使用 IAM 进行 Vertex AI 访问权限控制

本页面介绍如何使用 Identity and Access Management (IAM) 管理对 Vertex AI 资源的访问。如需管理对 Vertex AI Workbench 实例的访问权限,请参阅 Vertex AI Workbench 实例访问权限控制

概览

Vertex AI 使用 IAM 来管理对资源的访问。在规划资源的访问权限控制时,请考虑以下事项:

  • 您可以在项目级层或资源级层管理访问权限。 项目级访问权限适用于该项目中的所有资源。对特定资源的访问权限仅适用于该资源。 请参阅项目级访问权限与资源级访问权限

  • 您可以通过向主账号分配 IAM 角色来授予访问权限。预定义角色可让您更轻松地设置访问权限,但我们建议使用自定义角色,因为您可以创建这些角色,以便将其访问权限限制为仅包含所需的权限。 请参阅 IAM 角色

IAM 角色

您可以在 Vertex AI 中使用不同类型的 IAM 角色:

  • 自定义角色让您可以基于一组特定权限创建具有这些权限的专属角色,然后将该角色授予组织中的用户。

  • 预定义角色允许您在项目级向 Vertex AI 资源授予一组相关权限。

  • 基本角色(Owner、Editor 和 Viewer)提供项目级层的 Vertex AI 资源的访问权限控制,并且适用于所有 Google Cloud 服务。

如需在 Vertex AI 项目中添加、更新或移除这些角色,请参阅有关授予、更改和撤消访问权限的文档。

自定义角色

自定义角色让您可以基于一组特定权限创建具有这些权限的专属角色,然后将该角色授予组织中的用户。如需了解详情,请参阅了解 IAM 自定义角色

使用自定义角色授予最小权限

预定义角色通常包含超出您所需的权限。您可以创建自定义角色,以便仅向您的主账号授予所需的特定权限。

例如,您可以创建具有 aiplatform.endpoints.predict 权限的自定义角色,然后将该角色分配给端点上的服务账号。这会授予服务账号调用端点以进行预测的权限,但不会授予控制端点的权限。

Vertex AI 的预定义角色

Role Permissions

(roles/aiplatform.admin)

Grants full access to all resources in Vertex AI

aiplatform.*

  • aiplatform.agentExamples.create
  • aiplatform.agentExamples.delete
  • aiplatform.agentExamples.get
  • aiplatform.agentExamples.list
  • aiplatform.agentExamples.update
  • aiplatform.agents.create
  • aiplatform.agents.delete
  • aiplatform.agents.get
  • aiplatform.agents.list
  • aiplatform.agents.update
  • aiplatform.annotationSpecs.create
  • aiplatform.annotationSpecs.delete
  • aiplatform.annotationSpecs.get
  • aiplatform.annotationSpecs.list
  • aiplatform.annotationSpecs.update
  • aiplatform.annotations.create
  • aiplatform.annotations.delete
  • aiplatform.annotations.get
  • aiplatform.annotations.list
  • aiplatform.annotations.update
  • aiplatform.apps.create
  • aiplatform.apps.delete
  • aiplatform.apps.get
  • aiplatform.apps.list
  • aiplatform.apps.update
  • aiplatform.artifacts.create
  • aiplatform.artifacts.delete
  • aiplatform.artifacts.get
  • aiplatform.artifacts.list
  • aiplatform.artifacts.update
  • aiplatform.batchPredictionJobs.cancel
  • aiplatform.batchPredictionJobs.create
  • aiplatform.batchPredictionJobs.delete
  • aiplatform.batchPredictionJobs.get
  • aiplatform.batchPredictionJobs.list
  • aiplatform.cacheConfigs.get
  • aiplatform.cacheConfigs.update
  • aiplatform.cachedContents.create
  • aiplatform.cachedContents.delete
  • aiplatform.cachedContents.get
  • aiplatform.cachedContents.list
  • aiplatform.cachedContents.update
  • aiplatform.consents.get
  • aiplatform.consents.update
  • aiplatform.contexts.addContextArtifactsAndExecutions
  • aiplatform.contexts.addContextChildren
  • aiplatform.contexts.create
  • aiplatform.contexts.delete
  • aiplatform.contexts.get
  • aiplatform.contexts.list
  • aiplatform.contexts.queryContextLineageSubgraph
  • aiplatform.contexts.update
  • aiplatform.customJobs.cancel
  • aiplatform.customJobs.create
  • aiplatform.customJobs.delete
  • aiplatform.customJobs.get
  • aiplatform.customJobs.list
  • aiplatform.dataItems.create
  • aiplatform.dataItems.delete
  • aiplatform.dataItems.get
  • aiplatform.dataItems.list
  • aiplatform.dataItems.update
  • aiplatform.dataLabelingJobs.cancel
  • aiplatform.dataLabelingJobs.create
  • aiplatform.dataLabelingJobs.delete
  • aiplatform.dataLabelingJobs.get
  • aiplatform.dataLabelingJobs.list
  • aiplatform.datasetVersions.create
  • aiplatform.datasetVersions.delete
  • aiplatform.datasetVersions.get
  • aiplatform.datasetVersions.list
  • aiplatform.datasetVersions.restore
  • aiplatform.datasets.create
  • aiplatform.datasets.delete
  • aiplatform.datasets.export
  • aiplatform.datasets.get
  • aiplatform.datasets.import
  • aiplatform.datasets.list
  • aiplatform.datasets.update
  • aiplatform.deploymentResourcePools.create
  • aiplatform.deploymentResourcePools.delete
  • aiplatform.deploymentResourcePools.get
  • aiplatform.deploymentResourcePools.list
  • aiplatform.deploymentResourcePools.queryDeployedModels
  • aiplatform.deploymentResourcePools.update
  • aiplatform.edgeDeploymentJobs.create
  • aiplatform.edgeDeploymentJobs.delete
  • aiplatform.edgeDeploymentJobs.get
  • aiplatform.edgeDeploymentJobs.list
  • aiplatform.edgeDeviceDebugInfo.get
  • aiplatform.edgeDevices.create
  • aiplatform.edgeDevices.delete
  • aiplatform.edgeDevices.get
  • aiplatform.edgeDevices.list
  • aiplatform.edgeDevices.update
  • aiplatform.endpoints.create
  • aiplatform.endpoints.delete
  • aiplatform.endpoints.deploy
  • aiplatform.endpoints.explain
  • aiplatform.endpoints.get
  • aiplatform.endpoints.getIamPolicy
  • aiplatform.endpoints.list
  • aiplatform.endpoints.predict
  • aiplatform.endpoints.setIamPolicy
  • aiplatform.endpoints.undeploy
  • aiplatform.endpoints.update
  • aiplatform.entityTypes.create
  • aiplatform.entityTypes.delete
  • aiplatform.entityTypes.deleteFeatureValues
  • aiplatform.entityTypes.exportFeatureValues
  • aiplatform.entityTypes.get
  • aiplatform.entityTypes.getIamPolicy
  • aiplatform.entityTypes.importFeatureValues
  • aiplatform.entityTypes.list
  • aiplatform.entityTypes.readFeatureValues
  • aiplatform.entityTypes.setIamPolicy
  • aiplatform.entityTypes.streamingReadFeatureValues
  • aiplatform.entityTypes.update
  • aiplatform.entityTypes.writeFeatureValues
  • aiplatform.executions.addExecutionEvents
  • aiplatform.executions.create
  • aiplatform.executions.delete
  • aiplatform.executions.get
  • aiplatform.executions.list
  • aiplatform.executions.queryExecutionInputsAndOutputs
  • aiplatform.executions.update
  • aiplatform.extensions.delete
  • aiplatform.extensions.execute
  • aiplatform.extensions.get
  • aiplatform.extensions.import
  • aiplatform.extensions.list
  • aiplatform.extensions.update
  • aiplatform.featureGroups.create
  • aiplatform.featureGroups.delete
  • aiplatform.featureGroups.get
  • aiplatform.featureGroups.list
  • aiplatform.featureGroups.update
  • aiplatform.featureOnlineStores.create
  • aiplatform.featureOnlineStores.delete
  • aiplatform.featureOnlineStores.get
  • aiplatform.featureOnlineStores.getIamPolicy
  • aiplatform.featureOnlineStores.list
  • aiplatform.featureOnlineStores.setIamPolicy
  • aiplatform.featureOnlineStores.update
  • aiplatform.featureViewSyncs.get
  • aiplatform.featureViewSyncs.list
  • aiplatform.featureViews.create
  • aiplatform.featureViews.delete
  • aiplatform.featureViews.fetchFeatureValues
  • aiplatform.featureViews.get
  • aiplatform.featureViews.getIamPolicy
  • aiplatform.featureViews.list
  • aiplatform.featureViews.searchNearestEntities
  • aiplatform.featureViews.setIamPolicy
  • aiplatform.featureViews.sync
  • aiplatform.featureViews.update
  • aiplatform.features.create
  • aiplatform.features.delete
  • aiplatform.features.get
  • aiplatform.features.list
  • aiplatform.features.update
  • aiplatform.featurestores.batchReadFeatureValues
  • aiplatform.featurestores.create
  • aiplatform.featurestores.delete
  • aiplatform.featurestores.exportFeatures
  • aiplatform.featurestores.get
  • aiplatform.featurestores.getIamPolicy
  • aiplatform.featurestores.importFeatures
  • aiplatform.featurestores.list
  • aiplatform.featurestores.readFeatures
  • aiplatform.featurestores.setIamPolicy
  • aiplatform.featurestores.update
  • aiplatform.featurestores.writeFeatures
  • aiplatform.humanInTheLoops.cancel
  • aiplatform.humanInTheLoops.create
  • aiplatform.humanInTheLoops.delete
  • aiplatform.humanInTheLoops.get
  • aiplatform.humanInTheLoops.list
  • aiplatform.humanInTheLoops.queryAnnotationStats
  • aiplatform.humanInTheLoops.send
  • aiplatform.humanInTheLoops.update
  • aiplatform.hyperparameterTuningJobs.cancel
  • aiplatform.hyperparameterTuningJobs.create
  • aiplatform.hyperparameterTuningJobs.delete
  • aiplatform.hyperparameterTuningJobs.get
  • aiplatform.hyperparameterTuningJobs.list
  • aiplatform.indexEndpoints.create
  • aiplatform.indexEndpoints.delete
  • aiplatform.indexEndpoints.deploy
  • aiplatform.indexEndpoints.get
  • aiplatform.indexEndpoints.list
  • aiplatform.indexEndpoints.queryVectors
  • aiplatform.indexEndpoints.undeploy
  • aiplatform.indexEndpoints.update
  • aiplatform.indexes.create
  • aiplatform.indexes.delete
  • aiplatform.indexes.get
  • aiplatform.indexes.list
  • aiplatform.indexes.update
  • aiplatform.locations.get
  • aiplatform.locations.list
  • aiplatform.metadataSchemas.create
  • aiplatform.metadataSchemas.delete
  • aiplatform.metadataSchemas.get
  • aiplatform.metadataSchemas.list
  • aiplatform.metadataStores.create
  • aiplatform.metadataStores.delete
  • aiplatform.metadataStores.get
  • aiplatform.metadataStores.list
  • aiplatform.migratableResources.migrate
  • aiplatform.migratableResources.search
  • aiplatform.modelDeploymentMonitoringJobs.create
  • aiplatform.modelDeploymentMonitoringJobs.delete
  • aiplatform.modelDeploymentMonitoringJobs.get
  • aiplatform.modelDeploymentMonitoringJobs.list
  • aiplatform.modelDeploymentMonitoringJobs.pause
  • aiplatform.modelDeploymentMonitoringJobs.resume
  • aiplatform.modelDeploymentMonitoringJobs.searchStatsAnomalies
  • aiplatform.modelDeploymentMonitoringJobs.update
  • aiplatform.modelEvaluationSlices.get
  • aiplatform.modelEvaluationSlices.import
  • aiplatform.modelEvaluationSlices.list
  • aiplatform.modelEvaluations.exportEvaluatedDataItems
  • aiplatform.modelEvaluations.get
  • aiplatform.modelEvaluations.import
  • aiplatform.modelEvaluations.list
  • aiplatform.modelMonitoringJobs.create
  • aiplatform.modelMonitoringJobs.delete
  • aiplatform.modelMonitoringJobs.get
  • aiplatform.modelMonitoringJobs.list
  • aiplatform.modelMonitors.create
  • aiplatform.modelMonitors.delete
  • aiplatform.modelMonitors.get
  • aiplatform.modelMonitors.list
  • aiplatform.modelMonitors.searchModelMonitoringAlerts
  • aiplatform.modelMonitors.searchModelMonitoringStats
  • aiplatform.modelMonitors.update
  • aiplatform.models.delete
  • aiplatform.models.export
  • aiplatform.models.get
  • aiplatform.models.list
  • aiplatform.models.update
  • aiplatform.models.upload
  • aiplatform.nasJobs.cancel
  • aiplatform.nasJobs.create
  • aiplatform.nasJobs.delete
  • aiplatform.nasJobs.get
  • aiplatform.nasJobs.list
  • aiplatform.nasTrialDetails.get
  • aiplatform.nasTrialDetails.list
  • aiplatform.notebookExecutionJobs.create
  • aiplatform.notebookExecutionJobs.delete
  • aiplatform.notebookExecutionJobs.get
  • aiplatform.notebookExecutionJobs.list
  • aiplatform.notebookRuntimeTemplates.apply
  • aiplatform.notebookRuntimeTemplates.create
  • aiplatform.notebookRuntimeTemplates.delete
  • aiplatform.notebookRuntimeTemplates.get
  • aiplatform.notebookRuntimeTemplates.getIamPolicy
  • aiplatform.notebookRuntimeTemplates.list
  • aiplatform.notebookRuntimeTemplates.setIamPolicy
  • aiplatform.notebookRuntimeTemplates.update
  • aiplatform.notebookRuntimes.assign
  • aiplatform.notebookRuntimes.delete
  • aiplatform.notebookRuntimes.get
  • aiplatform.notebookRuntimes.list
  • aiplatform.notebookRuntimes.start
  • aiplatform.notebookRuntimes.update
  • aiplatform.notebookRuntimes.upgrade
  • aiplatform.operations.list
  • aiplatform.persistentResources.create
  • aiplatform.persistentResources.delete
  • aiplatform.persistentResources.get
  • aiplatform.persistentResources.list
  • aiplatform.pipelineJobs.cancel
  • aiplatform.pipelineJobs.create
  • aiplatform.pipelineJobs.delete
  • aiplatform.pipelineJobs.get
  • aiplatform.pipelineJobs.list
  • aiplatform.reasoningEngines.create
  • aiplatform.reasoningEngines.delete
  • aiplatform.reasoningEngines.get
  • aiplatform.reasoningEngines.list
  • aiplatform.reasoningEngines.query
  • aiplatform.reasoningEngines.update
  • aiplatform.schedules.create
  • aiplatform.schedules.delete
  • aiplatform.schedules.get
  • aiplatform.schedules.list
  • aiplatform.schedules.update
  • aiplatform.sessions.get
  • aiplatform.sessions.list
  • aiplatform.sessions.run
  • aiplatform.specialistPools.create
  • aiplatform.specialistPools.delete
  • aiplatform.specialistPools.get
  • aiplatform.specialistPools.list
  • aiplatform.specialistPools.update
  • aiplatform.studies.create
  • aiplatform.studies.delete
  • aiplatform.studies.get
  • aiplatform.studies.list
  • aiplatform.studies.update
  • aiplatform.tensorboardExperiments.create
  • aiplatform.tensorboardExperiments.delete
  • aiplatform.tensorboardExperiments.get
  • aiplatform.tensorboardExperiments.list
  • aiplatform.tensorboardExperiments.update
  • aiplatform.tensorboardExperiments.write
  • aiplatform.tensorboardRuns.batchCreate
  • aiplatform.tensorboardRuns.create
  • aiplatform.tensorboardRuns.delete
  • aiplatform.tensorboardRuns.get
  • aiplatform.tensorboardRuns.list
  • aiplatform.tensorboardRuns.update
  • aiplatform.tensorboardRuns.write
  • aiplatform.tensorboardTimeSeries.batchCreate
  • aiplatform.tensorboardTimeSeries.batchRead
  • aiplatform.tensorboardTimeSeries.create
  • aiplatform.tensorboardTimeSeries.delete
  • aiplatform.tensorboardTimeSeries.get
  • aiplatform.tensorboardTimeSeries.list
  • aiplatform.tensorboardTimeSeries.read
  • aiplatform.tensorboardTimeSeries.update
  • aiplatform.tensorboards.create
  • aiplatform.tensorboards.delete
  • aiplatform.tensorboards.get
  • aiplatform.tensorboards.list
  • aiplatform.tensorboards.recordAccess
  • aiplatform.tensorboards.update
  • aiplatform.trainingPipelines.cancel
  • aiplatform.trainingPipelines.create
  • aiplatform.trainingPipelines.delete
  • aiplatform.trainingPipelines.get
  • aiplatform.trainingPipelines.list
  • aiplatform.trials.create
  • aiplatform.trials.delete
  • aiplatform.trials.get
  • aiplatform.trials.list
  • aiplatform.trials.update
  • aiplatform.tuningJobs.cancel
  • aiplatform.tuningJobs.create
  • aiplatform.tuningJobs.delete
  • aiplatform.tuningJobs.get
  • aiplatform.tuningJobs.list
  • aiplatform.tuningJobs.vertexTune

resourcemanager.projects.get

resourcemanager.projects.list

(roles/aiplatform.colabEnterpriseAdmin)

Admin role of using colab enterprise.

aiplatform.notebookExecutionJobs.*

  • aiplatform.notebookExecutionJobs.create
  • aiplatform.notebookExecutionJobs.delete
  • aiplatform.notebookExecutionJobs.get
  • aiplatform.notebookExecutionJobs.list

aiplatform.notebookRuntimeTemplates.*

  • aiplatform.notebookRuntimeTemplates.apply
  • aiplatform.notebookRuntimeTemplates.create
  • aiplatform.notebookRuntimeTemplates.delete
  • aiplatform.notebookRuntimeTemplates.get
  • aiplatform.notebookRuntimeTemplates.getIamPolicy
  • aiplatform.notebookRuntimeTemplates.list
  • aiplatform.notebookRuntimeTemplates.setIamPolicy
  • aiplatform.notebookRuntimeTemplates.update

aiplatform.notebookRuntimes.*

  • aiplatform.notebookRuntimes.assign
  • aiplatform.notebookRuntimes.delete
  • aiplatform.notebookRuntimes.get
  • aiplatform.notebookRuntimes.list
  • aiplatform.notebookRuntimes.start
  • aiplatform.notebookRuntimes.update
  • aiplatform.notebookRuntimes.upgrade

aiplatform.operations.list

aiplatform.pipelineJobs.create

aiplatform.schedules.*

  • aiplatform.schedules.create
  • aiplatform.schedules.delete
  • aiplatform.schedules.get
  • aiplatform.schedules.list
  • aiplatform.schedules.update

compute.reservations.get

compute.reservations.list

dataform.*

  • dataform.compilationResults.create
  • dataform.compilationResults.get
  • dataform.compilationResults.list
  • dataform.compilationResults.query
  • dataform.config.get
  • dataform.config.update
  • dataform.locations.get
  • dataform.locations.list
  • dataform.releaseConfigs.create
  • dataform.releaseConfigs.delete
  • dataform.releaseConfigs.get
  • dataform.releaseConfigs.list
  • dataform.releaseConfigs.update
  • dataform.repositories.commit
  • dataform.repositories.computeAccessTokenStatus
  • dataform.repositories.create
  • dataform.repositories.delete
  • dataform.repositories.fetchHistory
  • dataform.repositories.fetchRemoteBranches
  • dataform.repositories.get
  • dataform.repositories.getIamPolicy
  • dataform.repositories.list
  • dataform.repositories.queryDirectoryContents
  • dataform.repositories.readFile
  • dataform.repositories.setIamPolicy
  • dataform.repositories.update
  • dataform.workflowConfigs.create
  • dataform.workflowConfigs.delete
  • dataform.workflowConfigs.get
  • dataform.workflowConfigs.list
  • dataform.workflowConfigs.update
  • dataform.workflowInvocations.cancel
  • dataform.workflowInvocations.create
  • dataform.workflowInvocations.delete
  • dataform.workflowInvocations.get
  • dataform.workflowInvocations.list
  • dataform.workflowInvocations.query
  • dataform.workspaces.commit
  • dataform.workspaces.create
  • dataform.workspaces.delete
  • dataform.workspaces.fetchFileDiff
  • dataform.workspaces.fetchFileGitStatuses
  • dataform.workspaces.fetchGitAheadBehind
  • dataform.workspaces.get
  • dataform.workspaces.getIamPolicy
  • dataform.workspaces.installNpmPackages
  • dataform.workspaces.list
  • dataform.workspaces.makeDirectory
  • dataform.workspaces.moveDirectory
  • dataform.workspaces.moveFile
  • dataform.workspaces.pull
  • dataform.workspaces.push
  • dataform.workspaces.queryDirectoryContents
  • dataform.workspaces.readFile
  • dataform.workspaces.removeDirectory
  • dataform.workspaces.removeFile
  • dataform.workspaces.reset
  • dataform.workspaces.searchFiles
  • dataform.workspaces.setIamPolicy
  • dataform.workspaces.writeFile

resourcemanager.projects.get

resourcemanager.projects.list

(roles/aiplatform.colabEnterpriseUser)

User role of using colab enterprise.

aiplatform.notebookExecutionJobs.*

  • aiplatform.notebookExecutionJobs.create
  • aiplatform.notebookExecutionJobs.delete
  • aiplatform.notebookExecutionJobs.get
  • aiplatform.notebookExecutionJobs.list

aiplatform.notebookRuntimeTemplates.apply

aiplatform.notebookRuntimeTemplates.get

aiplatform.notebookRuntimeTemplates.getIamPolicy

aiplatform.notebookRuntimeTemplates.list

aiplatform.notebookRuntimes.assign

aiplatform.notebookRuntimes.get

aiplatform.notebookRuntimes.list

aiplatform.operations.list

aiplatform.pipelineJobs.create

aiplatform.schedules.*

  • aiplatform.schedules.create
  • aiplatform.schedules.delete
  • aiplatform.schedules.get
  • aiplatform.schedules.list
  • aiplatform.schedules.update

dataform.locations.*

  • dataform.locations.get
  • dataform.locations.list

dataform.repositories.create

dataform.repositories.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/aiplatform.entityTypeOwner)

Provides full access to all permissions for a particular entity type resource.

Lowest-level resources where you can grant this role:

  • Entity type

aiplatform.entityTypes.delete

aiplatform.entityTypes.deleteFeatureValues

aiplatform.entityTypes.exportFeatureValues

aiplatform.entityTypes.get

aiplatform.entityTypes.getIamPolicy

aiplatform.entityTypes.importFeatureValues

aiplatform.entityTypes.readFeatureValues

aiplatform.entityTypes.setIamPolicy

aiplatform.entityTypes.streamingReadFeatureValues

aiplatform.entityTypes.update

aiplatform.entityTypes.writeFeatureValues

aiplatform.featureGroups.get

aiplatform.featureGroups.list

aiplatform.featureOnlineStores.get

aiplatform.featureOnlineStores.list

aiplatform.featureViewSyncs.*

  • aiplatform.featureViewSyncs.get
  • aiplatform.featureViewSyncs.list

aiplatform.featureViews.fetchFeatureValues

aiplatform.featureViews.get

aiplatform.featureViews.list

aiplatform.featureViews.searchNearestEntities

aiplatform.features.*

  • aiplatform.features.create
  • aiplatform.features.delete
  • aiplatform.features.get
  • aiplatform.features.list
  • aiplatform.features.update

aiplatform.featurestores.batchReadFeatureValues

resourcemanager.projects.get

resourcemanager.projects.list

(roles/aiplatform.expressAdmin)

Grants admin access to Vertex AI Express

aiplatform.datasetVersions.*

  • aiplatform.datasetVersions.create
  • aiplatform.datasetVersions.delete
  • aiplatform.datasetVersions.get
  • aiplatform.datasetVersions.list
  • aiplatform.datasetVersions.restore

aiplatform.datasets.create

aiplatform.datasets.delete

aiplatform.datasets.get

aiplatform.datasets.list

aiplatform.datasets.update

aiplatform.endpoints.predict

(roles/aiplatform.expressUser)

Grants user access to Vertex AI Express

aiplatform.endpoints.predict

(roles/aiplatform.featurestoreAdmin)

Grants full access to all resources in Vertex AI Feature Store

Lowest-level resources where you can grant this role:

  • Entity type

aiplatform.entityTypes.*

  • aiplatform.entityTypes.create
  • aiplatform.entityTypes.delete
  • aiplatform.entityTypes.deleteFeatureValues
  • aiplatform.entityTypes.exportFeatureValues
  • aiplatform.entityTypes.get
  • aiplatform.entityTypes.getIamPolicy
  • aiplatform.entityTypes.importFeatureValues
  • aiplatform.entityTypes.list
  • aiplatform.entityTypes.readFeatureValues
  • aiplatform.entityTypes.setIamPolicy
  • aiplatform.entityTypes.streamingReadFeatureValues
  • aiplatform.entityTypes.update
  • aiplatform.entityTypes.writeFeatureValues

aiplatform.featureGroups.*

  • aiplatform.featureGroups.create
  • aiplatform.featureGroups.delete
  • aiplatform.featureGroups.get
  • aiplatform.featureGroups.list
  • aiplatform.featureGroups.update

aiplatform.featureOnlineStores.*

  • aiplatform.featureOnlineStores.create
  • aiplatform.featureOnlineStores.delete
  • aiplatform.featureOnlineStores.get
  • aiplatform.featureOnlineStores.getIamPolicy
  • aiplatform.featureOnlineStores.list
  • aiplatform.featureOnlineStores.setIamPolicy
  • aiplatform.featureOnlineStores.update

aiplatform.featureViewSyncs.*

  • aiplatform.featureViewSyncs.get
  • aiplatform.featureViewSyncs.list

aiplatform.featureViews.*

  • aiplatform.featureViews.create
  • aiplatform.featureViews.delete
  • aiplatform.featureViews.fetchFeatureValues
  • aiplatform.featureViews.get
  • aiplatform.featureViews.getIamPolicy
  • aiplatform.featureViews.list
  • aiplatform.featureViews.searchNearestEntities
  • aiplatform.featureViews.setIamPolicy
  • aiplatform.featureViews.sync
  • aiplatform.featureViews.update

aiplatform.features.*

  • aiplatform.features.create
  • aiplatform.features.delete
  • aiplatform.features.get
  • aiplatform.features.list
  • aiplatform.features.update

aiplatform.featurestores.*

  • aiplatform.featurestores.batchReadFeatureValues
  • aiplatform.featurestores.create
  • aiplatform.featurestores.delete
  • aiplatform.featurestores.exportFeatures
  • aiplatform.featurestores.get
  • aiplatform.featurestores.getIamPolicy
  • aiplatform.featurestores.importFeatures
  • aiplatform.featurestores.list
  • aiplatform.featurestores.readFeatures
  • aiplatform.featurestores.setIamPolicy
  • aiplatform.featurestores.update
  • aiplatform.featurestores.writeFeatures

aiplatform.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/aiplatform.featurestoreDataViewer)

This role provides permissions to read Feature data.

Lowest-level resources where you can grant this role:

  • Entity type

aiplatform.entityTypes.exportFeatureValues

aiplatform.entityTypes.get

aiplatform.entityTypes.readFeatureValues

aiplatform.entityTypes.streamingReadFeatureValues

aiplatform.featureGroups.get

aiplatform.featureGroups.list

aiplatform.featureOnlineStores.get

aiplatform.featureOnlineStores.list

aiplatform.featureViewSyncs.*

  • aiplatform.featureViewSyncs.get
  • aiplatform.featureViewSyncs.list

aiplatform.featureViews.fetchFeatureValues

aiplatform.featureViews.get

aiplatform.featureViews.list

aiplatform.featureViews.searchNearestEntities

aiplatform.features.get

aiplatform.features.list

aiplatform.featurestores.batchReadFeatureValues

resourcemanager.projects.get

resourcemanager.projects.list

(roles/aiplatform.featurestoreDataWriter)

This role provides permissions to read and write Feature data.

Lowest-level resources where you can grant this role:

  • Entity type

aiplatform.entityTypes.deleteFeatureValues

aiplatform.entityTypes.exportFeatureValues

aiplatform.entityTypes.get

aiplatform.entityTypes.importFeatureValues

aiplatform.entityTypes.readFeatureValues

aiplatform.entityTypes.streamingReadFeatureValues

aiplatform.entityTypes.writeFeatureValues

aiplatform.featureGroups.get

aiplatform.featureGroups.list

aiplatform.featureOnlineStores.get

aiplatform.featureOnlineStores.list

aiplatform.featureViewSyncs.*

  • aiplatform.featureViewSyncs.get
  • aiplatform.featureViewSyncs.list

aiplatform.featureViews.fetchFeatureValues

aiplatform.featureViews.get

aiplatform.featureViews.list

aiplatform.featureViews.searchNearestEntities

aiplatform.features.get

aiplatform.features.list

aiplatform.featurestores.batchReadFeatureValues

resourcemanager.projects.get

resourcemanager.projects.list

(roles/aiplatform.featurestoreInstanceCreator)

Administrator of Featurestore resources, but not the child resources under Featurestores.

Lowest-level resources where you can grant this role:

  • Featurestore

aiplatform.featurestores.create

aiplatform.featurestores.delete

aiplatform.featurestores.get

aiplatform.featurestores.list

aiplatform.featurestores.update

(roles/aiplatform.featurestoreResourceViewer)

Viewer of all resources in Vertex AI Feature Store but cannot make changes.

Lowest-level resources where you can grant this role:

  • Entity type

aiplatform.entityTypes.get

aiplatform.entityTypes.list

aiplatform.featureGroups.get

aiplatform.featureGroups.list

aiplatform.featureOnlineStores.get

aiplatform.featureOnlineStores.list

aiplatform.featureViewSyncs.*

  • aiplatform.featureViewSyncs.get
  • aiplatform.featureViewSyncs.list

aiplatform.featureViews.get

aiplatform.featureViews.list

aiplatform.features.get

aiplatform.features.list

aiplatform.featurestores.get

aiplatform.featurestores.list

aiplatform.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/aiplatform.featurestoreUser)

Deprecated. Use featurestoreAdmin instead.

aiplatform.entityTypes.*

  • aiplatform.entityTypes.create
  • aiplatform.entityTypes.delete
  • aiplatform.entityTypes.deleteFeatureValues
  • aiplatform.entityTypes.exportFeatureValues
  • aiplatform.entityTypes.get
  • aiplatform.entityTypes.getIamPolicy
  • aiplatform.entityTypes.importFeatureValues
  • aiplatform.entityTypes.list
  • aiplatform.entityTypes.readFeatureValues
  • aiplatform.entityTypes.setIamPolicy
  • aiplatform.entityTypes.streamingReadFeatureValues
  • aiplatform.entityTypes.update
  • aiplatform.entityTypes.writeFeatureValues

aiplatform.features.*

  • aiplatform.features.create
  • aiplatform.features.delete
  • aiplatform.features.get
  • aiplatform.features.list
  • aiplatform.features.update

aiplatform.featurestores.*

  • aiplatform.featurestores.batchReadFeatureValues
  • aiplatform.featurestores.create
  • aiplatform.featurestores.delete
  • aiplatform.featurestores.exportFeatures
  • aiplatform.featurestores.get
  • aiplatform.featurestores.getIamPolicy
  • aiplatform.featurestores.importFeatures
  • aiplatform.featurestores.list
  • aiplatform.featurestores.readFeatures
  • aiplatform.featurestores.setIamPolicy
  • aiplatform.featurestores.update
  • aiplatform.featurestores.writeFeatures

aiplatform.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/aiplatform.migrator)

Grants access to use migration service in Vertex AI

aiplatform.migratableResources.*

  • aiplatform.migratableResources.migrate
  • aiplatform.migratableResources.search

(roles/aiplatform.notebookExecutorUser)

Grants users full access to schedules and notebook execution jobs.

aiplatform.notebookExecutionJobs.*

  • aiplatform.notebookExecutionJobs.create
  • aiplatform.notebookExecutionJobs.delete
  • aiplatform.notebookExecutionJobs.get
  • aiplatform.notebookExecutionJobs.list

aiplatform.operations.list

aiplatform.pipelineJobs.create

aiplatform.schedules.*

  • aiplatform.schedules.create
  • aiplatform.schedules.delete
  • aiplatform.schedules.get
  • aiplatform.schedules.list
  • aiplatform.schedules.update

(roles/aiplatform.notebookRuntimeAdmin)

Grants full access to all runtime templates and runtimes in Notebook Service.

aiplatform.notebookRuntimeTemplates.*

  • aiplatform.notebookRuntimeTemplates.apply
  • aiplatform.notebookRuntimeTemplates.create
  • aiplatform.notebookRuntimeTemplates.delete
  • aiplatform.notebookRuntimeTemplates.get
  • aiplatform.notebookRuntimeTemplates.getIamPolicy
  • aiplatform.notebookRuntimeTemplates.list
  • aiplatform.notebookRuntimeTemplates.setIamPolicy
  • aiplatform.notebookRuntimeTemplates.update

aiplatform.notebookRuntimes.*

  • aiplatform.notebookRuntimes.assign
  • aiplatform.notebookRuntimes.delete
  • aiplatform.notebookRuntimes.get
  • aiplatform.notebookRuntimes.list
  • aiplatform.notebookRuntimes.start
  • aiplatform.notebookRuntimes.update
  • aiplatform.notebookRuntimes.upgrade

aiplatform.operations.list

compute.reservations.get

compute.reservations.list

(roles/aiplatform.notebookRuntimeUser)

Grants users permissions to create runtime resources using a runtime template and manage the runtime resources they created.

aiplatform.notebookRuntimeTemplates.apply

aiplatform.notebookRuntimeTemplates.get

aiplatform.notebookRuntimeTemplates.getIamPolicy

aiplatform.notebookRuntimeTemplates.list

aiplatform.notebookRuntimes.assign

aiplatform.notebookRuntimes.get

aiplatform.notebookRuntimes.list

aiplatform.operations.list

(roles/aiplatform.tensorboardWebAppUser)

Grants access to the Vertex AI TensorBoard web app.

aiplatform.tensorboards.recordAccess

(roles/aiplatform.user)

Grants access to use all resource in Vertex AI

aiplatform.agentExamples.*

  • aiplatform.agentExamples.create
  • aiplatform.agentExamples.delete
  • aiplatform.agentExamples.get
  • aiplatform.agentExamples.list
  • aiplatform.agentExamples.update

aiplatform.agents.*

  • aiplatform.agents.create
  • aiplatform.agents.delete
  • aiplatform.agents.get
  • aiplatform.agents.list
  • aiplatform.agents.update

aiplatform.annotationSpecs.*

  • aiplatform.annotationSpecs.create
  • aiplatform.annotationSpecs.delete
  • aiplatform.annotationSpecs.get
  • aiplatform.annotationSpecs.list
  • aiplatform.annotationSpecs.update

aiplatform.annotations.*

  • aiplatform.annotations.create
  • aiplatform.annotations.delete
  • aiplatform.annotations.get
  • aiplatform.annotations.list
  • aiplatform.annotations.update

aiplatform.apps.*

  • aiplatform.apps.create
  • aiplatform.apps.delete
  • aiplatform.apps.get
  • aiplatform.apps.list
  • aiplatform.apps.update

aiplatform.artifacts.*

  • aiplatform.artifacts.create
  • aiplatform.artifacts.delete
  • aiplatform.artifacts.get
  • aiplatform.artifacts.list
  • aiplatform.artifacts.update

aiplatform.batchPredictionJobs.*

  • aiplatform.batchPredictionJobs.cancel
  • aiplatform.batchPredictionJobs.create
  • aiplatform.batchPredictionJobs.delete
  • aiplatform.batchPredictionJobs.get
  • aiplatform.batchPredictionJobs.list

aiplatform.cacheConfigs.get

aiplatform.cachedContents.*

  • aiplatform.cachedContents.create
  • aiplatform.cachedContents.delete
  • aiplatform.cachedContents.get
  • aiplatform.cachedContents.list
  • aiplatform.cachedContents.update

aiplatform.consents.get

aiplatform.contexts.*

  • aiplatform.contexts.addContextArtifactsAndExecutions
  • aiplatform.contexts.addContextChildren
  • aiplatform.contexts.create
  • aiplatform.contexts.delete
  • aiplatform.contexts.get
  • aiplatform.contexts.list
  • aiplatform.contexts.queryContextLineageSubgraph
  • aiplatform.contexts.update

aiplatform.customJobs.*

  • aiplatform.customJobs.cancel
  • aiplatform.customJobs.create
  • aiplatform.customJobs.delete
  • aiplatform.customJobs.get
  • aiplatform.customJobs.list

aiplatform.dataItems.*

  • aiplatform.dataItems.create
  • aiplatform.dataItems.delete
  • aiplatform.dataItems.get
  • aiplatform.dataItems.list
  • aiplatform.dataItems.update

aiplatform.dataLabelingJobs.*

  • aiplatform.dataLabelingJobs.cancel
  • aiplatform.dataLabelingJobs.create
  • aiplatform.dataLabelingJobs.delete
  • aiplatform.dataLabelingJobs.get
  • aiplatform.dataLabelingJobs.list

aiplatform.datasetVersions.*

  • aiplatform.datasetVersions.create
  • aiplatform.datasetVersions.delete
  • aiplatform.datasetVersions.get
  • aiplatform.datasetVersions.list
  • aiplatform.datasetVersions.restore

aiplatform.datasets.*

  • aiplatform.datasets.create
  • aiplatform.datasets.delete
  • aiplatform.datasets.export
  • aiplatform.datasets.get
  • aiplatform.datasets.import
  • aiplatform.datasets.list
  • aiplatform.datasets.update

aiplatform.deploymentResourcePools.*

  • aiplatform.deploymentResourcePools.create
  • aiplatform.deploymentResourcePools.delete
  • aiplatform.deploymentResourcePools.get
  • aiplatform.deploymentResourcePools.list
  • aiplatform.deploymentResourcePools.queryDeployedModels
  • aiplatform.deploymentResourcePools.update

aiplatform.edgeDeploymentJobs.*

  • aiplatform.edgeDeploymentJobs.create
  • aiplatform.edgeDeploymentJobs.delete
  • aiplatform.edgeDeploymentJobs.get
  • aiplatform.edgeDeploymentJobs.list

aiplatform.edgeDeviceDebugInfo.get

aiplatform.edgeDevices.*

  • aiplatform.edgeDevices.create
  • aiplatform.edgeDevices.delete
  • aiplatform.edgeDevices.get
  • aiplatform.edgeDevices.list
  • aiplatform.edgeDevices.update

aiplatform.endpoints.create

aiplatform.endpoints.delete

aiplatform.endpoints.deploy

aiplatform.endpoints.explain

aiplatform.endpoints.get

aiplatform.endpoints.list

aiplatform.endpoints.predict

aiplatform.endpoints.undeploy

aiplatform.endpoints.update

aiplatform.entityTypes.create

aiplatform.entityTypes.delete

aiplatform.entityTypes.deleteFeatureValues

aiplatform.entityTypes.exportFeatureValues

aiplatform.entityTypes.get

aiplatform.entityTypes.importFeatureValues

aiplatform.entityTypes.list

aiplatform.entityTypes.readFeatureValues

aiplatform.entityTypes.streamingReadFeatureValues

aiplatform.entityTypes.update

aiplatform.entityTypes.writeFeatureValues

aiplatform.executions.*

  • aiplatform.executions.addExecutionEvents
  • aiplatform.executions.create
  • aiplatform.executions.delete
  • aiplatform.executions.get
  • aiplatform.executions.list
  • aiplatform.executions.queryExecutionInputsAndOutputs
  • aiplatform.executions.update

aiplatform.extensions.*

  • aiplatform.extensions.delete
  • aiplatform.extensions.execute
  • aiplatform.extensions.get
  • aiplatform.extensions.import
  • aiplatform.extensions.list
  • aiplatform.extensions.update

aiplatform.featureGroups.*

  • aiplatform.featureGroups.create
  • aiplatform.featureGroups.delete
  • aiplatform.featureGroups.get
  • aiplatform.featureGroups.list
  • aiplatform.featureGroups.update

aiplatform.featureOnlineStores.create

aiplatform.featureOnlineStores.delete

aiplatform.featureOnlineStores.get

aiplatform.featureOnlineStores.list

aiplatform.featureOnlineStores.update

aiplatform.featureViewSyncs.*

  • aiplatform.featureViewSyncs.get
  • aiplatform.featureViewSyncs.list

aiplatform.featureViews.create

aiplatform.featureViews.delete

aiplatform.featureViews.fetchFeatureValues

aiplatform.featureViews.get

aiplatform.featureViews.list

aiplatform.featureViews.searchNearestEntities

aiplatform.featureViews.sync

aiplatform.featureViews.update

aiplatform.features.*

  • aiplatform.features.create
  • aiplatform.features.delete
  • aiplatform.features.get
  • aiplatform.features.list
  • aiplatform.features.update

aiplatform.featurestores.batchReadFeatureValues

aiplatform.featurestores.create

aiplatform.featurestores.delete

aiplatform.featurestores.exportFeatures

aiplatform.featurestores.get

aiplatform.featurestores.importFeatures

aiplatform.featurestores.list

aiplatform.featurestores.readFeatures

aiplatform.featurestores.update

aiplatform.featurestores.writeFeatures

aiplatform.humanInTheLoops.*

  • aiplatform.humanInTheLoops.cancel
  • aiplatform.humanInTheLoops.create
  • aiplatform.humanInTheLoops.delete
  • aiplatform.humanInTheLoops.get
  • aiplatform.humanInTheLoops.list
  • aiplatform.humanInTheLoops.queryAnnotationStats
  • aiplatform.humanInTheLoops.send
  • aiplatform.humanInTheLoops.update

aiplatform.hyperparameterTuningJobs.*

  • aiplatform.hyperparameterTuningJobs.cancel
  • aiplatform.hyperparameterTuningJobs.create
  • aiplatform.hyperparameterTuningJobs.delete
  • aiplatform.hyperparameterTuningJobs.get
  • aiplatform.hyperparameterTuningJobs.list

aiplatform.indexEndpoints.*

  • aiplatform.indexEndpoints.create
  • aiplatform.indexEndpoints.delete
  • aiplatform.indexEndpoints.deploy
  • aiplatform.indexEndpoints.get
  • aiplatform.indexEndpoints.list
  • aiplatform.indexEndpoints.queryVectors
  • aiplatform.indexEndpoints.undeploy
  • aiplatform.indexEndpoints.update

aiplatform.indexes.*

  • aiplatform.indexes.create
  • aiplatform.indexes.delete
  • aiplatform.indexes.get
  • aiplatform.indexes.list
  • aiplatform.indexes.update

aiplatform.locations.*

  • aiplatform.locations.get
  • aiplatform.locations.list

aiplatform.metadataSchemas.*

  • aiplatform.metadataSchemas.create
  • aiplatform.metadataSchemas.delete
  • aiplatform.metadataSchemas.get
  • aiplatform.metadataSchemas.list

aiplatform.metadataStores.*

  • aiplatform.metadataStores.create
  • aiplatform.metadataStores.delete
  • aiplatform.metadataStores.get
  • aiplatform.metadataStores.list

aiplatform.modelDeploymentMonitoringJobs.*

  • aiplatform.modelDeploymentMonitoringJobs.create
  • aiplatform.modelDeploymentMonitoringJobs.delete
  • aiplatform.modelDeploymentMonitoringJobs.get
  • aiplatform.modelDeploymentMonitoringJobs.list
  • aiplatform.modelDeploymentMonitoringJobs.pause
  • aiplatform.modelDeploymentMonitoringJobs.resume
  • aiplatform.modelDeploymentMonitoringJobs.searchStatsAnomalies
  • aiplatform.modelDeploymentMonitoringJobs.update

aiplatform.modelEvaluationSlices.*

  • aiplatform.modelEvaluationSlices.get
  • aiplatform.modelEvaluationSlices.import
  • aiplatform.modelEvaluationSlices.list

aiplatform.modelEvaluations.*

  • aiplatform.modelEvaluations.exportEvaluatedDataItems
  • aiplatform.modelEvaluations.get
  • aiplatform.modelEvaluations.import
  • aiplatform.modelEvaluations.list

aiplatform.modelMonitoringJobs.*

  • aiplatform.modelMonitoringJobs.create
  • aiplatform.modelMonitoringJobs.delete
  • aiplatform.modelMonitoringJobs.get
  • aiplatform.modelMonitoringJobs.list

aiplatform.modelMonitors.*

  • aiplatform.modelMonitors.create
  • aiplatform.modelMonitors.delete
  • aiplatform.modelMonitors.get
  • aiplatform.modelMonitors.list
  • aiplatform.modelMonitors.searchModelMonitoringAlerts
  • aiplatform.modelMonitors.searchModelMonitoringStats
  • aiplatform.modelMonitors.update

aiplatform.models.*

  • aiplatform.models.delete
  • aiplatform.models.export
  • aiplatform.models.get
  • aiplatform.models.list
  • aiplatform.models.update
  • aiplatform.models.upload

aiplatform.nasJobs.*

  • aiplatform.nasJobs.cancel
  • aiplatform.nasJobs.create
  • aiplatform.nasJobs.delete
  • aiplatform.nasJobs.get
  • aiplatform.nasJobs.list

aiplatform.nasTrialDetails.*

  • aiplatform.nasTrialDetails.get
  • aiplatform.nasTrialDetails.list

aiplatform.notebookExecutionJobs.*

  • aiplatform.notebookExecutionJobs.create
  • aiplatform.notebookExecutionJobs.delete
  • aiplatform.notebookExecutionJobs.get
  • aiplatform.notebookExecutionJobs.list

aiplatform.notebookRuntimeTemplates.apply

aiplatform.notebookRuntimeTemplates.create

aiplatform.notebookRuntimeTemplates.delete

aiplatform.notebookRuntimeTemplates.get

aiplatform.notebookRuntimeTemplates.list

aiplatform.notebookRuntimeTemplates.update

aiplatform.notebookRuntimes.*

  • aiplatform.notebookRuntimes.assign
  • aiplatform.notebookRuntimes.delete
  • aiplatform.notebookRuntimes.get
  • aiplatform.notebookRuntimes.list
  • aiplatform.notebookRuntimes.start
  • aiplatform.notebookRuntimes.update
  • aiplatform.notebookRuntimes.upgrade

aiplatform.operations.list

aiplatform.persistentResources.get

aiplatform.persistentResources.list

aiplatform.pipelineJobs.*

  • aiplatform.pipelineJobs.cancel
  • aiplatform.pipelineJobs.create
  • aiplatform.pipelineJobs.delete
  • aiplatform.pipelineJobs.get
  • aiplatform.pipelineJobs.list

aiplatform.reasoningEngines.*

  • aiplatform.reasoningEngines.create
  • aiplatform.reasoningEngines.delete
  • aiplatform.reasoningEngines.get
  • aiplatform.reasoningEngines.list
  • aiplatform.reasoningEngines.query
  • aiplatform.reasoningEngines.update

aiplatform.schedules.*

  • aiplatform.schedules.create
  • aiplatform.schedules.delete
  • aiplatform.schedules.get
  • aiplatform.schedules.list
  • aiplatform.schedules.update

aiplatform.sessions.*

  • aiplatform.sessions.get
  • aiplatform.sessions.list
  • aiplatform.sessions.run

aiplatform.specialistPools.*

  • aiplatform.specialistPools.create
  • aiplatform.specialistPools.delete
  • aiplatform.specialistPools.get
  • aiplatform.specialistPools.list
  • aiplatform.specialistPools.update

aiplatform.studies.*

  • aiplatform.studies.create
  • aiplatform.studies.delete
  • aiplatform.studies.get
  • aiplatform.studies.list
  • aiplatform.studies.update

aiplatform.tensorboardExperiments.*

  • aiplatform.tensorboardExperiments.create
  • aiplatform.tensorboardExperiments.delete
  • aiplatform.tensorboardExperiments.get
  • aiplatform.tensorboardExperiments.list
  • aiplatform.tensorboardExperiments.update
  • aiplatform.tensorboardExperiments.write

aiplatform.tensorboardRuns.*

  • aiplatform.tensorboardRuns.batchCreate
  • aiplatform.tensorboardRuns.create
  • aiplatform.tensorboardRuns.delete
  • aiplatform.tensorboardRuns.get
  • aiplatform.tensorboardRuns.list
  • aiplatform.tensorboardRuns.update
  • aiplatform.tensorboardRuns.write

aiplatform.tensorboardTimeSeries.*

  • aiplatform.tensorboardTimeSeries.batchCreate
  • aiplatform.tensorboardTimeSeries.batchRead
  • aiplatform.tensorboardTimeSeries.create
  • aiplatform.tensorboardTimeSeries.delete
  • aiplatform.tensorboardTimeSeries.get
  • aiplatform.tensorboardTimeSeries.list
  • aiplatform.tensorboardTimeSeries.read
  • aiplatform.tensorboardTimeSeries.update

aiplatform.tensorboards.create

aiplatform.tensorboards.delete

aiplatform.tensorboards.get

aiplatform.tensorboards.list

aiplatform.tensorboards.update

aiplatform.trainingPipelines.*

  • aiplatform.trainingPipelines.cancel
  • aiplatform.trainingPipelines.create
  • aiplatform.trainingPipelines.delete
  • aiplatform.trainingPipelines.get
  • aiplatform.trainingPipelines.list

aiplatform.trials.*

  • aiplatform.trials.create
  • aiplatform.trials.delete
  • aiplatform.trials.get
  • aiplatform.trials.list
  • aiplatform.trials.update

aiplatform.tuningJobs.*

  • aiplatform.tuningJobs.cancel
  • aiplatform.tuningJobs.create
  • aiplatform.tuningJobs.delete
  • aiplatform.tuningJobs.get
  • aiplatform.tuningJobs.list
  • aiplatform.tuningJobs.vertexTune

resourcemanager.projects.get

resourcemanager.projects.list

(roles/aiplatform.viewer)

Grants access to view all resource in Vertex AI

aiplatform.agentExamples.get

aiplatform.agentExamples.list

aiplatform.agents.get

aiplatform.agents.list

aiplatform.annotationSpecs.get

aiplatform.annotationSpecs.list

aiplatform.annotations.get

aiplatform.annotations.list

aiplatform.apps.get

aiplatform.apps.list

aiplatform.artifacts.get

aiplatform.artifacts.list

aiplatform.batchPredictionJobs.get

aiplatform.batchPredictionJobs.list

aiplatform.cacheConfigs.get

aiplatform.cachedContents.get

aiplatform.cachedContents.list

aiplatform.consents.get

aiplatform.contexts.get

aiplatform.contexts.list

aiplatform.contexts.queryContextLineageSubgraph

aiplatform.customJobs.get

aiplatform.customJobs.list

aiplatform.dataItems.get

aiplatform.dataItems.list

aiplatform.dataLabelingJobs.get

aiplatform.dataLabelingJobs.list

aiplatform.datasetVersions.get

aiplatform.datasetVersions.list

aiplatform.datasets.get

aiplatform.datasets.list

aiplatform.deploymentResourcePools.get

aiplatform.deploymentResourcePools.list

aiplatform.deploymentResourcePools.queryDeployedModels

aiplatform.edgeDeploymentJobs.get

aiplatform.edgeDeploymentJobs.list

aiplatform.edgeDeviceDebugInfo.get

aiplatform.edgeDevices.get

aiplatform.edgeDevices.list

aiplatform.endpoints.get

aiplatform.endpoints.list

aiplatform.entityTypes.get

aiplatform.entityTypes.list

aiplatform.executions.get

aiplatform.executions.list

aiplatform.executions.queryExecutionInputsAndOutputs

aiplatform.extensions.get

aiplatform.extensions.list

aiplatform.featureGroups.get

aiplatform.featureGroups.list

aiplatform.featureOnlineStores.get

aiplatform.featureOnlineStores.list

aiplatform.featureViewSyncs.*

  • aiplatform.featureViewSyncs.get
  • aiplatform.featureViewSyncs.list

aiplatform.featureViews.fetchFeatureValues

aiplatform.featureViews.get

aiplatform.featureViews.list

aiplatform.featureViews.searchNearestEntities

aiplatform.features.get

aiplatform.features.list

aiplatform.featurestores.get

aiplatform.featurestores.list

aiplatform.humanInTheLoops.get

aiplatform.humanInTheLoops.list

aiplatform.hyperparameterTuningJobs.get

aiplatform.hyperparameterTuningJobs.list

aiplatform.indexEndpoints.get

aiplatform.indexEndpoints.list

aiplatform.indexEndpoints.queryVectors

aiplatform.indexes.get

aiplatform.indexes.list

aiplatform.locations.*

  • aiplatform.locations.get
  • aiplatform.locations.list

aiplatform.metadataSchemas.get

aiplatform.metadataSchemas.list

aiplatform.metadataStores.get

aiplatform.metadataStores.list

aiplatform.modelDeploymentMonitoringJobs.get

aiplatform.modelDeploymentMonitoringJobs.list

aiplatform.modelDeploymentMonitoringJobs.searchStatsAnomalies

aiplatform.modelEvaluationSlices.get

aiplatform.modelEvaluationSlices.list

aiplatform.modelEvaluations.get

aiplatform.modelEvaluations.list

aiplatform.modelMonitoringJobs.get

aiplatform.modelMonitoringJobs.list

aiplatform.modelMonitors.get

aiplatform.modelMonitors.list

aiplatform.modelMonitors.searchModelMonitoringAlerts

aiplatform.modelMonitors.searchModelMonitoringStats

aiplatform.models.get

aiplatform.models.list

aiplatform.nasJobs.get

aiplatform.nasJobs.list

aiplatform.nasTrialDetails.*

  • aiplatform.nasTrialDetails.get
  • aiplatform.nasTrialDetails.list

aiplatform.notebookExecutionJobs.get

aiplatform.notebookExecutionJobs.list

aiplatform.notebookRuntimeTemplates.get

aiplatform.notebookRuntimeTemplates.list

aiplatform.notebookRuntimes.get

aiplatform.notebookRuntimes.list

aiplatform.operations.list

aiplatform.persistentResources.get

aiplatform.persistentResources.list

aiplatform.pipelineJobs.get

aiplatform.pipelineJobs.list

aiplatform.reasoningEngines.get

aiplatform.reasoningEngines.list

aiplatform.reasoningEngines.query

aiplatform.schedules.get

aiplatform.schedules.list

aiplatform.sessions.get

aiplatform.sessions.list

aiplatform.specialistPools.get

aiplatform.specialistPools.list

aiplatform.specialistPools.update

aiplatform.studies.get

aiplatform.studies.list

aiplatform.tensorboardExperiments.get

aiplatform.tensorboardExperiments.list

aiplatform.tensorboardRuns.get

aiplatform.tensorboardRuns.list

aiplatform.tensorboardTimeSeries.batchRead

aiplatform.tensorboardTimeSeries.get

aiplatform.tensorboardTimeSeries.list

aiplatform.tensorboardTimeSeries.read

aiplatform.tensorboards.get

aiplatform.tensorboards.list

aiplatform.trainingPipelines.get

aiplatform.trainingPipelines.list

aiplatform.trials.get

aiplatform.trials.list

aiplatform.tuningJobs.get

aiplatform.tuningJobs.list

resourcemanager.projects.get

resourcemanager.projects.list

基本角色

旧版 Google Cloud 基本角色适用于所有 Google Cloud 服务。这些角色包括 Owner、Editor 和 Viewer。

项目级访问权限与资源级访问权限

您可以在项目级层或资源级层管理访问权限。您可能还可以管理文件夹级或组织级的访问权限。

对于大多数 Vertex AI 资源,访问权限只能通过项目、文件夹和组织进行控制。您可以仅针对特定资源类型(例如端点或特征存储区)授予对各个资源的访问权限。

用户对其可以访问的所有资源拥有共享控制权。例如,如果用户注册了一个模型,则项目中的所有其他授权用户都可以访问、更改和删除该模型。

如需在项目级层授予资源访问权限,请为主账号(用户、群组或服务账号)分配一个或多个角色

对于允许您在资源级授予访问权限的 Vertex AI 资源,您需要对该资源设置 IAM 政策。政策定义了将哪些角色分配给哪些主账号。

在资源级层设置政策不会影响项目级政策。资源会继承其祖先的所有政策。您可以使用这两个粒度级别来自定义权限。例如,您可以在项目级层授予用户读取权限,以便他们可以读取项目中的所有资源,然后在资源级层授予用户各个资源的写入权限。

并非所有 Vertex AI 预定义角色和资源都支持资源级政策。如需了解哪些角色可用于哪些资源,请参阅预定义角色表

支持的资源

Vertex AI 支持 Vertex AI Feature Store 特征存储区和实体类型资源。如需了解详情,请参阅控制对 Vertex AI Feature Store 资源的访问权限

授予或撤消对资源的访问权限后,这些更改需要一段时间才能传播。如需了解详情,请参阅访问权限更改传播

资源、服务账号和服务代理

Vertex AI 服务通常会管理执行操作的长时间运行资源,例如运行读取训练数据的训练作业,或提供读取模型权重的机器学习 (ML) 模型。执行操作时,此类独立资源具有自己的资源身份。此身份与创建资源的主账号的身份不同。授予资源身份的权限定义了资源身份可以访问哪些数据和其他资源,而不是创建资源的正文的权限。

默认情况下,Vertex AI 资源使用由 Vertex AI 管理的服务账号作为资源身份。这些服务账号称为 Vertex AI 服务代理,并会关联到创建资源的项目。具有特定 Vertex AI 权限的用户可以创建使用 Vertex AI 服务代理的资源。对于某些服务,您可以指定要关联到资源的服务账号。该资源使用此服务账号访问其他资源和服务。如需详细了解服务账号,请参阅服务账号

Vertex AI 会根据所调用的 API 使用不同的服务代理。每个服务代理对其关联的项目都有特定的 IAM 权限。资源身份使用这些权限执行操作,这些权限可能包括对项目中所有 Cloud Storage 资源和 BigQuery 数据的只读访问权限。

服务账号

服务账号是由应用或虚拟机 (VM) 实例(而非单个用户)使用的特殊账号。您可以创建服务账号并向服务账号分配权限,以便为资源或应用提供特定权限。

如需了解如何使用服务账号自定义自定义训练容器可用的权限,或为自定义训练模型提供在线预测的容器,可参阅使用账号

服务账号由电子邮件地址标识。

服务代理

服务代理由系统自动提供;它们会代表您允许服务来访问资源。

创建服务代理后,系统会为服务代理授予项目的预定义角色。下表列出了 Vertex AI 服务代理、他们的电子邮件地址和各自的角色:

名称 用于: 电子邮件地址 角色
Vertex AI Service Agent Vertex AI 功能 service-PROJECT_NUMBER@gcp-sa-aiplatform.iam.gserviceaccount.com roles/aiplatform.serviceAgent
Vertex AI Custom Code Service Agent

自定义训练代码

Ray on Vertex AI 应用代码

 service-PROJECT_NUMBER@gcp-sa-aiplatform-cc.iam.gserviceaccount.com roles/aiplatform.customCodeServiceAgent
Vertex AI Extension Service Agent Vertex 扩展程序 service-PROJECT_NUMBER@gcp-sa-vertex-ex.iam.gserviceaccount.com roles/aiplatform.extensionServiceAgent
Cloud AI Platform Notebooks Service Account Vertex AI Workbench 功能 service-PROJECT_NUMBER@gcp-sa-notebooks.iam.gserviceaccount.com roles/notebooks.serviceAgent

只有在您运行自定义训练代码来训练自定义训练模型时,系统才会创建 Vertex AI Custom Code Service Agent。

服务代理角色和权限

查看向 Vertex AI 服务代理授予的以下角色和权限。

角色 权限

(roles/aiplatform.serviceAgent)

授予 Vertex AI 正常工作所需的权限。

aiplatform.agentExamples.*

  • aiplatform.agentExamples.create
  • aiplatform.agentExamples.delete
  • aiplatform.agentExamples.get
  • aiplatform.agentExamples.list
  • aiplatform.agentExamples.update

aiplatform.agents.*

  • aiplatform.agents.create
  • aiplatform.agents.delete
  • aiplatform.agents.get
  • aiplatform.agents.list
  • aiplatform.agents.update

aiplatform.annotationSpecs.*

  • aiplatform.annotationSpecs.create
  • aiplatform.annotationSpecs.delete
  • aiplatform.annotationSpecs.get
  • aiplatform.annotationSpecs.list
  • aiplatform.annotationSpecs.update

aiplatform.annotations.*

  • aiplatform.annotations.create
  • aiplatform.annotations.delete
  • aiplatform.annotations.get
  • aiplatform.annotations.list
  • aiplatform.annotations.update

aiplatform.apps.*

  • aiplatform.apps.create
  • aiplatform.apps.delete
  • aiplatform.apps.get
  • aiplatform.apps.list
  • aiplatform.apps.update

aiplatform.artifacts.*

  • aiplatform.artifacts.create
  • aiplatform.artifacts.delete
  • aiplatform.artifacts.get
  • aiplatform.artifacts.list
  • aiplatform.artifacts.update

aiplatform.batchPredictionJobs.*

  • aiplatform.batchPredictionJobs.cancel
  • aiplatform.batchPredictionJobs.create
  • aiplatform.batchPredictionJobs.delete
  • aiplatform.batchPredictionJobs.get
  • aiplatform.batchPredictionJobs.list

aiplatform.cacheConfigs.get

aiplatform.cachedContents.*

  • aiplatform.cachedContents.create
  • aiplatform.cachedContents.delete
  • aiplatform.cachedContents.get
  • aiplatform.cachedContents.list
  • aiplatform.cachedContents.update

aiplatform.consents.get

aiplatform.contexts.*

  • aiplatform.contexts.addContextArtifactsAndExecutions
  • aiplatform.contexts.addContextChildren
  • aiplatform.contexts.create
  • aiplatform.contexts.delete
  • aiplatform.contexts.get
  • aiplatform.contexts.list
  • aiplatform.contexts.queryContextLineageSubgraph
  • aiplatform.contexts.update

aiplatform.customJobs.*

  • aiplatform.customJobs.cancel
  • aiplatform.customJobs.create
  • aiplatform.customJobs.delete
  • aiplatform.customJobs.get
  • aiplatform.customJobs.list

aiplatform.dataItems.*

  • aiplatform.dataItems.create
  • aiplatform.dataItems.delete
  • aiplatform.dataItems.get
  • aiplatform.dataItems.list
  • aiplatform.dataItems.update

aiplatform.dataLabelingJobs.*

  • aiplatform.dataLabelingJobs.cancel
  • aiplatform.dataLabelingJobs.create
  • aiplatform.dataLabelingJobs.delete
  • aiplatform.dataLabelingJobs.get
  • aiplatform.dataLabelingJobs.list

aiplatform.datasetVersions.*

  • aiplatform.datasetVersions.create
  • aiplatform.datasetVersions.delete
  • aiplatform.datasetVersions.get
  • aiplatform.datasetVersions.list
  • aiplatform.datasetVersions.restore

aiplatform.datasets.*

  • aiplatform.datasets.create
  • aiplatform.datasets.delete
  • aiplatform.datasets.export
  • aiplatform.datasets.get
  • aiplatform.datasets.import
  • aiplatform.datasets.list
  • aiplatform.datasets.update

aiplatform.deploymentResourcePools.*

  • aiplatform.deploymentResourcePools.create
  • aiplatform.deploymentResourcePools.delete
  • aiplatform.deploymentResourcePools.get
  • aiplatform.deploymentResourcePools.list
  • aiplatform.deploymentResourcePools.queryDeployedModels
  • aiplatform.deploymentResourcePools.update

aiplatform.edgeDeploymentJobs.*

  • aiplatform.edgeDeploymentJobs.create
  • aiplatform.edgeDeploymentJobs.delete
  • aiplatform.edgeDeploymentJobs.get
  • aiplatform.edgeDeploymentJobs.list

aiplatform.edgeDeviceDebugInfo.get

aiplatform.edgeDevices.*

  • aiplatform.edgeDevices.create
  • aiplatform.edgeDevices.delete
  • aiplatform.edgeDevices.get
  • aiplatform.edgeDevices.list
  • aiplatform.edgeDevices.update

aiplatform.endpoints.create

aiplatform.endpoints.delete

aiplatform.endpoints.deploy

aiplatform.endpoints.explain

aiplatform.endpoints.get

aiplatform.endpoints.list

aiplatform.endpoints.predict

aiplatform.endpoints.undeploy

aiplatform.endpoints.update

aiplatform.entityTypes.create

aiplatform.entityTypes.delete

aiplatform.entityTypes.deleteFeatureValues

aiplatform.entityTypes.exportFeatureValues

aiplatform.entityTypes.get

aiplatform.entityTypes.importFeatureValues

aiplatform.entityTypes.list

aiplatform.entityTypes.readFeatureValues

aiplatform.entityTypes.streamingReadFeatureValues

aiplatform.entityTypes.update

aiplatform.entityTypes.writeFeatureValues

aiplatform.executions.*

  • aiplatform.executions.addExecutionEvents
  • aiplatform.executions.create
  • aiplatform.executions.delete
  • aiplatform.executions.get
  • aiplatform.executions.list
  • aiplatform.executions.queryExecutionInputsAndOutputs
  • aiplatform.executions.update

aiplatform.extensions.*

  • aiplatform.extensions.delete
  • aiplatform.extensions.execute
  • aiplatform.extensions.get
  • aiplatform.extensions.import
  • aiplatform.extensions.list
  • aiplatform.extensions.update

aiplatform.featureGroups.*

  • aiplatform.featureGroups.create
  • aiplatform.featureGroups.delete
  • aiplatform.featureGroups.get
  • aiplatform.featureGroups.list
  • aiplatform.featureGroups.update

aiplatform.featureOnlineStores.create

aiplatform.featureOnlineStores.delete

aiplatform.featureOnlineStores.get

aiplatform.featureOnlineStores.list

aiplatform.featureOnlineStores.update

aiplatform.featureViewSyncs.*

  • aiplatform.featureViewSyncs.get
  • aiplatform.featureViewSyncs.list

aiplatform.featureViews.create

aiplatform.featureViews.delete

aiplatform.featureViews.fetchFeatureValues

aiplatform.featureViews.get

aiplatform.featureViews.list

aiplatform.featureViews.searchNearestEntities

aiplatform.featureViews.sync

aiplatform.featureViews.update

aiplatform.features.*

  • aiplatform.features.create
  • aiplatform.features.delete
  • aiplatform.features.get
  • aiplatform.features.list
  • aiplatform.features.update

aiplatform.featurestores.batchReadFeatureValues

aiplatform.featurestores.create

aiplatform.featurestores.delete

aiplatform.featurestores.exportFeatures

aiplatform.featurestores.get

aiplatform.featurestores.importFeatures

aiplatform.featurestores.list

aiplatform.featurestores.readFeatures

aiplatform.featurestores.update

aiplatform.featurestores.writeFeatures

aiplatform.humanInTheLoops.*

  • aiplatform.humanInTheLoops.cancel
  • aiplatform.humanInTheLoops.create
  • aiplatform.humanInTheLoops.delete
  • aiplatform.humanInTheLoops.get
  • aiplatform.humanInTheLoops.list
  • aiplatform.humanInTheLoops.queryAnnotationStats
  • aiplatform.humanInTheLoops.send
  • aiplatform.humanInTheLoops.update

aiplatform.hyperparameterTuningJobs.*

  • aiplatform.hyperparameterTuningJobs.cancel
  • aiplatform.hyperparameterTuningJobs.create
  • aiplatform.hyperparameterTuningJobs.delete
  • aiplatform.hyperparameterTuningJobs.get
  • aiplatform.hyperparameterTuningJobs.list

aiplatform.indexEndpoints.*

  • aiplatform.indexEndpoints.create
  • aiplatform.indexEndpoints.delete
  • aiplatform.indexEndpoints.deploy
  • aiplatform.indexEndpoints.get
  • aiplatform.indexEndpoints.list
  • aiplatform.indexEndpoints.queryVectors
  • aiplatform.indexEndpoints.undeploy
  • aiplatform.indexEndpoints.update

aiplatform.indexes.*

  • aiplatform.indexes.create
  • aiplatform.indexes.delete
  • aiplatform.indexes.get
  • aiplatform.indexes.list
  • aiplatform.indexes.update

aiplatform.locations.*

  • aiplatform.locations.get
  • aiplatform.locations.list

aiplatform.metadataSchemas.*

  • aiplatform.metadataSchemas.create
  • aiplatform.metadataSchemas.delete
  • aiplatform.metadataSchemas.get
  • aiplatform.metadataSchemas.list

aiplatform.metadataStores.*

  • aiplatform.metadataStores.create
  • aiplatform.metadataStores.delete
  • aiplatform.metadataStores.get
  • aiplatform.metadataStores.list

aiplatform.modelDeploymentMonitoringJobs.*

  • aiplatform.modelDeploymentMonitoringJobs.create
  • aiplatform.modelDeploymentMonitoringJobs.delete
  • aiplatform.modelDeploymentMonitoringJobs.get
  • aiplatform.modelDeploymentMonitoringJobs.list
  • aiplatform.modelDeploymentMonitoringJobs.pause
  • aiplatform.modelDeploymentMonitoringJobs.resume
  • aiplatform.modelDeploymentMonitoringJobs.searchStatsAnomalies
  • aiplatform.modelDeploymentMonitoringJobs.update

aiplatform.modelEvaluationSlices.*

  • aiplatform.modelEvaluationSlices.get
  • aiplatform.modelEvaluationSlices.import
  • aiplatform.modelEvaluationSlices.list

aiplatform.modelEvaluations.*

  • aiplatform.modelEvaluations.exportEvaluatedDataItems
  • aiplatform.modelEvaluations.get
  • aiplatform.modelEvaluations.import
  • aiplatform.modelEvaluations.list

aiplatform.modelMonitoringJobs.*

  • aiplatform.modelMonitoringJobs.create
  • aiplatform.modelMonitoringJobs.delete
  • aiplatform.modelMonitoringJobs.get
  • aiplatform.modelMonitoringJobs.list

aiplatform.modelMonitors.*

  • aiplatform.modelMonitors.create
  • aiplatform.modelMonitors.delete
  • aiplatform.modelMonitors.get
  • aiplatform.modelMonitors.list
  • aiplatform.modelMonitors.searchModelMonitoringAlerts
  • aiplatform.modelMonitors.searchModelMonitoringStats
  • aiplatform.modelMonitors.update

aiplatform.models.*

  • aiplatform.models.delete
  • aiplatform.models.export
  • aiplatform.models.get
  • aiplatform.models.list
  • aiplatform.models.update
  • aiplatform.models.upload

aiplatform.nasJobs.*

  • aiplatform.nasJobs.cancel
  • aiplatform.nasJobs.create
  • aiplatform.nasJobs.delete
  • aiplatform.nasJobs.get
  • aiplatform.nasJobs.list

aiplatform.nasTrialDetails.*

  • aiplatform.nasTrialDetails.get
  • aiplatform.nasTrialDetails.list

aiplatform.notebookExecutionJobs.*

  • aiplatform.notebookExecutionJobs.create
  • aiplatform.notebookExecutionJobs.delete
  • aiplatform.notebookExecutionJobs.get
  • aiplatform.notebookExecutionJobs.list

aiplatform.notebookRuntimeTemplates.apply

aiplatform.notebookRuntimeTemplates.create

aiplatform.notebookRuntimeTemplates.delete

aiplatform.notebookRuntimeTemplates.get

aiplatform.notebookRuntimeTemplates.list

aiplatform.notebookRuntimeTemplates.update

aiplatform.notebookRuntimes.*

  • aiplatform.notebookRuntimes.assign
  • aiplatform.notebookRuntimes.delete
  • aiplatform.notebookRuntimes.get
  • aiplatform.notebookRuntimes.list
  • aiplatform.notebookRuntimes.start
  • aiplatform.notebookRuntimes.update
  • aiplatform.notebookRuntimes.upgrade

aiplatform.operations.list

aiplatform.persistentResources.get

aiplatform.persistentResources.list

aiplatform.pipelineJobs.*

  • aiplatform.pipelineJobs.cancel
  • aiplatform.pipelineJobs.create
  • aiplatform.pipelineJobs.delete
  • aiplatform.pipelineJobs.get
  • aiplatform.pipelineJobs.list

aiplatform.reasoningEngines.*

  • aiplatform.reasoningEngines.create
  • aiplatform.reasoningEngines.delete
  • aiplatform.reasoningEngines.get
  • aiplatform.reasoningEngines.list
  • aiplatform.reasoningEngines.query
  • aiplatform.reasoningEngines.update

aiplatform.schedules.*

  • aiplatform.schedules.create
  • aiplatform.schedules.delete
  • aiplatform.schedules.get
  • aiplatform.schedules.list
  • aiplatform.schedules.update

aiplatform.sessions.*

  • aiplatform.sessions.get
  • aiplatform.sessions.list
  • aiplatform.sessions.run

aiplatform.specialistPools.*

  • aiplatform.specialistPools.create
  • aiplatform.specialistPools.delete
  • aiplatform.specialistPools.get
  • aiplatform.specialistPools.list
  • aiplatform.specialistPools.update

aiplatform.studies.*

  • aiplatform.studies.create
  • aiplatform.studies.delete
  • aiplatform.studies.get
  • aiplatform.studies.list
  • aiplatform.studies.update

aiplatform.tensorboardExperiments.*

  • aiplatform.tensorboardExperiments.create
  • aiplatform.tensorboardExperiments.delete
  • aiplatform.tensorboardExperiments.get
  • aiplatform.tensorboardExperiments.list
  • aiplatform.tensorboardExperiments.update
  • aiplatform.tensorboardExperiments.write

aiplatform.tensorboardRuns.*

  • aiplatform.tensorboardRuns.batchCreate
  • aiplatform.tensorboardRuns.create
  • aiplatform.tensorboardRuns.delete
  • aiplatform.tensorboardRuns.get
  • aiplatform.tensorboardRuns.list
  • aiplatform.tensorboardRuns.update
  • aiplatform.tensorboardRuns.write

aiplatform.tensorboardTimeSeries.*

  • aiplatform.tensorboardTimeSeries.batchCreate
  • aiplatform.tensorboardTimeSeries.batchRead
  • aiplatform.tensorboardTimeSeries.create
  • aiplatform.tensorboardTimeSeries.delete
  • aiplatform.tensorboardTimeSeries.get
  • aiplatform.tensorboardTimeSeries.list
  • aiplatform.tensorboardTimeSeries.read
  • aiplatform.tensorboardTimeSeries.update

aiplatform.tensorboards.create

aiplatform.tensorboards.delete

aiplatform.tensorboards.get

aiplatform.tensorboards.list

aiplatform.tensorboards.update

aiplatform.trainingPipelines.*

  • aiplatform.trainingPipelines.cancel
  • aiplatform.trainingPipelines.create
  • aiplatform.trainingPipelines.delete
  • aiplatform.trainingPipelines.get
  • aiplatform.trainingPipelines.list

aiplatform.trials.*

  • aiplatform.trials.create
  • aiplatform.trials.delete
  • aiplatform.trials.get
  • aiplatform.trials.list
  • aiplatform.trials.update

aiplatform.tuningJobs.*

  • aiplatform.tuningJobs.cancel
  • aiplatform.tuningJobs.create
  • aiplatform.tuningJobs.delete
  • aiplatform.tuningJobs.get
  • aiplatform.tuningJobs.list
  • aiplatform.tuningJobs.vertexTune

artifactregistry.repositories.create

artifactregistry.repositories.downloadArtifacts

artifactregistry.repositories.get

artifactregistry.repositories.list

artifactregistry.repositories.uploadArtifacts

artifactregistry.tags.get

artifactregistry.versions.get

automl.datasets.export

automl.datasets.get

automl.datasets.list

automl.modelEvaluations.list

automl.models.get

automl.models.list

automl.operations.get

automl.tableSpecs.get

bigquery.datasets.create

bigquery.datasets.get

bigquery.jobs.create

bigquery.jobs.get

bigquery.models.create

bigquery.models.export

bigquery.models.getData

bigquery.readsessions.create

bigquery.readsessions.getData

bigquery.tables.create

bigquery.tables.export

bigquery.tables.get

bigquery.tables.getData

bigquery.tables.update

bigquery.tables.updateData

bigtable.tables.get

bigtable.tables.list

bigtable.tables.readRows

compute.addresses.get

compute.addresses.list

compute.addresses.use

compute.addresses.useInternal

compute.disks.create

compute.disks.createSnapshot

compute.disks.createTagBinding

compute.disks.delete

compute.disks.get

compute.disks.setLabels

compute.disks.use

compute.disks.useReadOnly

compute.globalOperations.get

compute.instances.attachDisk

compute.instances.create

compute.instances.createTagBinding

compute.instances.delete

compute.instances.detachDisk

compute.instances.get

compute.instances.getGuestAttributes

compute.instances.setLabels

compute.instances.setMetadata

compute.instances.setServiceAccount

compute.instances.setTags

compute.instances.start

compute.instances.stop

compute.instances.useReadOnly

compute.machineTypes.get

compute.networks.get

compute.networks.use

compute.networks.useExternalIp

compute.snapshots.create

compute.snapshots.delete

compute.snapshots.useReadOnly

compute.subnetworks.get

compute.subnetworks.list

compute.subnetworks.use

compute.subnetworks.useExternalIp

compute.zoneOperations.get

dataflow.jobs.*

  • dataflow.jobs.cancel
  • dataflow.jobs.create
  • dataflow.jobs.get
  • dataflow.jobs.list
  • dataflow.jobs.snapshot
  • dataflow.jobs.updateContents

dataflow.messages.list

dataflow.metrics.get

dataflow.snapshots.*

  • dataflow.snapshots.delete
  • dataflow.snapshots.get
  • dataflow.snapshots.list

datalabeling.annotateddatasets.get

datalabeling.datasets.export

datalabeling.datasets.get

datalabeling.datasets.list

datalabeling.operations.get

iam.serviceAccounts.actAs

iam.serviceAccounts.getAccessToken

iam.serviceAccounts.getOpenIdToken

logging.logEntries.create

logging.logEntries.route

ml.models.list

ml.operations.get

ml.versions.get

ml.versions.list

monitoring.notificationChannels.get

notebooks.instances.create

notebooks.instances.delete

notebooks.instances.get

resourcemanager.projects.get

resourcemanager.projects.list

run.executions.delete

run.executions.get

run.jobs.create

run.jobs.delete

run.jobs.get

run.jobs.run

run.jobs.update

run.operations.delete

run.operations.get

run.routes.invoke

run.services.create

run.services.delete

run.services.get

serviceusage.services.list

serviceusage.services.use

storage.buckets.create

storage.buckets.delete

storage.buckets.get

storage.buckets.list

storage.objects.create

storage.objects.delete

storage.objects.get

storage.objects.list

storage.objects.update

(roles/aiplatform.customCodeServiceAgent)

为 Vertex AI Custom Code 授予适当的权限。

aiplatform.agentExamples.*

  • aiplatform.agentExamples.create
  • aiplatform.agentExamples.delete
  • aiplatform.agentExamples.get
  • aiplatform.agentExamples.list
  • aiplatform.agentExamples.update

aiplatform.agents.*

  • aiplatform.agents.create
  • aiplatform.agents.delete
  • aiplatform.agents.get
  • aiplatform.agents.list
  • aiplatform.agents.update

aiplatform.annotationSpecs.*

  • aiplatform.annotationSpecs.create
  • aiplatform.annotationSpecs.delete
  • aiplatform.annotationSpecs.get
  • aiplatform.annotationSpecs.list
  • aiplatform.annotationSpecs.update

aiplatform.annotations.*

  • aiplatform.annotations.create
  • aiplatform.annotations.delete
  • aiplatform.annotations.get
  • aiplatform.annotations.list
  • aiplatform.annotations.update

aiplatform.apps.*

  • aiplatform.apps.create
  • aiplatform.apps.delete
  • aiplatform.apps.get
  • aiplatform.apps.list
  • aiplatform.apps.update

aiplatform.artifacts.*

  • aiplatform.artifacts.create
  • aiplatform.artifacts.delete
  • aiplatform.artifacts.get
  • aiplatform.artifacts.list
  • aiplatform.artifacts.update

aiplatform.batchPredictionJobs.*

  • aiplatform.batchPredictionJobs.cancel
  • aiplatform.batchPredictionJobs.create
  • aiplatform.batchPredictionJobs.delete
  • aiplatform.batchPredictionJobs.get
  • aiplatform.batchPredictionJobs.list

aiplatform.cacheConfigs.get

aiplatform.cachedContents.*

  • aiplatform.cachedContents.create
  • aiplatform.cachedContents.delete
  • aiplatform.cachedContents.get
  • aiplatform.cachedContents.list
  • aiplatform.cachedContents.update

aiplatform.consents.get

aiplatform.contexts.*

  • aiplatform.contexts.addContextArtifactsAndExecutions
  • aiplatform.contexts.addContextChildren
  • aiplatform.contexts.create
  • aiplatform.contexts.delete
  • aiplatform.contexts.get
  • aiplatform.contexts.list
  • aiplatform.contexts.queryContextLineageSubgraph
  • aiplatform.contexts.update

aiplatform.customJobs.*

  • aiplatform.customJobs.cancel
  • aiplatform.customJobs.create
  • aiplatform.customJobs.delete
  • aiplatform.customJobs.get
  • aiplatform.customJobs.list

aiplatform.dataItems.*

  • aiplatform.dataItems.create
  • aiplatform.dataItems.delete
  • aiplatform.dataItems.get
  • aiplatform.dataItems.list
  • aiplatform.dataItems.update

aiplatform.dataLabelingJobs.*

  • aiplatform.dataLabelingJobs.cancel
  • aiplatform.dataLabelingJobs.create
  • aiplatform.dataLabelingJobs.delete
  • aiplatform.dataLabelingJobs.get
  • aiplatform.dataLabelingJobs.list

aiplatform.datasetVersions.*

  • aiplatform.datasetVersions.create
  • aiplatform.datasetVersions.delete
  • aiplatform.datasetVersions.get
  • aiplatform.datasetVersions.list
  • aiplatform.datasetVersions.restore

aiplatform.datasets.*

  • aiplatform.datasets.create
  • aiplatform.datasets.delete
  • aiplatform.datasets.export
  • aiplatform.datasets.get
  • aiplatform.datasets.import
  • aiplatform.datasets.list
  • aiplatform.datasets.update

aiplatform.deploymentResourcePools.*

  • aiplatform.deploymentResourcePools.create
  • aiplatform.deploymentResourcePools.delete
  • aiplatform.deploymentResourcePools.get
  • aiplatform.deploymentResourcePools.list
  • aiplatform.deploymentResourcePools.queryDeployedModels
  • aiplatform.deploymentResourcePools.update

aiplatform.edgeDeploymentJobs.*

  • aiplatform.edgeDeploymentJobs.create
  • aiplatform.edgeDeploymentJobs.delete
  • aiplatform.edgeDeploymentJobs.get
  • aiplatform.edgeDeploymentJobs.list

aiplatform.edgeDeviceDebugInfo.get

aiplatform.edgeDevices.*

  • aiplatform.edgeDevices.create
  • aiplatform.edgeDevices.delete
  • aiplatform.edgeDevices.get
  • aiplatform.edgeDevices.list
  • aiplatform.edgeDevices.update

aiplatform.endpoints.create

aiplatform.endpoints.delete

aiplatform.endpoints.deploy

aiplatform.endpoints.explain

aiplatform.endpoints.get

aiplatform.endpoints.list

aiplatform.endpoints.predict

aiplatform.endpoints.undeploy

aiplatform.endpoints.update

aiplatform.entityTypes.create

aiplatform.entityTypes.delete

aiplatform.entityTypes.deleteFeatureValues

aiplatform.entityTypes.exportFeatureValues

aiplatform.entityTypes.get

aiplatform.entityTypes.importFeatureValues

aiplatform.entityTypes.list

aiplatform.entityTypes.readFeatureValues

aiplatform.entityTypes.streamingReadFeatureValues

aiplatform.entityTypes.update

aiplatform.entityTypes.writeFeatureValues

aiplatform.executions.*

  • aiplatform.executions.addExecutionEvents
  • aiplatform.executions.create
  • aiplatform.executions.delete
  • aiplatform.executions.get
  • aiplatform.executions.list
  • aiplatform.executions.queryExecutionInputsAndOutputs
  • aiplatform.executions.update

aiplatform.extensions.*

  • aiplatform.extensions.delete
  • aiplatform.extensions.execute
  • aiplatform.extensions.get
  • aiplatform.extensions.import
  • aiplatform.extensions.list
  • aiplatform.extensions.update

aiplatform.featureGroups.*

  • aiplatform.featureGroups.create
  • aiplatform.featureGroups.delete
  • aiplatform.featureGroups.get
  • aiplatform.featureGroups.list
  • aiplatform.featureGroups.update

aiplatform.featureOnlineStores.create

aiplatform.featureOnlineStores.delete

aiplatform.featureOnlineStores.get

aiplatform.featureOnlineStores.list

aiplatform.featureOnlineStores.update

aiplatform.featureViewSyncs.*

  • aiplatform.featureViewSyncs.get
  • aiplatform.featureViewSyncs.list

aiplatform.featureViews.create

aiplatform.featureViews.delete

aiplatform.featureViews.fetchFeatureValues

aiplatform.featureViews.get

aiplatform.featureViews.list

aiplatform.featureViews.searchNearestEntities

aiplatform.featureViews.sync

aiplatform.featureViews.update

aiplatform.features.*

  • aiplatform.features.create
  • aiplatform.features.delete
  • aiplatform.features.get
  • aiplatform.features.list
  • aiplatform.features.update

aiplatform.featurestores.batchReadFeatureValues

aiplatform.featurestores.create

aiplatform.featurestores.delete

aiplatform.featurestores.exportFeatures

aiplatform.featurestores.get

aiplatform.featurestores.importFeatures

aiplatform.featurestores.list

aiplatform.featurestores.readFeatures

aiplatform.featurestores.update

aiplatform.featurestores.writeFeatures

aiplatform.humanInTheLoops.*

  • aiplatform.humanInTheLoops.cancel
  • aiplatform.humanInTheLoops.create
  • aiplatform.humanInTheLoops.delete
  • aiplatform.humanInTheLoops.get
  • aiplatform.humanInTheLoops.list
  • aiplatform.humanInTheLoops.queryAnnotationStats
  • aiplatform.humanInTheLoops.send
  • aiplatform.humanInTheLoops.update

aiplatform.hyperparameterTuningJobs.*

  • aiplatform.hyperparameterTuningJobs.cancel
  • aiplatform.hyperparameterTuningJobs.create
  • aiplatform.hyperparameterTuningJobs.delete
  • aiplatform.hyperparameterTuningJobs.get
  • aiplatform.hyperparameterTuningJobs.list

aiplatform.indexEndpoints.*

  • aiplatform.indexEndpoints.create
  • aiplatform.indexEndpoints.delete
  • aiplatform.indexEndpoints.deploy
  • aiplatform.indexEndpoints.get
  • aiplatform.indexEndpoints.list
  • aiplatform.indexEndpoints.queryVectors
  • aiplatform.indexEndpoints.undeploy
  • aiplatform.indexEndpoints.update

aiplatform.indexes.*

  • aiplatform.indexes.create
  • aiplatform.indexes.delete
  • aiplatform.indexes.get
  • aiplatform.indexes.list
  • aiplatform.indexes.update

aiplatform.locations.*

  • aiplatform.locations.get
  • aiplatform.locations.list

aiplatform.metadataSchemas.*

  • aiplatform.metadataSchemas.create
  • aiplatform.metadataSchemas.delete
  • aiplatform.metadataSchemas.get
  • aiplatform.metadataSchemas.list

aiplatform.metadataStores.*

  • aiplatform.metadataStores.create
  • aiplatform.metadataStores.delete
  • aiplatform.metadataStores.get
  • aiplatform.metadataStores.list

aiplatform.modelDeploymentMonitoringJobs.*

  • aiplatform.modelDeploymentMonitoringJobs.create
  • aiplatform.modelDeploymentMonitoringJobs.delete
  • aiplatform.modelDeploymentMonitoringJobs.get
  • aiplatform.modelDeploymentMonitoringJobs.list
  • aiplatform.modelDeploymentMonitoringJobs.pause
  • aiplatform.modelDeploymentMonitoringJobs.resume
  • aiplatform.modelDeploymentMonitoringJobs.searchStatsAnomalies
  • aiplatform.modelDeploymentMonitoringJobs.update

aiplatform.modelEvaluationSlices.*

  • aiplatform.modelEvaluationSlices.get
  • aiplatform.modelEvaluationSlices.import
  • aiplatform.modelEvaluationSlices.list

aiplatform.modelEvaluations.*

  • aiplatform.modelEvaluations.exportEvaluatedDataItems
  • aiplatform.modelEvaluations.get
  • aiplatform.modelEvaluations.import
  • aiplatform.modelEvaluations.list

aiplatform.modelMonitoringJobs.*

  • aiplatform.modelMonitoringJobs.create
  • aiplatform.modelMonitoringJobs.delete
  • aiplatform.modelMonitoringJobs.get
  • aiplatform.modelMonitoringJobs.list

aiplatform.modelMonitors.*

  • aiplatform.modelMonitors.create
  • aiplatform.modelMonitors.delete
  • aiplatform.modelMonitors.get
  • aiplatform.modelMonitors.list
  • aiplatform.modelMonitors.searchModelMonitoringAlerts
  • aiplatform.modelMonitors.searchModelMonitoringStats
  • aiplatform.modelMonitors.update

aiplatform.models.*

  • aiplatform.models.delete
  • aiplatform.models.export
  • aiplatform.models.get
  • aiplatform.models.list
  • aiplatform.models.update
  • aiplatform.models.upload

aiplatform.nasJobs.*

  • aiplatform.nasJobs.cancel
  • aiplatform.nasJobs.create
  • aiplatform.nasJobs.delete
  • aiplatform.nasJobs.get
  • aiplatform.nasJobs.list

aiplatform.nasTrialDetails.*

  • aiplatform.nasTrialDetails.get
  • aiplatform.nasTrialDetails.list

aiplatform.notebookExecutionJobs.*

  • aiplatform.notebookExecutionJobs.create
  • aiplatform.notebookExecutionJobs.delete
  • aiplatform.notebookExecutionJobs.get
  • aiplatform.notebookExecutionJobs.list

aiplatform.notebookRuntimeTemplates.apply

aiplatform.notebookRuntimeTemplates.create

aiplatform.notebookRuntimeTemplates.delete

aiplatform.notebookRuntimeTemplates.get

aiplatform.notebookRuntimeTemplates.list

aiplatform.notebookRuntimeTemplates.update

aiplatform.notebookRuntimes.*

  • aiplatform.notebookRuntimes.assign
  • aiplatform.notebookRuntimes.delete
  • aiplatform.notebookRuntimes.get
  • aiplatform.notebookRuntimes.list
  • aiplatform.notebookRuntimes.start
  • aiplatform.notebookRuntimes.update
  • aiplatform.notebookRuntimes.upgrade

aiplatform.operations.list

aiplatform.persistentResources.get

aiplatform.persistentResources.list

aiplatform.pipelineJobs.*

  • aiplatform.pipelineJobs.cancel
  • aiplatform.pipelineJobs.create
  • aiplatform.pipelineJobs.delete
  • aiplatform.pipelineJobs.get
  • aiplatform.pipelineJobs.list

aiplatform.reasoningEngines.*

  • aiplatform.reasoningEngines.create
  • aiplatform.reasoningEngines.delete
  • aiplatform.reasoningEngines.get
  • aiplatform.reasoningEngines.list
  • aiplatform.reasoningEngines.query
  • aiplatform.reasoningEngines.update

aiplatform.schedules.*

  • aiplatform.schedules.create
  • aiplatform.schedules.delete
  • aiplatform.schedules.get
  • aiplatform.schedules.list
  • aiplatform.schedules.update

aiplatform.sessions.*

  • aiplatform.sessions.get
  • aiplatform.sessions.list
  • aiplatform.sessions.run

aiplatform.specialistPools.*

  • aiplatform.specialistPools.create
  • aiplatform.specialistPools.delete
  • aiplatform.specialistPools.get
  • aiplatform.specialistPools.list
  • aiplatform.specialistPools.update

aiplatform.studies.*

  • aiplatform.studies.create
  • aiplatform.studies.delete
  • aiplatform.studies.get
  • aiplatform.studies.list
  • aiplatform.studies.update

aiplatform.tensorboardExperiments.*

  • aiplatform.tensorboardExperiments.create
  • aiplatform.tensorboardExperiments.delete
  • aiplatform.tensorboardExperiments.get
  • aiplatform.tensorboardExperiments.list
  • aiplatform.tensorboardExperiments.update
  • aiplatform.tensorboardExperiments.write

aiplatform.tensorboardRuns.*

  • aiplatform.tensorboardRuns.batchCreate
  • aiplatform.tensorboardRuns.create
  • aiplatform.tensorboardRuns.delete
  • aiplatform.tensorboardRuns.get
  • aiplatform.tensorboardRuns.list
  • aiplatform.tensorboardRuns.update
  • aiplatform.tensorboardRuns.write

aiplatform.tensorboardTimeSeries.*

  • aiplatform.tensorboardTimeSeries.batchCreate
  • aiplatform.tensorboardTimeSeries.batchRead
  • aiplatform.tensorboardTimeSeries.create
  • aiplatform.tensorboardTimeSeries.delete
  • aiplatform.tensorboardTimeSeries.get
  • aiplatform.tensorboardTimeSeries.list
  • aiplatform.tensorboardTimeSeries.read
  • aiplatform.tensorboardTimeSeries.update

aiplatform.tensorboards.create

aiplatform.tensorboards.delete

aiplatform.tensorboards.get

aiplatform.tensorboards.list

aiplatform.tensorboards.update

aiplatform.trainingPipelines.*

  • aiplatform.trainingPipelines.cancel
  • aiplatform.trainingPipelines.create
  • aiplatform.trainingPipelines.delete
  • aiplatform.trainingPipelines.get
  • aiplatform.trainingPipelines.list

aiplatform.trials.*

  • aiplatform.trials.create
  • aiplatform.trials.delete
  • aiplatform.trials.get
  • aiplatform.trials.list
  • aiplatform.trials.update

aiplatform.tuningJobs.*

  • aiplatform.tuningJobs.cancel
  • aiplatform.tuningJobs.create
  • aiplatform.tuningJobs.delete
  • aiplatform.tuningJobs.get
  • aiplatform.tuningJobs.list
  • aiplatform.tuningJobs.vertexTune

artifactregistry.repositories.downloadArtifacts

artifactregistry.repositories.get

artifactregistry.repositories.list

artifactregistry.tags.get

artifactregistry.versions.get

bigquery.datasets.create

bigquery.datasets.get

bigquery.jobs.create

bigquery.jobs.get

bigquery.readsessions.create

bigquery.readsessions.getData

bigquery.tables.create

bigquery.tables.export

bigquery.tables.get

bigquery.tables.getData

bigquery.tables.update

bigquery.tables.updateData

iam.serviceAccounts.get

iam.serviceAccounts.getAccessToken

iam.serviceAccounts.getOpenIdToken

iam.serviceAccounts.implicitDelegation

iam.serviceAccounts.list

iam.serviceAccounts.signBlob

iam.serviceAccounts.signJwt

logging.logEntries.create

logging.logEntries.route

monitoring.metricDescriptors.create

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

  • monitoring.monitoredResourceDescriptors.get
  • monitoring.monitoredResourceDescriptors.list

monitoring.timeSeries.create

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.services.use

storage.buckets.create

storage.buckets.delete

storage.buckets.get

storage.buckets.list

storage.objects.create

storage.objects.delete

storage.objects.get

storage.objects.list

storage.objects.update

(roles/notebooks.serviceAgent)

授予 Notebooks 服务代理管理用户项目中的笔记本实例的权限

aiplatform.customJobs.cancel

aiplatform.customJobs.create

aiplatform.customJobs.get

aiplatform.customJobs.list

aiplatform.notebookExecutionJobs.*

  • aiplatform.notebookExecutionJobs.create
  • aiplatform.notebookExecutionJobs.delete
  • aiplatform.notebookExecutionJobs.get
  • aiplatform.notebookExecutionJobs.list

aiplatform.operations.list

aiplatform.pipelineJobs.create

aiplatform.schedules.*

  • aiplatform.schedules.create
  • aiplatform.schedules.delete
  • aiplatform.schedules.get
  • aiplatform.schedules.list
  • aiplatform.schedules.update

backupdr.backupPlanAssociations.createForComputeInstance

backupdr.backupPlanAssociations.deleteForComputeInstance

backupdr.backupPlanAssociations.list

backupdr.backupPlanAssociations.triggerBackupForComputeInstance

backupdr.backupPlans.useForComputeInstance

compute.acceleratorTypes.*

  • compute.acceleratorTypes.get
  • compute.acceleratorTypes.list

compute.addresses.createInternal

compute.addresses.deleteInternal

compute.addresses.get

compute.addresses.list

compute.addresses.listEffectiveTags

compute.addresses.listTagBindings

compute.addresses.use

compute.addresses.useInternal

compute.autoscalers.*

  • compute.autoscalers.create
  • compute.autoscalers.delete
  • compute.autoscalers.get
  • compute.autoscalers.list
  • compute.autoscalers.update

compute.backendBuckets.get

compute.backendBuckets.getIamPolicy

compute.backendBuckets.list

compute.backendBuckets.listEffectiveTags

compute.backendBuckets.listTagBindings

compute.backendServices.get

compute.backendServices.getIamPolicy

compute.backendServices.list

compute.backendServices.listEffectiveTags

compute.backendServices.listTagBindings

compute.commitments.get

compute.commitments.list

compute.diskTypes.*

  • compute.diskTypes.get
  • compute.diskTypes.list

compute.disks.*

  • compute.disks.addResourcePolicies
  • compute.disks.create
  • compute.disks.createSnapshot
  • compute.disks.createTagBinding
  • compute.disks.delete
  • compute.disks.deleteTagBinding
  • compute.disks.get
  • compute.disks.getIamPolicy
  • compute.disks.list
  • compute.disks.listEffectiveTags
  • compute.disks.listTagBindings
  • compute.disks.removeResourcePolicies
  • compute.disks.resize
  • compute.disks.setIamPolicy
  • compute.disks.setLabels
  • compute.disks.startAsyncReplication
  • compute.disks.stopAsyncReplication
  • compute.disks.stopGroupAsyncReplication
  • compute.disks.update
  • compute.disks.use
  • compute.disks.useReadOnly

compute.externalVpnGateways.get

compute.externalVpnGateways.list

compute.externalVpnGateways.listEffectiveTags

compute.externalVpnGateways.listTagBindings

compute.firewallPolicies.get

compute.firewallPolicies.getIamPolicy

compute.firewallPolicies.list

compute.firewallPolicies.listEffectiveTags

compute.firewallPolicies.listTagBindings

compute.firewalls.get

compute.firewalls.list

compute.firewalls.listEffectiveTags

compute.firewalls.listTagBindings

compute.forwardingRules.get

compute.forwardingRules.list

compute.forwardingRules.listEffectiveTags

compute.forwardingRules.listTagBindings

compute.futureReservations.get

compute.futureReservations.getIamPolicy

compute.futureReservations.list

compute.globalAddresses.get

compute.globalAddresses.list

compute.globalAddresses.listEffectiveTags

compute.globalAddresses.listTagBindings

compute.globalAddresses.use

compute.globalForwardingRules.get

compute.globalForwardingRules.list

compute.globalForwardingRules.listEffectiveTags

compute.globalForwardingRules.listTagBindings

compute.globalForwardingRules.pscGet

compute.globalNetworkEndpointGroups.*

  • compute.globalNetworkEndpointGroups.attachNetworkEndpoints
  • compute.globalNetworkEndpointGroups.create
  • compute.globalNetworkEndpointGroups.createTagBinding
  • compute.globalNetworkEndpointGroups.delete
  • compute.globalNetworkEndpointGroups.deleteTagBinding
  • compute.globalNetworkEndpointGroups.detachNetworkEndpoints
  • compute.globalNetworkEndpointGroups.get
  • compute.globalNetworkEndpointGroups.list
  • compute.globalNetworkEndpointGroups.listEffectiveTags
  • compute.globalNetworkEndpointGroups.listTagBindings
  • compute.globalNetworkEndpointGroups.use

compute.globalOperations.get

compute.globalOperations.getIamPolicy

compute.globalOperations.list

compute.globalPublicDelegatedPrefixes.get

compute.globalPublicDelegatedPrefixes.list

compute.healthChecks.get

compute.healthChecks.list

compute.healthChecks.listEffectiveTags

compute.healthChecks.listTagBindings

compute.httpHealthChecks.get

compute.httpHealthChecks.list

compute.httpHealthChecks.listEffectiveTags

compute.httpHealthChecks.listTagBindings

compute.httpsHealthChecks.get

compute.httpsHealthChecks.list

compute.httpsHealthChecks.listEffectiveTags

compute.httpsHealthChecks.listTagBindings

compute.images.*

  • compute.images.create
  • compute.images.createTagBinding
  • compute.images.delete
  • compute.images.deleteTagBinding
  • compute.images.deprecate
  • compute.images.get
  • compute.images.getFromFamily
  • compute.images.getIamPolicy
  • compute.images.list
  • compute.images.listEffectiveTags
  • compute.images.listTagBindings
  • compute.images.setIamPolicy
  • compute.images.setLabels
  • compute.images.update
  • compute.images.useReadOnly

compute.instanceGroupManagers.*

  • compute.instanceGroupManagers.create
  • compute.instanceGroupManagers.createTagBinding
  • compute.instanceGroupManagers.delete
  • compute.instanceGroupManagers.deleteTagBinding
  • compute.instanceGroupManagers.get
  • compute.instanceGroupManagers.list
  • compute.instanceGroupManagers.listEffectiveTags
  • compute.instanceGroupManagers.listTagBindings
  • compute.instanceGroupManagers.update
  • compute.instanceGroupManagers.use

compute.instanceGroups.*

  • compute.instanceGroups.create
  • compute.instanceGroups.createTagBinding
  • compute.instanceGroups.delete
  • compute.instanceGroups.deleteTagBinding
  • compute.instanceGroups.get
  • compute.instanceGroups.list
  • compute.instanceGroups.listEffectiveTags
  • compute.instanceGroups.listTagBindings
  • compute.instanceGroups.update
  • compute.instanceGroups.use

compute.instanceSettings.*

  • compute.instanceSettings.get
  • compute.instanceSettings.update

compute.instanceTemplates.*

  • compute.instanceTemplates.create
  • compute.instanceTemplates.delete
  • compute.instanceTemplates.get
  • compute.instanceTemplates.getIamPolicy
  • compute.instanceTemplates.list
  • compute.instanceTemplates.setIamPolicy
  • compute.instanceTemplates.useReadOnly

compute.instances.*

  • compute.instances.addAccessConfig
  • compute.instances.addResourcePolicies
  • compute.instances.attachDisk
  • compute.instances.create
  • compute.instances.createTagBinding
  • compute.instances.delete
  • compute.instances.deleteAccessConfig
  • compute.instances.deleteTagBinding
  • compute.instances.detachDisk
  • compute.instances.get
  • compute.instances.getEffectiveFirewalls
  • compute.instances.getGuestAttributes
  • compute.instances.getIamPolicy
  • compute.instances.getScreenshot
  • compute.instances.getSerialPortOutput
  • compute.instances.getShieldedInstanceIdentity
  • compute.instances.getShieldedVmIdentity
  • compute.instances.list
  • compute.instances.listEffectiveTags
  • compute.instances.listReferrers
  • compute.instances.listTagBindings
  • compute.instances.osAdminLogin
  • compute.instances.osLogin
  • compute.instances.pscInterfaceCreate
  • compute.instances.removeResourcePolicies
  • compute.instances.reset
  • compute.instances.resume
  • compute.instances.sendDiagnosticInterrupt
  • compute.instances.setDeletionProtection
  • compute.instances.setDiskAutoDelete
  • compute.instances.setIamPolicy
  • compute.instances.setLabels
  • compute.instances.setMachineResources
  • compute.instances.setMachineType
  • compute.instances.setMetadata
  • compute.instances.setMinCpuPlatform
  • compute.instances.setName
  • compute.instances.setScheduling
  • compute.instances.setSecurityPolicy
  • compute.instances.setServiceAccount
  • compute.instances.setShieldedInstanceIntegrityPolicy
  • compute.instances.setShieldedVmIntegrityPolicy
  • compute.instances.setTags
  • compute.instances.simulateMaintenanceEvent
  • compute.instances.start
  • compute.instances.startWithEncryptionKey
  • compute.instances.stop
  • compute.instances.suspend
  • compute.instances.update
  • compute.instances.updateAccessConfig
  • compute.instances.updateDisplayDevice
  • compute.instances.updateNetworkInterface
  • compute.instances.updateSecurity
  • compute.instances.updateShieldedInstanceConfig
  • compute.instances.updateShieldedVmConfig
  • compute.instances.use
  • compute.instances.useReadOnly

compute.instantSnapshots.*

  • compute.instantSnapshots.create
  • compute.instantSnapshots.delete
  • compute.instantSnapshots.export
  • compute.instantSnapshots.get
  • compute.instantSnapshots.getIamPolicy
  • compute.instantSnapshots.list
  • compute.instantSnapshots.setIamPolicy
  • compute.instantSnapshots.setLabels
  • compute.instantSnapshots.useReadOnly

compute.interconnectAttachments.get

compute.interconnectAttachments.list

compute.interconnectAttachments.listEffectiveTags

compute.interconnectAttachments.listTagBindings

compute.interconnectLocations.*

  • compute.interconnectLocations.get
  • compute.interconnectLocations.list

compute.interconnectRemoteLocations.*

  • compute.interconnectRemoteLocations.get
  • compute.interconnectRemoteLocations.list

compute.interconnects.get

compute.interconnects.list

compute.interconnects.listEffectiveTags

compute.interconnects.listTagBindings

compute.licenseCodes.*

  • compute.licenseCodes.get
  • compute.licenseCodes.getIamPolicy
  • compute.licenseCodes.list
  • compute.licenseCodes.setIamPolicy
  • compute.licenseCodes.update

compute.licenses.*

  • compute.licenses.create
  • compute.licenses.delete
  • compute.licenses.get
  • compute.licenses.getIamPolicy
  • compute.licenses.list
  • compute.licenses.setIamPolicy

compute.machineImages.*

  • compute.machineImages.create
  • compute.machineImages.delete
  • compute.machineImages.get
  • compute.machineImages.getIamPolicy
  • compute.machineImages.list
  • compute.machineImages.setIamPolicy
  • compute.machineImages.useReadOnly

compute.machineTypes.*

  • compute.machineTypes.get
  • compute.machineTypes.list

compute.multiMig.*

  • compute.multiMig.create
  • compute.multiMig.delete
  • compute.multiMig.get
  • compute.multiMig.list

compute.networkAttachments.get

compute.networkAttachments.getIamPolicy

compute.networkAttachments.list

compute.networkAttachments.listEffectiveTags

compute.networkAttachments.listTagBindings

compute.networkEdgeSecurityServices.get

compute.networkEdgeSecurityServices.list

compute.networkEdgeSecurityServices.listEffectiveTags

compute.networkEdgeSecurityServices.listTagBindings

compute.networkEndpointGroups.*

  • compute.networkEndpointGroups.attachNetworkEndpoints
  • compute.networkEndpointGroups.create
  • compute.networkEndpointGroups.createTagBinding
  • compute.networkEndpointGroups.delete
  • compute.networkEndpointGroups.deleteTagBinding
  • compute.networkEndpointGroups.detachNetworkEndpoints
  • compute.networkEndpointGroups.get
  • compute.networkEndpointGroups.list
  • compute.networkEndpointGroups.listEffectiveTags
  • compute.networkEndpointGroups.listTagBindings
  • compute.networkEndpointGroups.use

compute.networkProfiles.*

  • compute.networkProfiles.get
  • compute.networkProfiles.list

compute.networks.get

compute.networks.getEffectiveFirewalls

compute.networks.getRegionEffectiveFirewalls

compute.networks.list

compute.networks.listEffectiveTags

compute.networks.listPeeringRoutes

compute.networks.listTagBindings

compute.networks.use

compute.networks.useExternalIp

compute.nodeGroups.get

compute.nodeGroups.getIamPolicy

compute.nodeGroups.list

compute.nodeTemplates.get

compute.nodeTemplates.getIamPolicy

compute.nodeTemplates.list

compute.nodeTypes.*

  • compute.nodeTypes.get
  • compute.nodeTypes.list

compute.organizations.listAssociations

compute.packetMirrorings.get

compute.packetMirrorings.list

compute.packetMirrorings.listEffectiveTags

compute.packetMirrorings.listTagBindings

compute.projects.get

compute.projects.setCommonInstanceMetadata

compute.publicAdvertisedPrefixes.get

compute.publicAdvertisedPrefixes.list

compute.publicDelegatedPrefixes.get

compute.publicDelegatedPrefixes.list

compute.publicDelegatedPrefixes.listEffectiveTags

compute.publicDelegatedPrefixes.listTagBindings

compute.regionBackendServices.get

compute.regionBackendServices.getIamPolicy

compute.regionBackendServices.list

compute.regionBackendServices.listEffectiveTags

compute.regionBackendServices.listTagBindings

compute.regionFirewallPolicies.get

compute.regionFirewallPolicies.getIamPolicy

compute.regionFirewallPolicies.list

compute.regionFirewallPolicies.listEffectiveTags

compute.regionFirewallPolicies.listTagBindings

compute.regionHealthCheckServices.get

compute.regionHealthCheckServices.list

compute.regionHealthChecks.get

compute.regionHealthChecks.list

compute.regionHealthChecks.listEffectiveTags

compute.regionHealthChecks.listTagBindings

compute.regionNetworkEndpointGroups.*

  • compute.regionNetworkEndpointGroups.attachNetworkEndpoints
  • compute.regionNetworkEndpointGroups.create
  • compute.regionNetworkEndpointGroups.createTagBinding
  • compute.regionNetworkEndpointGroups.delete
  • compute.regionNetworkEndpointGroups.deleteTagBinding
  • compute.regionNetworkEndpointGroups.detachNetworkEndpoints
  • compute.regionNetworkEndpointGroups.get
  • compute.regionNetworkEndpointGroups.list
  • compute.regionNetworkEndpointGroups.listEffectiveTags
  • compute.regionNetworkEndpointGroups.listTagBindings
  • compute.regionNetworkEndpointGroups.use

compute.regionNotificationEndpoints.get

compute.regionNotificationEndpoints.list

compute.regionOperations.get

compute.regionOperations.getIamPolicy

compute.regionOperations.list

compute.regionSecurityPolicies.get

compute.regionSecurityPolicies.list

compute.regionSecurityPolicies.listEffectiveTags

compute.regionSecurityPolicies.listTagBindings

compute.regionSslCertificates.get

compute.regionSslCertificates.list

compute.regionSslCertificates.listEffectiveTags

compute.regionSslCertificates.listTagBindings

compute.regionSslPolicies.get

compute.regionSslPolicies.list

compute.regionSslPolicies.listAvailableFeatures

compute.regionSslPolicies.listEffectiveTags

compute.regionSslPolicies.listTagBindings

compute.regionTargetHttpProxies.get

compute.regionTargetHttpProxies.list

compute.regionTargetHttpProxies.listEffectiveTags

compute.regionTargetHttpProxies.listTagBindings

compute.regionTargetHttpsProxies.get

compute.regionTargetHttpsProxies.list

compute.regionTargetHttpsProxies.listEffectiveTags

compute.regionTargetHttpsProxies.listTagBindings

compute.regionTargetTcpProxies.get

compute.regionTargetTcpProxies.list

compute.regionTargetTcpProxies.listEffectiveTags

compute.regionTargetTcpProxies.listTagBindings

compute.regionUrlMaps.get

compute.regionUrlMaps.list

compute.regionUrlMaps.listEffectiveTags

compute.regionUrlMaps.listTagBindings

compute.regionUrlMaps.validate

compute.regions.*

  • compute.regions.get
  • compute.regions.list

compute.reservations.get

compute.reservations.list

compute.resourcePolicies.*

  • compute.resourcePolicies.create
  • compute.resourcePolicies.delete
  • compute.resourcePolicies.get
  • compute.resourcePolicies.getIamPolicy
  • compute.resourcePolicies.list
  • compute.resourcePolicies.setIamPolicy
  • compute.resourcePolicies.update
  • compute.resourcePolicies.use
  • compute.resourcePolicies.useReadOnly

compute.routers.get

compute.routers.getRoutePolicy

compute.routers.list

compute.routers.listBgpRoutes

compute.routers.listEffectiveTags

compute.routers.listRoutePolicies

compute.routers.listTagBindings

compute.routes.get

compute.routes.list

compute.routes.listEffectiveTags

compute.routes.listTagBindings

compute.securityPolicies.get

compute.securityPolicies.list

compute.securityPolicies.listEffectiveTags

compute.securityPolicies.listTagBindings

compute.serviceAttachments.get

compute.serviceAttachments.getIamPolicy

compute.serviceAttachments.list

compute.serviceAttachments.listEffectiveTags

compute.serviceAttachments.listTagBindings

compute.snapshotSettings.get

compute.snapshots.*

  • compute.snapshots.create
  • compute.snapshots.createTagBinding
  • compute.snapshots.delete
  • compute.snapshots.deleteTagBinding
  • compute.snapshots.get
  • compute.snapshots.getIamPolicy
  • compute.snapshots.list
  • compute.snapshots.listEffectiveTags
  • compute.snapshots.listTagBindings
  • compute.snapshots.setIamPolicy
  • compute.snapshots.setLabels
  • compute.snapshots.useReadOnly

compute.spotAssistants.get

compute.sslCertificates.get

compute.sslCertificates.list

compute.sslCertificates.listEffectiveTags

compute.sslCertificates.listTagBindings

compute.sslPolicies.get

compute.sslPolicies.list

compute.sslPolicies.listAvailableFeatures

compute.sslPolicies.listEffectiveTags

compute.sslPolicies.listTagBindings

compute.storagePools.get

compute.storagePools.getIamPolicy

compute.storagePools.list

compute.storagePools.use

compute.subnetworks.get

compute.subnetworks.getIamPolicy

compute.subnetworks.list

compute.subnetworks.listEffectiveTags

compute.subnetworks.listTagBindings

compute.subnetworks.use

compute.subnetworks.useExternalIp

compute.targetGrpcProxies.get

compute.targetGrpcProxies.list

compute.targetGrpcProxies.listEffectiveTags

compute.targetGrpcProxies.listTagBindings

compute.targetHttpProxies.get

compute.targetHttpProxies.list

compute.targetHttpProxies.listEffectiveTags

compute.targetHttpProxies.listTagBindings

compute.targetHttpsProxies.get

compute.targetHttpsProxies.list

compute.targetHttpsProxies.listEffectiveTags

compute.targetHttpsProxies.listTagBindings

compute.targetInstances.get

compute.targetInstances.list

compute.targetInstances.listEffectiveTags

compute.targetInstances.listTagBindings

compute.targetPools.get

compute.targetPools.list

compute.targetPools.listEffectiveTags

compute.targetPools.listTagBindings

compute.targetSslProxies.get

compute.targetSslProxies.list

compute.targetSslProxies.listEffectiveTags

compute.targetSslProxies.listTagBindings

compute.targetTcpProxies.get

compute.targetTcpProxies.list

compute.targetTcpProxies.listEffectiveTags

compute.targetTcpProxies.listTagBindings

compute.targetVpnGateways.get

compute.targetVpnGateways.list

compute.targetVpnGateways.listEffectiveTags

compute.targetVpnGateways.listTagBindings

compute.urlMaps.get

compute.urlMaps.list

compute.urlMaps.listEffectiveTags

compute.urlMaps.listTagBindings

compute.urlMaps.validate

compute.vpnGateways.get

compute.vpnGateways.list

compute.vpnGateways.listEffectiveTags

compute.vpnGateways.listTagBindings

compute.vpnTunnels.get

compute.vpnTunnels.list

compute.vpnTunnels.listEffectiveTags

compute.vpnTunnels.listTagBindings

compute.zoneOperations.get

compute.zoneOperations.getIamPolicy

compute.zoneOperations.list

compute.zones.*

  • compute.zones.get
  • compute.zones.list

dataproc.clusters.get

dataproc.clusters.use

dataproc.jobs.cancel

dataproc.jobs.create

dataproc.jobs.delete

dataproc.jobs.get

dataproc.jobs.list

dataproc.jobs.update

iam.serviceAccounts.actAs

iam.serviceAccounts.get

iam.serviceAccounts.getAccessToken

iam.serviceAccounts.list

ml.jobs.create

ml.jobs.get

ml.jobs.list

notebooks.*

  • notebooks.environments.create
  • notebooks.environments.delete
  • notebooks.environments.get
  • notebooks.environments.getIamPolicy
  • notebooks.environments.list
  • notebooks.environments.setIamPolicy
  • notebooks.executions.create
  • notebooks.executions.delete
  • notebooks.executions.get
  • notebooks.executions.getIamPolicy
  • notebooks.executions.list
  • notebooks.executions.setIamPolicy
  • notebooks.instances.checkUpgradability
  • notebooks.instances.create
  • notebooks.instances.delete
  • notebooks.instances.diagnose
  • notebooks.instances.get
  • notebooks.instances.getHealth
  • notebooks.instances.getIamPolicy
  • notebooks.instances.list
  • notebooks.instances.reset
  • notebooks.instances.setAccelerator
  • notebooks.instances.setIamPolicy
  • notebooks.instances.setLabels
  • notebooks.instances.setMachineType
  • notebooks.instances.start
  • notebooks.instances.stop
  • notebooks.instances.update
  • notebooks.instances.updateConfig
  • notebooks.instances.updateShieldInstanceConfig
  • notebooks.instances.upgrade
  • notebooks.instances.use
  • notebooks.locations.get
  • notebooks.locations.list
  • notebooks.operations.cancel
  • notebooks.operations.delete
  • notebooks.operations.get
  • notebooks.operations.list
  • notebooks.runtimes.create
  • notebooks.runtimes.delete
  • notebooks.runtimes.diagnose
  • notebooks.runtimes.get
  • notebooks.runtimes.getIamPolicy
  • notebooks.runtimes.list
  • notebooks.runtimes.reset
  • notebooks.runtimes.setIamPolicy
  • notebooks.runtimes.start
  • notebooks.runtimes.stop
  • notebooks.runtimes.switch
  • notebooks.runtimes.update
  • notebooks.runtimes.upgrade
  • notebooks.schedules.create
  • notebooks.schedules.delete
  • notebooks.schedules.get
  • notebooks.schedules.getIamPolicy
  • notebooks.schedules.list
  • notebooks.schedules.setIamPolicy

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

授予 Vertex AI 服务代理对其他资源的访问权限

有时,您需要向 Vertex AI 服务代理授予其他角色。例如,如果您需要 Vertex AI 访问其他项目中的 Cloud Storage 存储桶,则需要向服务代理授予一个或多个其他角色。

BigQuery 的角色添加要求

下表介绍了针对其他项目中的 BigQuery 表或视图或由外部数据源支持的 BigQuery 表或视图,需要向 Vertex AI Service Agent 添加的必需的额外角色。

术语“主项目”是指 Vertex AI 数据集或模型所在的项目。“其他项目”一词指的是任何其他项目。

表类型 表项目 数据源项目 需要添加的角色
原生 BigQuery 表格 主项目 不适用 无。
原生 BigQuery 表格 其他项目 不适用 BigQuery Data Viewer(针对其他项目)。了解详情
BigQuery 视图 主项目 不适用 无。
BigQuery 视图 其他项目 不适用 BigQuery Data Viewer(针对其他项目)。了解详情
Bigtable 支持的外部 BigQuery 数据源 主项目 主项目 Bigtable Reader(针对主项目)。了解详情
Bigtable 支持的外部 BigQuery 数据源 主项目 其他项目 Bigtable Reader(针对其他项目)。了解详情
Bigtable 支持的外部 BigQuery 数据源 其他项目 其他项目 BigQuery ReaderBigtable Reader(针对其他项目)。了解详情
Cloud Storage 支持的外部 BigQuery 数据源 主项目 主项目 无。
Cloud Storage 支持的外部 BigQuery 数据源 主项目 其他项目 Storage Object Viewer(针对其他项目)。了解详情
Cloud Storage 支持的外部 BigQuery 数据源 其他项目 其他项目 Storage Object ViewerBigQuery Data Viewer(针对其他项目)。了解详情
Google Sheets 支持的外部 BigQuery 数据源 主项目 不适用 与 Vertex AI 服务账号共享表格文件。了解详情
Google Sheets 支持的外部 BigQuery 数据源 其他项目 不适用 BigQuery Reader(针对其他项目),并与 Vertex AI 服务账号共享表格文件

Cloud Storage 的角色添加要求

如果您要访问不同项目的 Cloud Storage 存储桶中的数据,则必须对该项目中的 Vertex AI 授予 Storage > Storage Object Viewer 角色。了解详情

如果您使用 Cloud Storage 存储桶从本地计算机接收导入操作的数据,并且该存储桶所属项目与 Google Cloud 项目不同,您必须在该项目中向 Vertex AI 提供 Storage > Storage Object Creator 角色。了解详情

向主项目中的资源授予 Vertex AI 访问权限

如需向主项目中的 Vertex AI 服务代理授予其他角色,请执行以下操作:

  1. 前往主项目对应的 Google Cloud 控制台 IAM 页面。

    前往 IAM 页面

  2. 选中包括 Google 提供的角色授权复选框。

  3. 确定要授予权限的服务代理,然后点击 铅笔图标。

    您可以过滤 Principal:@gcp-sa-aiplatform-cc.iam.gserviceaccount.com,找到 Vertex AI Service Agent。

  4. 向服务账号授予所需角色并保存所做的更改。

向不同项目中的资源授予 Vertex AI 访问权限

当您在其他项目中使用数据源或目标时,您必须在该项目中授予 Vertex AI 服务账号权限。Vertex AI 服务账号是在启动第一个异步作业(例如创建端点)后创建的。您还可以按照这些说明使用 gcloud CLI 明确创建 Vertex AI 服务账号。 此 gcloud 命令将同时创建默认服务账号和自定义代码服务账号,但响应中只会返回默认服务账号。

如需在其他项目中添加 Vertex AI 的权限,请执行以下操作:

  1. 前往主项目(您使用 Vertex AI 的项目)的 Google Cloud 控制台 IAM 页面。

    前往 IAM 页面

  2. 选中包括 Google 提供的角色授权复选框。

  3. 确定要授予相应权限的服务代理,并复制其电子邮件地址(在主账号下方列出)。

    您可以过滤 Principal:@gcp-sa-aiplatform-cc.iam.gserviceaccount.com,找到 Vertex AI Service Agent。

  4. 将项目更改为需要授予权限的项目。

  5. 点击添加,并在新建主账号中输入电子邮件地址。

  6. 添加所有必需的角色,并点击保存

提供对 Google 表格的访问权限

如果您使用由 Google 表格提供支持的外部 BigQuery 数据源,则必须与 Vertex AI 服务账号共享表格。Vertex AI 服务账号是在启动第一个异步作业(例如创建端点)后创建的。您还可以按照此说明使用 gcloud CLI 明确创建 Vertex AI 服务账号。

如需授权 Vertex AI 访问您的表格文件,请执行以下操作:

  1. 在 Google Cloud 控制台中,前往 IAM 页面。

    前往 IAM 页面

  2. 查找名为 Vertex AI Service Agent 的服务账号并复制其电子邮件地址(在主账号下方列出)。

  3. 打开您的表格文件并与该地址共享。

后续步骤