This page discusses the Identity and Access Management roles that users need in order to successfully use Gemini Cloud Assist. For information about setting up Gemini Cloud Assist, see Set up Gemini Cloud Assist.
Overview
In order to support questions and requests about your Google Cloud resources, Gemini Cloud Assist needs the appropriate IAM permissions for those resources. Gemini Cloud Assist has the same permissions that the user querying Gemini Cloud Assist has, so in many cases, the necessary IAM permissions are already granted.
IAM roles requirements for different use cases
| IAM role | Notes |
|---|---|
| Gemini Cloud Assist User | This role is required to use Gemini Cloud Assist |
| Service Usage Consumer | This role is required to enable additional service APIs. Enabling additional service APIs might be required to have optimal Gemini Cloud Assist responses |
| Cloud Asset Viewer | This role is required in order to ask questions about your Google Cloud assets and their associated metadata, which are managed by Cloud Asset Inventory. Assets include your Google Cloud resources, policies, and configurations. |
| Recommender Viewer | This role is recommended for an optimal Gemini Cloud Assist experience |
| Database Center Viewer | The role is required to get assistance with database products |
| Cloud SQL Viewer | The role is required to get assistance with database products |
| Cloud Trace User | The role is required to get assistance with database products |
| Database Insights viewer | The role is required to get assistance with database products |
| Monitoring Viewer | The role is required to get assistance with database products |
| BigQuery Job User | The role is required to use Gemini Cloud Assist with Storage Insights datasets to understand your Cloud Storage usage. |
| BigQuery Data Viewer | The role is required to use Gemini Cloud Assist with Storage Insights datasets to understand your Cloud Storage usage. |
| Storage Insights Viewer | The role is required to use Gemini Cloud Assist with Storage Insights datasets to understand your Cloud Storage usage. |
| Assured Workloads Administrator | This role is required to get assistance with Assured Workloads |
| Cloud KMS Viewer | This role is required to get assistance with Cloud Key Management Service |
| Cloud KMS Protected Resources Viewer | This role is required to get assistance with Cloud Key Management Service |
| Kubernetes Engine Cluster Viewer | This role is required to get assistance with Confidential Computing on Google Kubernetes Engine |
| Compute Viewer | This role is required to get assistance with Confidential Computing on Compute Engine |
| Secret Manager Viewer | This role is required to get assistance with Secret Manager |