This page provides examples for how you might set up a project for a team working with Vertex AI. This page assumes that you're already familiar with Identity and Access Management (IAM) concepts such as policies, roles, permissions, and principals as described in Vertex AI access control with IAM and Concepts related to access management.
These examples are intended to be used generally. Consider the team's specific needs, and adjust how you set up the project accordingly.
Overview
Vertex AI uses IAM to manage access to resources. When you plan access control for your resources, consider the following:
You can manage access at the project level or resource level. Project-level access applies to all of the resources in that project. Access to a specific resource only applies to that resource.
You grant access by assigning IAM roles to principals. Predefined roles are available to make it easier to set up access, but custom roles are recommended because you create them, so you can limit their access to only the permissions that are required.
To learn more about access control, see Vertex AI access control with IAM.
Single project with shared access to data and Vertex AI resources
In this example, a team shares a single project that contains their data and Vertex AI resources.
You might set up a project this way if the team's data, containers, and other Vertex AI resources can be shared among all users of the project.
Your project's IAM allow policy might look similar to the following:
{ "version": 1, "etag": "BwWKmjvelug=", "bindings": [ { "role": "roles/aiplatform.user", "members": [ "user:USER1_EMAIL_ADDRESS", "user:USER2_EMAIL_ADDRESS" ] }, { "role": "roles/storage.admin", "members": [ "user:USER1_EMAIL_ADDRESS", "user:USER2_EMAIL_ADDRESS" ] }, { "role": "roles/aiplatform.serviceAgent", "members": [ "user:service-PROJECT_NUMBER@gcp-sa-aiplatform-cc.iam.gserviceaccount.com" ] } ] }
Setting up a project this way makes it easier for a team to collaborate to train models, debug code, deploy models, and observe endpoints. All users see the same resources and can train with the same data. Vertex AI resources operate within a single project, so you don't need to grant access to resources outside of the project. Quota is shared across the team.
To set up access control for your team's project, see Manage access to projects, folders, and organizations.
Separate data and Vertex AI resources
In this example, the team's data is located in a project separate from Vertex AI resources.
You might set up a project this way if:
The team's data is too difficult to move to the same project as your Vertex AI resources.
The team's data requires specific control over who can access it.
In these situations, we recommend creating a project for the data and a project for Vertex AI resources. The team's developers share the project that contains the Vertex AI resources. They use the Vertex AI resources to access and process the data stored in the other project. Data administrators grant the Vertex AI resources access through service agents or custom service accounts.
For example, you might grant the default Vertex AI service agents access to a Cloud Storage bucket with an allow policy that looks like the following:
{ "version": 1, "etag": "BwWKmjvelug=", "bindings": [ { "role": "roles/storage.objectViewer", "members": [ "user:service-PROJECT_NUMBER@gcp-sa-aiplatform-cc.iam.gserviceaccount.com", "user:service-PROJECT_NUMBER@gcp-sa-aiplatform.iam.gserviceaccount.com" ] } ] }
When possible, specify a service account to use as the resource identity when you create Vertex AI resources, and use that service account to manage access control. This makes it easier to grant specific resources access to the data and manage permissions over time.
For example, you might grant a service account access to BigQuery with a policy that looks like the following:
{ "version": 1, "etag": "BwWKmjvelug=", "bindings": [ { "role": "roles/bigquery.user", "members": [ "user:SERVICE_ACCOUNT_NAME@PROJECT_NUMBER.iam.gserviceaccount.com" ] } ] }
To set up access control for service accounts, see Manage access to service accounts.
In the project with the Vertex AI resources, administrators
can grant users access to the data by granting the Service Account User role
(roles/iam.serviceAccountUser
) on the specified service accounts.
Isolate less trusted code in additional separate projects
Models, prediction containers, and training containers are code. It's important to isolate less trusted code from sensitive models and data. Deploy endpoints and training stages in their own projects, use a dedicated service account with very limited permissions, and use VPC Service Controls to isolate them and reduce the impact of access granted to such containers and models.
What's next
To learn more about endpoint access control, see Control access to Vertex AI endpoints.
To learn more about using a custom service account to control access to specific resources, see Use a custom service account.