本頁面由 Cloud Translation API 翻譯而成。

使用 IAM 控管存取權

本頁面說明如何使用 Identity and Access Management (IAM) 控管 AI Applications 資源的 Discovery Engine API 存取權和權限。

總覽

Google Cloud 提供 IAM，可讓您以更精細的方式授予使用者特定 Google Cloud 資源的存取權，避免其他資源遭到未經授權者擅自存取。本頁面說明 AI Applications 的 IAM 角色和權限。如需 Google CloudIAM 的詳細說明，請參閱 IAM 說明文件。

AI 應用程式提供一組預先定義的角色，旨在協助您控管 AI 應用程式資源的存取權。如果預先定義的角色未提供您需要的權限集，您也可以建立自己的自訂角色。此外，您仍可使用舊版基本角色 (編輯者、檢視者和擁有者)，但這些角色無法提供與 AI 應用程式角色相同的精細控管能力。尤其基本角色提供的是跨 Google Cloud 的資源存取權，而非僅限於 AI 應用程式。詳情請參閱基本角色說明文件。

預先定義的角色

AI 應用程式提供一些預先定義角色，可為主體提供更精細的權限。您授予主體的角色會控管主體可採取的動作。主體可以是個人、群組或服務帳戶。

您可以為相同的主體授予多個角色，並且隨時變更授予主體的角色 (前提是您有權限這樣做)。

權限範圍越廣的角色會包含定義較為狹隘的角色。舉例來說，Discovery Engine 編輯者角色包含 Discovery Engine 檢視者角色的所有權限，再加上 Discovery Engine 編輯者角色的額外權限。同樣地，Discovery Engine 管理員角色包含 Discovery Engine 編輯者角色的所有權限，以及額外權限。

基本角色 (擁有者、編輯者、檢視者) 提供跨 Google Cloud的權限。AI 應用程式的專屬角色僅提供 AI 應用程式權限，除了下列 Google Cloud權限，這些權限為一般 Google Cloud 使用所需：

resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.services.list
serviceusage.services.get

下表列出 AI Applications IAM 角色，以及各角色具備的所有權限對應清單。

角色權限

角色	權限
Discovery Engine 管理員 (`roles/discoveryengine.admin`) 可授予所有 discoveryengine 資源的完整存取權。	`discoveryengine.aclConfigs.` `discoveryengine.aclConfigs.get` `discoveryengine.aclConfigs.update` `discoveryengine.agents.` `discoveryengine.agents.create` `discoveryengine.agents.delete` `discoveryengine.agents.get` `discoveryengine.agents.list` `discoveryengine.agents.update` `discoveryengine.analytics.` `discoveryengine.analytics.acquireDashboardSession` `discoveryengine.analytics.refreshDashboardSessionTokens` `discoveryengine.answers.get` `discoveryengine.assistAnswers.get` `discoveryengine.assistants.` `discoveryengine.assistants.assist` `discoveryengine.assistants.create` `discoveryengine.assistants.delete` `discoveryengine.assistants.get` `discoveryengine.assistants.list` `discoveryengine.assistants.update` `discoveryengine.branches.` `discoveryengine.branches.get` `discoveryengine.branches.list` `discoveryengine.cmekConfigs.` `discoveryengine.cmekConfigs.get` `discoveryengine.cmekConfigs.list` `discoveryengine.cmekConfigs.update` `discoveryengine.collections.` `discoveryengine.collections.delete` `discoveryengine.collections.get` `discoveryengine.collections.list` `discoveryengine.completionConfigs.` `discoveryengine.completionConfigs.completeQuery` `discoveryengine.completionConfigs.get` `discoveryengine.completionConfigs.update` `discoveryengine.connectorRuns.` `discoveryengine.connectorRuns.cancel` `discoveryengine.connectorRuns.list` `discoveryengine.controls.` `discoveryengine.controls.create` `discoveryengine.controls.delete` `discoveryengine.controls.get` `discoveryengine.controls.list` `discoveryengine.controls.update` `discoveryengine.conversations.` `discoveryengine.conversations.converse` `discoveryengine.conversations.create` `discoveryengine.conversations.delete` `discoveryengine.conversations.get` `discoveryengine.conversations.list` `discoveryengine.conversations.update` `discoveryengine.dataConnectors.` `discoveryengine.dataConnectors.acquireAccessToken` `discoveryengine.dataConnectors.acquireAndStoreRefreshToken` `discoveryengine.dataConnectors.buildActionInvocation` `discoveryengine.dataConnectors.checkRefreshToken` `discoveryengine.dataConnectors.executeAction` `discoveryengine.dataConnectors.get` `discoveryengine.dataConnectors.queryAvailableActions` `discoveryengine.dataConnectors.startConnectorRun` `discoveryengine.dataConnectors.update` `discoveryengine.dataStores.` `discoveryengine.dataStores.completeQuery` `discoveryengine.dataStores.create` `discoveryengine.dataStores.delete` `discoveryengine.dataStores.enrollSolutions` `discoveryengine.dataStores.get` `discoveryengine.dataStores.list` `discoveryengine.dataStores.listCustomModels` `discoveryengine.dataStores.trainCustomModel` `discoveryengine.dataStores.update` `discoveryengine.documentProcessingConfigs.` `discoveryengine.documentProcessingConfigs.get` `discoveryengine.documentProcessingConfigs.update` `discoveryengine.documents.` `discoveryengine.documents.batchGetDocumentsMetadata` `discoveryengine.documents.create` `discoveryengine.documents.delete` `discoveryengine.documents.get` `discoveryengine.documents.import` `discoveryengine.documents.list` `discoveryengine.documents.purge` `discoveryengine.documents.update` `discoveryengine.engines.` `discoveryengine.engines.create` `discoveryengine.engines.delete` `discoveryengine.engines.get` `discoveryengine.engines.list` `discoveryengine.engines.pause` `discoveryengine.engines.resume` `discoveryengine.engines.tune` `discoveryengine.engines.update` `discoveryengine.evaluations.` `discoveryengine.evaluations.create` `discoveryengine.evaluations.get` `discoveryengine.evaluations.list` `discoveryengine.groundingConfigs.check` `discoveryengine.identityMappingStores.` `discoveryengine.identityMappingStores.create` `discoveryengine.identityMappingStores.delete` `discoveryengine.identityMappingStores.get` `discoveryengine.identityMappingStores.importIdentityMappings` `discoveryengine.identityMappingStores.list` `discoveryengine.identityMappingStores.listIdentityMappings` `discoveryengine.identityMappingStores.purgeIdentityMappings` `discoveryengine.locations.` `discoveryengine.locations.estimateDataSize` `discoveryengine.locations.exchangeAuthCredentials` `discoveryengine.locations.getConnectorSource` `discoveryengine.locations.listConnectorSources` `discoveryengine.locations.setUpDataConnector` `discoveryengine.models.` `discoveryengine.models.create` `discoveryengine.models.delete` `discoveryengine.models.get` `discoveryengine.models.list` `discoveryengine.models.pause` `discoveryengine.models.resume` `discoveryengine.models.tune` `discoveryengine.models.update` `discoveryengine.operations.` `discoveryengine.operations.get` `discoveryengine.operations.list` `discoveryengine.projects.` `discoveryengine.projects.get` `discoveryengine.projects.provision` `discoveryengine.projects.reportConsentChange` `discoveryengine.rankingConfigs.rank` `discoveryengine.sampleQueries.` `discoveryengine.sampleQueries.create` `discoveryengine.sampleQueries.delete` `discoveryengine.sampleQueries.get` `discoveryengine.sampleQueries.import` `discoveryengine.sampleQueries.list` `discoveryengine.sampleQueries.update` `discoveryengine.sampleQuerySets.` `discoveryengine.sampleQuerySets.create` `discoveryengine.sampleQuerySets.delete` `discoveryengine.sampleQuerySets.get` `discoveryengine.sampleQuerySets.list` `discoveryengine.sampleQuerySets.update` `discoveryengine.schemas.` `discoveryengine.schemas.create` `discoveryengine.schemas.delete` `discoveryengine.schemas.get` `discoveryengine.schemas.list` `discoveryengine.schemas.preview` `discoveryengine.schemas.update` `discoveryengine.schemas.validate` `discoveryengine.servingConfigs.` `discoveryengine.servingConfigs.answer` `discoveryengine.servingConfigs.create` `discoveryengine.servingConfigs.delete` `discoveryengine.servingConfigs.get` `discoveryengine.servingConfigs.list` `discoveryengine.servingConfigs.recommend` `discoveryengine.servingConfigs.search` `discoveryengine.servingConfigs.update` `discoveryengine.sessions.` `discoveryengine.sessions.addContextFile` `discoveryengine.sessions.create` `discoveryengine.sessions.delete` `discoveryengine.sessions.downloadFile` `discoveryengine.sessions.get` `discoveryengine.sessions.list` `discoveryengine.sessions.listSessionFileMetadata` `discoveryengine.sessions.recommendQuestions` `discoveryengine.sessions.removeContextFile` `discoveryengine.sessions.selectContextFiles` `discoveryengine.sessions.update` `discoveryengine.sessions.uploadFile` `discoveryengine.siteSearchEngines.` `discoveryengine.siteSearchEngines.batchVerifyTargetSites` `discoveryengine.siteSearchEngines.disableAdvancedSiteSearch` `discoveryengine.siteSearchEngines.enableAdvancedSiteSearch` `discoveryengine.siteSearchEngines.fetchDomainVerificationStatus` `discoveryengine.siteSearchEngines.get` `discoveryengine.siteSearchEngines.recrawlUris` `discoveryengine.sitemaps.` `discoveryengine.sitemaps.create` `discoveryengine.sitemaps.delete` `discoveryengine.sitemaps.fetch` `discoveryengine.suggestionDenyListEntries.` `discoveryengine.suggestionDenyListEntries.import` `discoveryengine.suggestionDenyListEntries.purge` `discoveryengine.targetSites.` `discoveryengine.targetSites.batchCreate` `discoveryengine.targetSites.create` `discoveryengine.targetSites.delete` `discoveryengine.targetSites.get` `discoveryengine.targetSites.list` `discoveryengine.targetSites.update` `discoveryengine.userEvents.` `discoveryengine.userEvents.create` `discoveryengine.userEvents.fetchStats` `discoveryengine.userEvents.import` `discoveryengine.userEvents.purge` `discoveryengine.userStores.` `discoveryengine.userStores.batchUpdateUserLicenses` `discoveryengine.userStores.listUserLicenses` `discoveryengine.widgetConfigs.` `discoveryengine.widgetConfigs.get` `discoveryengine.widgetConfigs.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Discovery Engine 編輯器 (`roles/discoveryengine.editor`) 可授予所有 Discovery Engine 資源的讀寫權限。	`discoveryengine.aclConfigs.get` `discoveryengine.agents.` `discoveryengine.agents.create` `discoveryengine.agents.delete` `discoveryengine.agents.get` `discoveryengine.agents.list` `discoveryengine.agents.update` `discoveryengine.analytics.` `discoveryengine.analytics.acquireDashboardSession` `discoveryengine.analytics.refreshDashboardSessionTokens` `discoveryengine.answers.get` `discoveryengine.assistAnswers.get` `discoveryengine.assistants.assist` `discoveryengine.assistants.get` `discoveryengine.assistants.list` `discoveryengine.branches.` `discoveryengine.branches.get` `discoveryengine.branches.list` `discoveryengine.cmekConfigs.get` `discoveryengine.cmekConfigs.list` `discoveryengine.collections.get` `discoveryengine.collections.list` `discoveryengine.completionConfigs.completeQuery` `discoveryengine.completionConfigs.get` `discoveryengine.connectorRuns.list` `discoveryengine.controls.get` `discoveryengine.controls.list` `discoveryengine.conversations.` `discoveryengine.conversations.converse` `discoveryengine.conversations.create` `discoveryengine.conversations.delete` `discoveryengine.conversations.get` `discoveryengine.conversations.list` `discoveryengine.conversations.update` `discoveryengine.dataConnectors.acquireAccessToken` `discoveryengine.dataConnectors.acquireAndStoreRefreshToken` `discoveryengine.dataConnectors.buildActionInvocation` `discoveryengine.dataConnectors.checkRefreshToken` `discoveryengine.dataConnectors.executeAction` `discoveryengine.dataConnectors.get` `discoveryengine.dataConnectors.queryAvailableActions` `discoveryengine.dataStores.completeQuery` `discoveryengine.dataStores.get` `discoveryengine.dataStores.list` `discoveryengine.dataStores.listCustomModels` `discoveryengine.dataStores.trainCustomModel` `discoveryengine.documentProcessingConfigs.get` `discoveryengine.documents.batchGetDocumentsMetadata` `discoveryengine.documents.create` `discoveryengine.documents.delete` `discoveryengine.documents.get` `discoveryengine.documents.import` `discoveryengine.documents.list` `discoveryengine.documents.update` `discoveryengine.engines.get` `discoveryengine.engines.list` `discoveryengine.engines.pause` `discoveryengine.engines.resume` `discoveryengine.engines.tune` `discoveryengine.evaluations.get` `discoveryengine.evaluations.list` `discoveryengine.groundingConfigs.check` `discoveryengine.identityMappingStores.` `discoveryengine.identityMappingStores.create` `discoveryengine.identityMappingStores.delete` `discoveryengine.identityMappingStores.get` `discoveryengine.identityMappingStores.importIdentityMappings` `discoveryengine.identityMappingStores.list` `discoveryengine.identityMappingStores.listIdentityMappings` `discoveryengine.identityMappingStores.purgeIdentityMappings` `discoveryengine.models.` `discoveryengine.models.create` `discoveryengine.models.delete` `discoveryengine.models.get` `discoveryengine.models.list` `discoveryengine.models.pause` `discoveryengine.models.resume` `discoveryengine.models.tune` `discoveryengine.models.update` `discoveryengine.operations.` `discoveryengine.operations.get` `discoveryengine.operations.list` `discoveryengine.projects.get` `discoveryengine.rankingConfigs.rank` `discoveryengine.sampleQueries.` `discoveryengine.sampleQueries.create` `discoveryengine.sampleQueries.delete` `discoveryengine.sampleQueries.get` `discoveryengine.sampleQueries.import` `discoveryengine.sampleQueries.list` `discoveryengine.sampleQueries.update` `discoveryengine.sampleQuerySets.` `discoveryengine.sampleQuerySets.create` `discoveryengine.sampleQuerySets.delete` `discoveryengine.sampleQuerySets.get` `discoveryengine.sampleQuerySets.list` `discoveryengine.sampleQuerySets.update` `discoveryengine.schemas.get` `discoveryengine.schemas.list` `discoveryengine.schemas.preview` `discoveryengine.schemas.validate` `discoveryengine.servingConfigs.answer` `discoveryengine.servingConfigs.get` `discoveryengine.servingConfigs.list` `discoveryengine.servingConfigs.recommend` `discoveryengine.servingConfigs.search` `discoveryengine.sessions.` `discoveryengine.sessions.addContextFile` `discoveryengine.sessions.create` `discoveryengine.sessions.delete` `discoveryengine.sessions.downloadFile` `discoveryengine.sessions.get` `discoveryengine.sessions.list` `discoveryengine.sessions.listSessionFileMetadata` `discoveryengine.sessions.recommendQuestions` `discoveryengine.sessions.removeContextFile` `discoveryengine.sessions.selectContextFiles` `discoveryengine.sessions.update` `discoveryengine.sessions.uploadFile` `discoveryengine.siteSearchEngines.get` `discoveryengine.targetSites.get` `discoveryengine.targetSites.list` `discoveryengine.userEvents.create` `discoveryengine.userEvents.fetchStats` `discoveryengine.userEvents.import` `discoveryengine.widgetConfigs.*` `discoveryengine.widgetConfigs.get` `discoveryengine.widgetConfigs.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Discovery Engine 使用者 (`roles/discoveryengine.user`) 可授予使用者層級的 Discovery Engine 資源存取權。	`discoveryengine.accounts.create` `discoveryengine.agents.` `discoveryengine.agents.create` `discoveryengine.agents.delete` `discoveryengine.agents.get` `discoveryengine.agents.list` `discoveryengine.agents.update` `discoveryengine.answers.get` `discoveryengine.assistAnswers.get` `discoveryengine.assistants.assist` `discoveryengine.completionConfigs.completeQuery` `discoveryengine.dataConnectors.acquireAccessToken` `discoveryengine.dataConnectors.acquireAndStoreRefreshToken` `discoveryengine.dataConnectors.buildActionInvocation` `discoveryengine.dataConnectors.checkRefreshToken` `discoveryengine.dataConnectors.executeAction` `discoveryengine.dataConnectors.queryAvailableActions` `discoveryengine.engines.get` `discoveryengine.notebooks.create` `discoveryengine.notebooks.list` `discoveryengine.servingConfigs.answer` `discoveryengine.servingConfigs.recommend` `discoveryengine.servingConfigs.search` `discoveryengine.sessions.` `discoveryengine.sessions.addContextFile` `discoveryengine.sessions.create` `discoveryengine.sessions.delete` `discoveryengine.sessions.downloadFile` `discoveryengine.sessions.get` `discoveryengine.sessions.list` `discoveryengine.sessions.listSessionFileMetadata` `discoveryengine.sessions.recommendQuestions` `discoveryengine.sessions.removeContextFile` `discoveryengine.sessions.selectContextFiles` `discoveryengine.sessions.update` `discoveryengine.sessions.uploadFile` `discoveryengine.userEvents.create` `discoveryengine.widgetConfigs.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Discovery Engine 檢視者 (`roles/discoveryengine.viewer`) 可讀取所有 Discovery Engine 資源。	`discoveryengine.aclConfigs.get` `discoveryengine.agents.get` `discoveryengine.agents.list` `discoveryengine.analytics.` `discoveryengine.analytics.acquireDashboardSession` `discoveryengine.analytics.refreshDashboardSessionTokens` `discoveryengine.answers.get` `discoveryengine.assistAnswers.get` `discoveryengine.assistants.get` `discoveryengine.assistants.list` `discoveryengine.branches.` `discoveryengine.branches.get` `discoveryengine.branches.list` `discoveryengine.cmekConfigs.get` `discoveryengine.cmekConfigs.list` `discoveryengine.collections.get` `discoveryengine.collections.list` `discoveryengine.completionConfigs.completeQuery` `discoveryengine.completionConfigs.get` `discoveryengine.connectorRuns.list` `discoveryengine.controls.get` `discoveryengine.controls.list` `discoveryengine.conversations.converse` `discoveryengine.conversations.get` `discoveryengine.conversations.list` `discoveryengine.dataConnectors.buildActionInvocation` `discoveryengine.dataConnectors.checkRefreshToken` `discoveryengine.dataConnectors.get` `discoveryengine.dataConnectors.queryAvailableActions` `discoveryengine.dataStores.completeQuery` `discoveryengine.dataStores.get` `discoveryengine.dataStores.list` `discoveryengine.dataStores.listCustomModels` `discoveryengine.documentProcessingConfigs.get` `discoveryengine.documents.batchGetDocumentsMetadata` `discoveryengine.documents.get` `discoveryengine.documents.list` `discoveryengine.engines.get` `discoveryengine.engines.list` `discoveryengine.evaluations.get` `discoveryengine.evaluations.list` `discoveryengine.groundingConfigs.check` `discoveryengine.identityMappingStores.get` `discoveryengine.identityMappingStores.list` `discoveryengine.identityMappingStores.listIdentityMappings` `discoveryengine.models.get` `discoveryengine.models.list` `discoveryengine.operations.*` `discoveryengine.operations.get` `discoveryengine.operations.list` `discoveryengine.projects.get` `discoveryengine.rankingConfigs.rank` `discoveryengine.sampleQueries.get` `discoveryengine.sampleQueries.list` `discoveryengine.sampleQuerySets.get` `discoveryengine.sampleQuerySets.list` `discoveryengine.schemas.get` `discoveryengine.schemas.list` `discoveryengine.schemas.preview` `discoveryengine.schemas.validate` `discoveryengine.servingConfigs.answer` `discoveryengine.servingConfigs.get` `discoveryengine.servingConfigs.list` `discoveryengine.servingConfigs.recommend` `discoveryengine.servingConfigs.search` `discoveryengine.sessions.downloadFile` `discoveryengine.sessions.get` `discoveryengine.sessions.list` `discoveryengine.sessions.listSessionFileMetadata` `discoveryengine.sessions.recommendQuestions` `discoveryengine.siteSearchEngines.get` `discoveryengine.targetSites.get` `discoveryengine.targetSites.list` `discoveryengine.userEvents.fetchStats` `discoveryengine.widgetConfigs.get` `resourcemanager.projects.get` `resourcemanager.projects.list`

Discovery Engine 管理員

(roles/discoveryengine.admin)

可授予所有 discoveryengine 資源的完整存取權。

discoveryengine.aclConfigs.*

discoveryengine.aclConfigs.get
discoveryengine.aclConfigs.update

discoveryengine.agents.*

discoveryengine.agents.create
discoveryengine.agents.delete
discoveryengine.agents.get
discoveryengine.agents.list
discoveryengine.agents.update

discoveryengine.analytics.*

discoveryengine.analytics.acquireDashboardSession
discoveryengine.analytics.refreshDashboardSessionTokens

discoveryengine.answers.get

discoveryengine.assistAnswers.get

discoveryengine.assistants.*

discoveryengine.assistants.assist
discoveryengine.assistants.create
discoveryengine.assistants.delete
discoveryengine.assistants.get
discoveryengine.assistants.list
discoveryengine.assistants.update

discoveryengine.branches.*

discoveryengine.branches.get
discoveryengine.branches.list

discoveryengine.cmekConfigs.*

discoveryengine.cmekConfigs.get
discoveryengine.cmekConfigs.list
discoveryengine.cmekConfigs.update

discoveryengine.collections.*

discoveryengine.collections.delete
discoveryengine.collections.get
discoveryengine.collections.list

discoveryengine.completionConfigs.*

discoveryengine.completionConfigs.completeQuery
discoveryengine.completionConfigs.get
discoveryengine.completionConfigs.update

discoveryengine.connectorRuns.*

discoveryengine.connectorRuns.cancel
discoveryengine.connectorRuns.list

discoveryengine.controls.*

discoveryengine.controls.create
discoveryengine.controls.delete
discoveryengine.controls.get
discoveryengine.controls.list
discoveryengine.controls.update

discoveryengine.conversations.*

discoveryengine.conversations.converse
discoveryengine.conversations.create
discoveryengine.conversations.delete
discoveryengine.conversations.get
discoveryengine.conversations.list
discoveryengine.conversations.update

discoveryengine.dataConnectors.*

discoveryengine.dataConnectors.acquireAccessToken
discoveryengine.dataConnectors.acquireAndStoreRefreshToken
discoveryengine.dataConnectors.buildActionInvocation
discoveryengine.dataConnectors.checkRefreshToken
discoveryengine.dataConnectors.executeAction
discoveryengine.dataConnectors.get
discoveryengine.dataConnectors.queryAvailableActions
discoveryengine.dataConnectors.startConnectorRun
discoveryengine.dataConnectors.update

discoveryengine.dataStores.*

discoveryengine.dataStores.completeQuery
discoveryengine.dataStores.create
discoveryengine.dataStores.delete
discoveryengine.dataStores.enrollSolutions
discoveryengine.dataStores.get
discoveryengine.dataStores.list
discoveryengine.dataStores.listCustomModels
discoveryengine.dataStores.trainCustomModel
discoveryengine.dataStores.update

discoveryengine.documentProcessingConfigs.*

discoveryengine.documentProcessingConfigs.get
discoveryengine.documentProcessingConfigs.update

discoveryengine.documents.*

discoveryengine.documents.batchGetDocumentsMetadata
discoveryengine.documents.create
discoveryengine.documents.delete
discoveryengine.documents.get
discoveryengine.documents.import
discoveryengine.documents.list
discoveryengine.documents.purge
discoveryengine.documents.update

discoveryengine.engines.*

discoveryengine.engines.create
discoveryengine.engines.delete
discoveryengine.engines.get
discoveryengine.engines.list
discoveryengine.engines.pause
discoveryengine.engines.resume
discoveryengine.engines.tune
discoveryengine.engines.update

discoveryengine.evaluations.*

discoveryengine.evaluations.create
discoveryengine.evaluations.get
discoveryengine.evaluations.list

discoveryengine.groundingConfigs.check

discoveryengine.identityMappingStores.*

discoveryengine.identityMappingStores.create
discoveryengine.identityMappingStores.delete
discoveryengine.identityMappingStores.get
discoveryengine.identityMappingStores.importIdentityMappings
discoveryengine.identityMappingStores.list
discoveryengine.identityMappingStores.listIdentityMappings
discoveryengine.identityMappingStores.purgeIdentityMappings

discoveryengine.locations.*

discoveryengine.locations.estimateDataSize
discoveryengine.locations.exchangeAuthCredentials
discoveryengine.locations.getConnectorSource
discoveryengine.locations.listConnectorSources
discoveryengine.locations.setUpDataConnector

discoveryengine.models.*

discoveryengine.models.create
discoveryengine.models.delete
discoveryengine.models.get
discoveryengine.models.list
discoveryengine.models.pause
discoveryengine.models.resume
discoveryengine.models.tune
discoveryengine.models.update

discoveryengine.operations.*

discoveryengine.operations.get
discoveryengine.operations.list

discoveryengine.projects.*

discoveryengine.projects.get
discoveryengine.projects.provision
discoveryengine.projects.reportConsentChange

discoveryengine.rankingConfigs.rank

discoveryengine.sampleQueries.*

discoveryengine.sampleQueries.create
discoveryengine.sampleQueries.delete
discoveryengine.sampleQueries.get
discoveryengine.sampleQueries.import
discoveryengine.sampleQueries.list
discoveryengine.sampleQueries.update

discoveryengine.sampleQuerySets.*

discoveryengine.sampleQuerySets.create
discoveryengine.sampleQuerySets.delete
discoveryengine.sampleQuerySets.get
discoveryengine.sampleQuerySets.list
discoveryengine.sampleQuerySets.update

discoveryengine.schemas.*

discoveryengine.schemas.create
discoveryengine.schemas.delete
discoveryengine.schemas.get
discoveryengine.schemas.list
discoveryengine.schemas.preview
discoveryengine.schemas.update
discoveryengine.schemas.validate

discoveryengine.servingConfigs.*

discoveryengine.servingConfigs.answer
discoveryengine.servingConfigs.create
discoveryengine.servingConfigs.delete
discoveryengine.servingConfigs.get
discoveryengine.servingConfigs.list
discoveryengine.servingConfigs.recommend
discoveryengine.servingConfigs.search
discoveryengine.servingConfigs.update

discoveryengine.sessions.*

discoveryengine.sessions.addContextFile
discoveryengine.sessions.create
discoveryengine.sessions.delete
discoveryengine.sessions.downloadFile
discoveryengine.sessions.get
discoveryengine.sessions.list
discoveryengine.sessions.listSessionFileMetadata
discoveryengine.sessions.recommendQuestions
discoveryengine.sessions.removeContextFile
discoveryengine.sessions.selectContextFiles
discoveryengine.sessions.update
discoveryengine.sessions.uploadFile

discoveryengine.siteSearchEngines.*

discoveryengine.siteSearchEngines.batchVerifyTargetSites
discoveryengine.siteSearchEngines.disableAdvancedSiteSearch
discoveryengine.siteSearchEngines.enableAdvancedSiteSearch
discoveryengine.siteSearchEngines.fetchDomainVerificationStatus
discoveryengine.siteSearchEngines.get
discoveryengine.siteSearchEngines.recrawlUris

discoveryengine.sitemaps.*

discoveryengine.sitemaps.create
discoveryengine.sitemaps.delete
discoveryengine.sitemaps.fetch

discoveryengine.suggestionDenyListEntries.*

discoveryengine.suggestionDenyListEntries.import
discoveryengine.suggestionDenyListEntries.purge

discoveryengine.targetSites.*

discoveryengine.targetSites.batchCreate
discoveryengine.targetSites.create
discoveryengine.targetSites.delete
discoveryengine.targetSites.get
discoveryengine.targetSites.list
discoveryengine.targetSites.update

discoveryengine.userEvents.*

discoveryengine.userEvents.create
discoveryengine.userEvents.fetchStats
discoveryengine.userEvents.import
discoveryengine.userEvents.purge

discoveryengine.userStores.*

discoveryengine.userStores.batchUpdateUserLicenses
discoveryengine.userStores.listUserLicenses

discoveryengine.widgetConfigs.*

discoveryengine.widgetConfigs.get
discoveryengine.widgetConfigs.update

resourcemanager.projects.get

resourcemanager.projects.list

Discovery Engine 編輯器

(roles/discoveryengine.editor)

可授予所有 Discovery Engine 資源的讀寫權限。

discoveryengine.aclConfigs.get

discoveryengine.agents.*

discoveryengine.agents.create
discoveryengine.agents.delete
discoveryengine.agents.get
discoveryengine.agents.list
discoveryengine.agents.update

discoveryengine.analytics.*

discoveryengine.analytics.acquireDashboardSession
discoveryengine.analytics.refreshDashboardSessionTokens

discoveryengine.answers.get

discoveryengine.assistAnswers.get

discoveryengine.assistants.assist

discoveryengine.assistants.get

discoveryengine.assistants.list

discoveryengine.branches.*

discoveryengine.branches.get
discoveryengine.branches.list

discoveryengine.cmekConfigs.get

discoveryengine.cmekConfigs.list

discoveryengine.collections.get

discoveryengine.collections.list

discoveryengine.completionConfigs.completeQuery

discoveryengine.completionConfigs.get

discoveryengine.connectorRuns.list

discoveryengine.controls.get

discoveryengine.controls.list

discoveryengine.conversations.*

discoveryengine.conversations.converse
discoveryengine.conversations.create
discoveryengine.conversations.delete
discoveryengine.conversations.get
discoveryengine.conversations.list
discoveryengine.conversations.update

discoveryengine.dataConnectors.acquireAccessToken

discoveryengine.dataConnectors.acquireAndStoreRefreshToken

discoveryengine.dataConnectors.buildActionInvocation

discoveryengine.dataConnectors.checkRefreshToken

discoveryengine.dataConnectors.executeAction

discoveryengine.dataConnectors.get

discoveryengine.dataConnectors.queryAvailableActions

discoveryengine.dataStores.completeQuery

discoveryengine.dataStores.get

discoveryengine.dataStores.list

discoveryengine.dataStores.listCustomModels

discoveryengine.dataStores.trainCustomModel

discoveryengine.documentProcessingConfigs.get

discoveryengine.documents.batchGetDocumentsMetadata

discoveryengine.documents.create

discoveryengine.documents.delete

discoveryengine.documents.get

discoveryengine.documents.import

discoveryengine.documents.list

discoveryengine.documents.update

discoveryengine.engines.get

discoveryengine.engines.list

discoveryengine.engines.pause

discoveryengine.engines.resume

discoveryengine.engines.tune

discoveryengine.evaluations.get

discoveryengine.evaluations.list

discoveryengine.groundingConfigs.check

discoveryengine.identityMappingStores.*

discoveryengine.identityMappingStores.create
discoveryengine.identityMappingStores.delete
discoveryengine.identityMappingStores.get
discoveryengine.identityMappingStores.importIdentityMappings
discoveryengine.identityMappingStores.list
discoveryengine.identityMappingStores.listIdentityMappings
discoveryengine.identityMappingStores.purgeIdentityMappings

discoveryengine.models.*

discoveryengine.models.create
discoveryengine.models.delete
discoveryengine.models.get
discoveryengine.models.list
discoveryengine.models.pause
discoveryengine.models.resume
discoveryengine.models.tune
discoveryengine.models.update

discoveryengine.operations.*

discoveryengine.operations.get
discoveryengine.operations.list

discoveryengine.projects.get

discoveryengine.rankingConfigs.rank

discoveryengine.sampleQueries.*

discoveryengine.sampleQueries.create
discoveryengine.sampleQueries.delete
discoveryengine.sampleQueries.get
discoveryengine.sampleQueries.import
discoveryengine.sampleQueries.list
discoveryengine.sampleQueries.update

discoveryengine.sampleQuerySets.*

discoveryengine.sampleQuerySets.create
discoveryengine.sampleQuerySets.delete
discoveryengine.sampleQuerySets.get
discoveryengine.sampleQuerySets.list
discoveryengine.sampleQuerySets.update

discoveryengine.schemas.get

discoveryengine.schemas.list

discoveryengine.schemas.preview

discoveryengine.schemas.validate

discoveryengine.servingConfigs.answer

discoveryengine.servingConfigs.get

discoveryengine.servingConfigs.list

discoveryengine.servingConfigs.recommend

discoveryengine.servingConfigs.search

discoveryengine.sessions.*

discoveryengine.sessions.addContextFile
discoveryengine.sessions.create
discoveryengine.sessions.delete
discoveryengine.sessions.downloadFile
discoveryengine.sessions.get
discoveryengine.sessions.list
discoveryengine.sessions.listSessionFileMetadata
discoveryengine.sessions.recommendQuestions
discoveryengine.sessions.removeContextFile
discoveryengine.sessions.selectContextFiles
discoveryengine.sessions.update
discoveryengine.sessions.uploadFile

discoveryengine.siteSearchEngines.get

discoveryengine.targetSites.get

discoveryengine.targetSites.list

discoveryengine.userEvents.create

discoveryengine.userEvents.fetchStats

discoveryengine.userEvents.import

discoveryengine.widgetConfigs.*

discoveryengine.widgetConfigs.get
discoveryengine.widgetConfigs.update

resourcemanager.projects.get

resourcemanager.projects.list

Discovery Engine 使用者

(roles/discoveryengine.user)

可授予使用者層級的 Discovery Engine 資源存取權。

discoveryengine.accounts.create

discoveryengine.agents.*

discoveryengine.agents.create
discoveryengine.agents.delete
discoveryengine.agents.get
discoveryengine.agents.list
discoveryengine.agents.update

discoveryengine.answers.get

discoveryengine.assistAnswers.get

discoveryengine.assistants.assist

discoveryengine.completionConfigs.completeQuery

discoveryengine.dataConnectors.acquireAccessToken

discoveryengine.dataConnectors.acquireAndStoreRefreshToken

discoveryengine.dataConnectors.buildActionInvocation

discoveryengine.dataConnectors.checkRefreshToken

discoveryengine.dataConnectors.executeAction

discoveryengine.dataConnectors.queryAvailableActions

discoveryengine.engines.get

discoveryengine.notebooks.create

discoveryengine.notebooks.list

discoveryengine.servingConfigs.answer

discoveryengine.servingConfigs.recommend

discoveryengine.servingConfigs.search

discoveryengine.sessions.*

discoveryengine.sessions.addContextFile
discoveryengine.sessions.create
discoveryengine.sessions.delete
discoveryengine.sessions.downloadFile
discoveryengine.sessions.get
discoveryengine.sessions.list
discoveryengine.sessions.listSessionFileMetadata
discoveryengine.sessions.recommendQuestions
discoveryengine.sessions.removeContextFile
discoveryengine.sessions.selectContextFiles
discoveryengine.sessions.update
discoveryengine.sessions.uploadFile

discoveryengine.userEvents.create

discoveryengine.widgetConfigs.get

resourcemanager.projects.get

resourcemanager.projects.list

Discovery Engine 檢視者

(roles/discoveryengine.viewer)

可讀取所有 Discovery Engine 資源。

discoveryengine.aclConfigs.get

discoveryengine.agents.get

discoveryengine.agents.list

discoveryengine.analytics.*

discoveryengine.analytics.acquireDashboardSession
discoveryengine.analytics.refreshDashboardSessionTokens

discoveryengine.answers.get

discoveryengine.assistAnswers.get

discoveryengine.assistants.get

discoveryengine.assistants.list

discoveryengine.branches.*

discoveryengine.branches.get
discoveryengine.branches.list

discoveryengine.cmekConfigs.get

discoveryengine.cmekConfigs.list

discoveryengine.collections.get

discoveryengine.collections.list

discoveryengine.completionConfigs.completeQuery

discoveryengine.completionConfigs.get

discoveryengine.connectorRuns.list

discoveryengine.controls.get

discoveryengine.controls.list

discoveryengine.conversations.converse

discoveryengine.conversations.get

discoveryengine.conversations.list

discoveryengine.dataConnectors.buildActionInvocation

discoveryengine.dataConnectors.checkRefreshToken

discoveryengine.dataConnectors.get

discoveryengine.dataConnectors.queryAvailableActions

discoveryengine.dataStores.completeQuery

discoveryengine.dataStores.get

discoveryengine.dataStores.list

discoveryengine.dataStores.listCustomModels

discoveryengine.documentProcessingConfigs.get

discoveryengine.documents.batchGetDocumentsMetadata

discoveryengine.documents.get

discoveryengine.documents.list

discoveryengine.engines.get

discoveryengine.engines.list

discoveryengine.evaluations.get

discoveryengine.evaluations.list

discoveryengine.groundingConfigs.check

discoveryengine.identityMappingStores.get

discoveryengine.identityMappingStores.list

discoveryengine.identityMappingStores.listIdentityMappings

discoveryengine.models.get

discoveryengine.models.list

discoveryengine.operations.*

discoveryengine.operations.get
discoveryengine.operations.list

discoveryengine.projects.get

discoveryengine.rankingConfigs.rank

discoveryengine.sampleQueries.get

discoveryengine.sampleQueries.list

discoveryengine.sampleQuerySets.get

discoveryengine.sampleQuerySets.list

discoveryengine.schemas.get

discoveryengine.schemas.list

discoveryengine.schemas.preview

discoveryengine.schemas.validate

discoveryengine.servingConfigs.answer

discoveryengine.servingConfigs.get

discoveryengine.servingConfigs.list

discoveryengine.servingConfigs.recommend

discoveryengine.servingConfigs.search

discoveryengine.sessions.downloadFile

discoveryengine.sessions.get

discoveryengine.sessions.list

discoveryengine.sessions.listSessionFileMetadata

discoveryengine.sessions.recommendQuestions

discoveryengine.siteSearchEngines.get

discoveryengine.targetSites.get

discoveryengine.targetSites.list

discoveryengine.userEvents.fetchStats

discoveryengine.widgetConfigs.get

resourcemanager.projects.get

resourcemanager.projects.list

管理 AI 應用程式身分與存取權管理

您可以使用 Google Cloud主控台取得及設定 IAM 允許政策和 IAM 角色。詳情請參閱「管理專案、資料夾和機構的存取權」。

後續步驟

瞭解如何管理專案、資料夾和機構的存取權。
進一步瞭解身分與存取權管理。
進一步瞭解基本角色。
進一步瞭解自訂角色。

使用 IAM 控管存取權 透過集合功能整理內容 你可以依據偏好儲存及分類內容。

總覽

預先定義的角色

Discovery Engine 管理員

Discovery Engine 編輯器

Discovery Engine 使用者

Discovery Engine 檢視者

管理 AI 應用程式身分與存取權管理

後續步驟

使用 IAM 控管存取權