Model Garden's organization policy lets you centrally control the
models your users can access and the actions they can take. By default, anyone
with permissions to use Vertex AI can use Model Garden to
discover, customize, and deploy a wide variety of Google and third-party models. Setting a Model Garden policy might be useful, for example, if you have
a set of approved Google and third-party models that can be used in production
environments. You can define a policy at the organization, folder, or project
level so that your users can only access the approved models. A policy
applies to all principals. An organization policy is not a per-user policy. For
more information, see Introduction to the Organization Policy Service. At evaluation time, all policies that contribute to a particular resource are
reviewed, and only the applicable policies are merged and then evaluated. Any
explicit deny value takes precedence over any explicit allow value. For example, imagine you have a folder policy that denies a specific model and a
project policy that allows that same model. Assuming that the policies are
merged, access to the model is denied at the project level because the explicit
deny policy at the folder level takes precedence. However, if you set the project
policy to override all parent policies, then access to the model is allowed at the
project level. For more information, see Understanding hierarchy evaluation in the
Resource Manager documentation. When you set a policy, you define one of the following actions: By default, if no policy is set or inherited, all models and actions are
allowed. For a custom deny policy, you explicitly deny a list of models
and implicitly allow all other models. Similarly, for a custom allow policy,
you explicitly allow a list of models and implicitly deny all other models. To specify models in a custom policy and a model action, use the
following format: Replace the following: For example, to define a policy rule on predictions against the
Gemini 2.0 Flash model, specify
The fully qualified ID
( For each model, you can allow or deny the following actions: You can set a policy for Model Garden by using the Google Cloud console or
the Google Cloud CLI. The name of the constraint is
The following example policies are in the YAML format, which you use when
setting a policy through the gcloud CLI. The following example denies actions on a specific set of models. Replace ORGANIZATION_ID with the ID of your Google Cloud
organization. For more information, see Getting an organization
resource. The following example allows actions on a specific set of models. Learn about Model Garden and its offerings.Policy evaluations
Considerations
Policy details
publishers/PUBLISHER/models/MODEL_NAME:ACTION
PUBLISHER
: the name of the publisher who owns the
model that your policy applies to.MODEL_NAME
: the name of the model to allow or deny.ACTION
: a model action to include with your
policy.publishers/google/models/gemini-2.0-flash-001:predict
.publishers/PUBLISHER/models/MODEL_NAME
) is
also known as the model ID. To find the model ID for a model, go to its model
card in Model Garden. For links to model cards, see the list of models
in Explore AI models in Model Garden.Model actions
predict
: Specifies whether users can make online and batch predictions
against a model with a managed API (model as a service).deploy
: For models without a managed API, specifies whether users can
deploy models on Google Cloud. For example, this action applies to
one-click deployments in the Google Cloud console.tune
: Specifies whether users can tune models.Set a policy
vertexai.allowedModels
. For more information about setting policies, see the
the following topics in the Resource Manager documentation:
Example policies
Deny a set of models and allow all other models
name: organizations/ORGANIZATION_ID/policies/vertexai.allowedModels
spec:
rules:
values:
deniedValues:
- publishers/meta/models/llama3:deploy
- publishers/google/models/gemini-2.0-flash-001:tune
- publishers/hf-google/models/gemma-2b:deploy
Allow a set of models and deny all other models
name: organizations/ORGANIZATION_ID/policies/vertexai.allowedModels
spec:
rules:
values:
allowedValues:
- publishers/meta/models/llama3:deploy
- publishers/google/models/gemini-2.0-flash-001:tune
- publishers/hf-google/models/gemma-2b:deploy
What's next
Control access to Model Garden models
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-08-15 UTC.