Access control

To use the generative AI features on Vertex AI, the principals (for example, users, groups, and service accounts) in your project need to be granted the appropriate IAM role. You can also create custom roles to grant a user-defined set of permissions to a principal. This page shows you the applicable IAM roles to grant and the specific permissions needed for each operation so you can create custom roles.

Predefined roles

You can grant the users or groups in your project one of the following predefined roles to give them access to the generative AI features on Vertex AI:

To learn more about Vertex AI IAM roles, see Vertex AI access control with IAM.

Permissions

The following table maps generative AI operations to the permissions required for the operation. If you need fine-grained access control, you can refer to these mappings to create custom roles.

Operation Permissions needed
Make prompt requests
  • aiplatform.endpoints.predict
Save, view, update, and delete prompts in Vertex AI Studio
  • aiplatform.datasets.create
  • aiplatform.datasets.update
  • aiplatform.datasets.delete
  • aiplatform.datasets.list
  • aiplatform.datasets.get
Model tuning
  • aiplatform.pipelineJobs.*
  • aiplatform.customJobs.*
  • aiplatform.datasets.export
  • aiplatform.datasets.get
  • aiplatform.models.upload
  • aiplatform.models.get
  • aiplatform.endpoints.create
  • aiplatform.endpoints.get
  • aiplatform.endpoints.deploy
  • aiplatform.metadataStores.get
  • storage.objects.create
  • storage.objects.update
  • storage.objects.get
  • storage.objects.list

To learn more about Vertex AI IAM permissions, see IAM permissions.

What's next

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025年11月24日 UTC.