされる外部 BigQuery データソース 別のプロジェクト 別のプロジェクト 別のプロジェクトの Storage Object ViewerBigQuery Data Viewer詳細
Google スプレッドシートでサポートされる外部 BigQuery データソース ホーム プロジェクト なし スプレッドシート ファイルを Vertex AI のサービス アカウントと共有します。詳細
Google スプレッドシートでサポートされる外部 BigQuery データソース 別のプロジェクト なし 別のプロジェクトの BigQuery Readerスプレッドシート ファイルを Vertex AI サービス アカウントと共有します

Cloud Storage のロールの追加要件

別のプロジェクトの Cloud Storage バケットのデータにアクセスする場合は、そのプロジェクトの Vertex AI に Storage > Storage Object Viewer ロールを付与する必要があります。詳細

Cloud Storage バケットを使用してインポート オペレーションのためにローカル コンピュータからデータを受信し、バケットが Google Cloud プロジェクトとは異なるプロジェクトにある場合は、そのプロジェクトの Vertex AI に Storage > Storage Object Creator ロールを付与する必要があります。詳細

ホーム プロジェクトのリソースに Vertex AI へのアクセス権を付与する

ホーム プロジェクトの Vertex AI のサービス エージェントに追加のロールを付与するには:

  1. ホーム プロジェクトの Google Cloud コンソールの IAM ページに移動します。

    [IAM] ページに移動

  2. [Google 提供のロール付与を含みます] チェックボックスをオンにします。

  3. 権限を付与するサービス エージェントを選択し、 鉛筆アイコンをクリックします。

    Principal:@gcp-sa-aiplatform-cc.iam.gserviceaccount.com でフィルタして、Vertex AI サービス エージェントを検索できます。

  4. サービス アカウントに必要なロールを付与し、変更を保存します。

別のプロジェクトのリソースに Vertex AI へのアクセス権を付与する

別のプロジェクトのデータソースや宛先を使用する場合は、Vertex AI サービス アカウントにそのプロジェクトの権限を付与する必要があります。Vertex AI サービス アカウントは、最初の非同期ジョブ(エンドポイントの作成など)の開始後に作成されます。また、こちらの手順を行い、gcloud CLI を使用して Vertex AI サービス アカウントを明示的に作成することもできます。この gcloud コマンドは、デフォルトのサービス アカウントとカスタムコードのサービス アカウントの両方を作成しますが、レスポンスではデフォルトのサービス アカウントのみが返されます。

別のプロジェクトの Vertex AI に権限を追加するには:

  1. Google Cloud コンソールで、ホーム プロジェクト(Vertex AI を使用しているプロジェクト)の [IAM] ページに移動します。

    [IAM] ページに移動

  2. [Google 提供のロール付与を含みます] チェックボックスをオンにします。

  3. 権限を付与するサービス エージェントを決定し、そのメールアドレス([プリンシパル] の下にリストされている)をコピーします。

    Principal:@gcp-sa-aiplatform-cc.iam.gserviceaccount.com でフィルタして、Vertex AI サービス エージェントを検索できます。

  4. プロジェクトを、権限を付与する必要があるプロジェクトに変更します。

  5. [追加] をクリックし、[新しいプリンシパル] にメールアドレスを入力します。

  6. 必要なロールをすべて追加し、[保存] をクリックします。

Google スプレッドシートへのアクセスを提供する

Google スプレッドシートでサポートされる BigQuery 外部データソースを使用する場合は、スプレッドシートを Vertex AI サービス アカウントと共有する必要があります。Vertex AI サービス アカウントは、最初の非同期ジョブ(エンドポイントの作成など)の開始後に作成されます。また、こちらの手順を行い、gcloud CLI を使用して Vertex AI サービス アカウントを明示的に作成することもできます。

Vertex AI にスプレッドシート ファイルへのアクセスを許可するには:

  1. Google Cloud コンソールの IAM ページに移動します。

    [IAM] ページに移動

  2. Vertex AI Service Agent という名前のサービス アカウントを見つけて、そのメールアドレス([プリンシパル] の下にリストされている)をコピーします。

  3. スプレッドシート ファイルを開いてそのアドレスと共有します。

次のステップ