Turn off Gemini Cloud Assist

This page shows you how to turn off Gemini Cloud Assist.

For information about changing the settings that control sharing Gemini Cloud Assist prompts and responses with Google, see Configure prompt and response sharing for Gemini Cloud Assist.

Before you begin

In order to get the required permissions for turning off Gemini Cloud Assist, ask your administrator to grant you the Owner or Admin basic role (roles/owner or roles/admin) on the project.

Both of these roles contain the permissions required to remove access for users and to disable services.

To see the exact permissions that are required, expand the Required permissions section:

Required permissions

resourcemanager.projects.getIamPolicy
resourcemanager.projects.setIamPolicy
serviceusage.services.disable
If you intend to use the Google Cloud console to turn off Gemini Cloud Assist, you should also have the following permissions:
- serviceusage.services.get
- serviceusage.services.list

You might be able to get these permissions with other predefined roles or custom roles.

Turn off Gemini Cloud Assist

To turn off Gemini Cloud Assist, do the following:

Console

To limit access for specific users in your organization, remove Identity and Access Management permissions for Gemini Cloud Assist:
1. Go to the IAM & Admin page.
  
  Go to IAM & Admin
2. In the Principal column, find a principal for which you want to remove access to Gemini Cloud Assist, and then click Edit principal in that row.
3. In the Edit access pane, do the following:
  1. Locate the Gemini for Google Cloud User role, and then click Delete role.
  2. Locate the Gemini Cloud Assist User role, and then click Delete role.
    
    Note: Depending on when you granted the principal access to Gemini Cloud Assist, they might not have both the Gemini for Google Cloud User and Gemini Cloud Assist User roles granted to them.
  3. Locate the Service Usage Consumer role, and then click Delete role.
4. Click Save.
Turn off the Gemini Cloud Assist API (geminicloudassist.googleapis.com):
1. Go to the Enabled APIs & services page.
  
  Go to Enabled APIs & services
2. To select the Google Cloud project where you want to disable the Gemini Cloud Assist API, do one of the following:
  - In the Select a recent project section, click a Google Cloud project.
  - Use the Select a resource dialog:
    1. Click Select project.
    2. In the Select a project dialog, click the name of the Google Cloud project for which you want to disable the API.
3. Click the Gemini Cloud Assist API entry. If you need help finding the API, use the Search field in the Google Cloud console toolbar.
4. Click Disable API.
Note: In some cases, such as projects which enabled Gemini Cloud Assist prior to April 2025, this API might already be disabled.
Optional: If you are disabling all Gemini for Google Cloud products, then repeat the previous step to turn off the Gemini for Google Cloud API (cloudaicompanion.googleapis.com).

gcloud

In the Google Cloud console, activate Cloud Shell.

Activate Cloud Shell
To limit access for specific users in your organization, remove Identity and Access Management permissions for Gemini Cloud Assist:
1. Remove the role roles/cloudaicompanion.user using the command gcloud projects remove-iam-policy-binding:
```
gcloud projects remove-iam-policy-binding PROJECT_ID \
--member=PRINCIPAL --role=roles/cloudaicompanion.user
```
  Replace the following:
  - PROJECT_ID: the ID of your Google Cloud project—for example,1234567890.
  - PRINCIPAL: the identifier for the principal—for example, user:cloudysanfrancisco@gmail.com.
  The output is a list of policy bindings.
  
  Note: Depending on when you granted the principal access to Gemini Cloud Assist, they might not have the roles/cloudaicompanion.user role granted to them.
2. Repeat the previous step for the following roles:
  - roles/geminicloudassist.user
  - roles/serviceusage.serviceUsageConsumer
  Note: Depending on when you granted the principal access to Gemini Cloud Assist, they might not have the roles/geminicloudassist.user role granted to them.
Turn off the Gemini Cloud Assist API (geminicloudassist.googleapis.com) using the command gcloud services disable:
```
 gcloud services disable geminicloudassist.googleapis.com
```
If successful, the command produces output similar to the following:
```
 Waiting for async operation operations/acf.e9d0943b-55d9-4ac0-8af4-745e1b8983f8 to complete...
 Operation finished successfully.
```
Note: In some cases, such as projects which enabled Gemini Cloud Assist prior to April 2025, this API might already be disabled.
Optional: If you are disabling all Gemini for Google Cloud products, then repeat the previous step to turn off the cloudaicompanion.googleapis.com API.

API

These instructions use cURL to call API methods.

To limit access for specific users in your organization, remove Identity and Access Management permissions for Gemini Cloud Assist:
1. Create a JSON file that contains the following information:
```
  {
    "options": {
      "requestedPolicyVersion": 3
    }
  }
```
2. Retrieve the existing IAM policy for the project using the projects.getIamPolicy method:
```
  curl -X POST --data-binary @JSON_FILE_NAME \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    -H "Content-Type: application/json" \
    "https://cloudresourcemanager.googleapis.com/v1/projects/PROJECT_ID:getIamPolicy"
```
  Replace the following:
  - JSON_FILE_NAME: the path for the JSON file that you created in the previous step.
  - PROJECT_ID: the ID for the project.
  If successful, the response returns the project's IAM policy.
3. Copy the project's IAM policy to an empty JSON file, and remove the users whose access you want to limit. You should remove any such users from the members field for the following fields:
  - "role": "roles/cloudaicompanion.user"
  - "role": "roles/geminicloudassist.user"
  - "role": "roles/serviceusage.serviceUsageConsumer"
4. Apply the updated IAM policy to the project using the projects.setIamPolicy method:
```
  curl -X POST --data-binary @JSON_FILE_NAME \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    -H "Content-Type: application/json" \
    "https://cloudresourcemanager.googleapis.com/v1/projects/PROJECT_ID:setIamPolicy"
```
  Replace the following:
  - JSON_FILE_NAME: the path for the JSON file that you created in the previous step.
  - PROJECT_ID: the ID for the project.
  If successful, the response returns the project's updated IAM policy.
Turn off the Gemini Cloud Assist API (geminicloudassist.googleapis.com) using the services.disable method:
```
curl -X POST \
  -H "Authorization: Bearer $(gcloud auth print-access-token)" \
  "https://serviceusage.googleapis.com/v1/projects/PROJECT_ID/services/geminicloudassist.googleapis.com:disable"
```
Replace PROJECT_ID with the ID of the project for which you are disabling Gemini Cloud Assist.

If the command succeeds, it returns a long-running operation, which includes a name field. You can use the value in the name field to check the status of the operation.
Optional: If you are disabling all Gemini for Google Cloud products, then repeat the previous step to turn off the cloudaicompanion.googleapis.com API.