Configure Gemini for Google Cloud administrator settings

This document describes how to access and use the Gemini for Google Cloud administrator settings to configure changes for all users in the project. You can manage administrator settings by using the Google Cloud console or an API.

(Optional) Bind permissions to settings and targets

If you are configuring Gemini for Google Cloud administrator settings in the Google Cloud console, then you can skip this section.

To configure Gemini for Google Cloud administrator settings with the Gemini for Google Cloud API, you must first create settings, then create bindings to "bind" those settings and targets (such as instance, topic, or projects) for specific products (such as Gemini Cloud Assist or Gemini Code Assist).

All permissions to create and update settings are at the project level.

Configure Gemini Cloud Assist to share prompts and responses with Google

The following sections provide steps required to configure Gemini Cloud Assist to share your organization's prompts and responses with Google for product improvement. This setting instructs Google to process the prompts and responses of all Gemini Cloud Assist users in the project for purposes of product improvement, which helps Google to improve Gemini Cloud Assist.

By default, Google has no access to log or examine the prompts that your users type and send to Gemini Cloud Assist, nor the responses that are sent back. This limits the ability of Google to improve Gemini Cloud Assist by better understanding what topics are important to your organization and how good our responses are. If you enable prompt and response sharing for a project, Google stores anonymized prompts and responses submitted from the project for a maximum of 180 days. Your organization's prompts and responses are never used to train or fine tune any LLM model.

If you enable prompt and response sharing with Google, you can disable it at any time by visiting the Admin for Gemini page in the Google Cloud console.

Enable prompt and response sharing for Gemini Cloud Assist

Select one of the following options:

Console

  1. Ensure that you have the following Identity and Access Management (IAM) permissions on the billing account that owns the subscription:

    • dataSharingWithGoogleSettings.create
    • dataSharingWithGoogleSettings.list
    • dataSharingWithGoogleSettings.get
    • dataSharingWithGoogleSettings.update
    • settingBindings.dataSharingWithGoogleSettingsCreate
    • settingBindings.dataSharingWithGoogleSettingsGet
    • settingBindings.dataSharingWithGoogleSettingsUpdate
    • settingBindings.dataSharingWithGoogleSettingsUse

  2. In the Google Cloud console, go to the Admin for Gemini page.

    Go to Gemini for Google Cloud

    The Gemini for Google Cloud page loads.

  3. Click Settings in the left navigation menu.

    The Settings page loads.

  4. Click Turn on data sharing to share prompts and responses with Google for all Gemini Cloud Assist users in the project.

Google's use of this data is governed by the Google Cloud Agreement, including the Pre-GA Offering Terms of the Google Cloud Specific Service Terms, as supplemented by the terms for the Gemini for Google Cloud Trusted Tester Program.

API

To enable data sharing for Gemini Cloud Assist, use the CreateDataSharingWithGoogleSetting method.

  1. Ensure that you have the following Identity and Access Management (IAM) permissions on the billing account that owns the subscription:

    • dataSharingWithGoogleSettings.create
    • dataSharingWithGoogleSettings.list
    • dataSharingWithGoogleSettings.get
    • dataSharingWithGoogleSettings.update
    • settingBindings.dataSharingWithGoogleSettingsCreate
    • settingBindings.dataSharingWithGoogleSettingsGet
    • settingBindings.dataSharingWithGoogleSettingsUpdate
    • settingBindings.dataSharingWithGoogleSettingsUse

  2. Create the setting and a setting-specific value.

    1. Obtain the token:

      TOKEN=$(gcloud auth print-access-token)

    2. Set the regional API:

      curl -H "Authorization: Bearer $TOKEN" -H 'Content-Type: application/json' -d '{
    "enable_customer_data_sharing": true,
  } ' -X POST "https://$REGIONAL_API/v1/projects/CONTAINER_PROJECT_NAME/locations/global/dataSharingWithGoogleSettings?data_sharing_with_google_setting_id=SETTING_ID"

      Replace the following:

      • CONTAINER_PROJECT_NAME: Enter the parent project ID.
      • SETTING_ID: Enter a unique setting name, such as dswg1 for Data Sharing with Google.

      If the command succeeds, it returns a response body that shows the enablePreviewDataSharing set to true:

      {
  "name": "projects/CONTAINER_PROJECT_NAME
/locations/global/dataSharingWithGoogleSettings/SETTING_ID",
  "createTime": "2025-01-23T15:22:49.717166932Z",
  "updateTime": "2025-01-23T15:22:49.717166932Z",
  "enablePreviewDataSharing": true
}

  3. Create the setting binding:

      curl \
  -H "Authorization: Bearer $TOKEN" \
  -H 'Content-Type: application/json' \
  -d '{
      "target": "projects/TARGET_PROJECT_NAME"
    }' \
  -X POST \ "https://$REGIONAL_API/v1/projects/CONTAINER_PROJECT_NAME/locations/global/dataSharingWithGoogleSettings/SETTING_ID/settingBindings?setting_binding_id=BINDING_ID"

    Replace the following:

    • TARGET_PROJECT_NAME: Enter the target project to which the setting should be applied.
    • SETTING_ID: Use the same SETTING_ID when you created the setting, but append it with b1. For example, use dswg1b1 for Data Sharing with Google.

    If the command succeeds, it returns the operation metadata in the following format::

    {
"name": "projects/<var>CONTAINER_PROJECT_NAME</var>/locations/global/operations/operation-1737646069712-62c6140bb04bb-49261230-43701daf",
"metadata": {
  "@type": "type.googleapis.com/google.cloud.cloudaicompanion.v1.OperationMetadata",
  "createTime": "2025-01-23T15:27:50.076075570Z",
  "target": "projects/<var>TARGET_PROJECT_NAME</var>/locations/global/dataSharingWithGoogleSettings/<var>SETTING_ID</var>/settingBindings/<var>BINDING_ID</var>",
  "verb": "create",
  "requestedCancellation": false,
  "apiVersion": "v1"
},
"done": false
}

Google's use of this data is governed by the Google Cloud Agreement, including the Pre-GA Offering Terms of the Google Cloud Specific Service Terms, as supplemented by the terms for the Gemini for Google Cloud Trusted Tester Program.

Disable prompt and response sharing for Gemini Cloud Assist

Select one of the following options:

Console

  1. Ensure that you have the following Identity and Access Management (IAM) permissions on the project where you want to modify settings:

    • dataSharingWithGoogleSettings.list
    • dataSharingWithGoogleSettings.get
    • settingBindings.dataSharingWithGoogleSettingsGet
    • settingBindings.dataSharingWithGoogleSettingsDelete
    • settingBindings.dataSharingWithGoogleSettingsUse

  2. In the Google Cloud console, go to the Admin for Gemini page.

    Go to Gemini for Google Cloud

    The Gemini for Google Cloud page loads.

  3. Click Settings in the left navigation menu.

    The Settings page loads.

  4. Click Turn off data sharing to stop sharing prompts and responses with Google for all Gemini Cloud Assist users in the project.

API

To disable data sharing for Gemini Cloud Assist, use the DeleteDataSharingWithGoogleSetting method.

  1. Ensure that you have the following Identity and Access Management (IAM) permissions on the project where you want to modify settings:

    • dataSharingWithGoogleSettings.list
    • dataSharingWithGoogleSettings.delete
    • dataSharingWithGoogleSettings.get
    • settingBindings.dataSharingWithGoogleSettingsGet
    • settingBindings.dataSharingWithGoogleSettingsUpdate
    • settingBindings.dataSharingWithGoogleSettingsUse

  2. Create the setting and a setting-specific value.

    1. Obtain the token:

      TOKEN=$(gcloud auth print-access-token)

    2. Set the regional API:

      REGIONAL_API="cloudaicompanion.googleapis.com"

    3. Run the following command to create the setting.

      curl -H "Authorization: Bearer $TOKEN" -H 'Content-Type: application/json' -d '{
    "enable_customer_data_sharing": false,
  } ' -X POST "https://$REGIONAL_API/v1/projects/CONTAINER_PROJECT_NAME/locations/global/dataSharingWithGoogleSettings?data_sharing_with_google_setting_id=SETTING_ID"

      Replace the following:

      • CONTAINER_PROJECT_NAME: Enter the parent project ID.
      • SETTING_ID: Enter the existing setting name, such as dswg1 for Data Sharing with Google.

      If the command succeeds, it returns a response body that shows the enablePreviewDataSharing set to false:

      {
  "name": "projects/CONTAINER_PROJECT_NAME
/locations/global/dataSharingWithGoogleSettings/SETTING_ID",
  "createTime": "2025-01-23T15:22:49.717166932Z",
  "updateTime": "2025-01-23T15:22:49.717166932Z",
  "enablePreviewDataSharing": false
}