AI Platform roles and permissions

This page lists the IAM roles and permissions for AI Platform. To search through all roles and permissions, see the role and permission index.

AI Platform roles

Role Permissions

Role	Permissions
AI Platform Admin (`roles/ml.admin`) Provides full access to AI Platform resources, and its jobs, operations, models, and versions. Lowest-level resources where you can grant this role: Project	`ml.*` `ml.jobs.cancel` `ml.jobs.create` `ml.jobs.get` `ml.jobs.getIamPolicy` `ml.jobs.list` `ml.jobs.setIamPolicy` `ml.jobs.update` `ml.locations.get` `ml.locations.list` `ml.models.create` `ml.models.delete` `ml.models.get` `ml.models.getIamPolicy` `ml.models.list` `ml.models.predict` `ml.models.setIamPolicy` `ml.models.update` `ml.operations.cancel` `ml.operations.get` `ml.operations.list` `ml.projects.getConfig` `ml.studies.create` `ml.studies.delete` `ml.studies.get` `ml.studies.getIamPolicy` `ml.studies.list` `ml.studies.setIamPolicy` `ml.trials.create` `ml.trials.delete` `ml.trials.get` `ml.trials.list` `ml.trials.update` `ml.versions.create` `ml.versions.delete` `ml.versions.get` `ml.versions.list` `ml.versions.predict` `ml.versions.update` `resourcemanager.projects.get`
AI Platform Developer (`roles/ml.developer`) Provides ability to use AI Platform resources for creating models, versions, jobs for training and prediction, and sending online prediction requests. Lowest-level resources where you can grant this role: Project	`ml.jobs.create` `ml.jobs.get` `ml.jobs.getIamPolicy` `ml.jobs.list` `ml.locations.` `ml.locations.get` `ml.locations.list` `ml.models.create` `ml.models.get` `ml.models.getIamPolicy` `ml.models.list` `ml.models.predict` `ml.operations.get` `ml.operations.list` `ml.projects.getConfig` `ml.studies.` `ml.studies.create` `ml.studies.delete` `ml.studies.get` `ml.studies.getIamPolicy` `ml.studies.list` `ml.studies.setIamPolicy` `ml.trials.*` `ml.trials.create` `ml.trials.delete` `ml.trials.get` `ml.trials.list` `ml.trials.update` `ml.versions.get` `ml.versions.list` `ml.versions.predict` `resourcemanager.projects.get`
AI Platform Job Owner (`roles/ml.jobOwner`) Provides full access to all permissions for a particular job resource. This role is automatically granted to the user who creates the job. Lowest-level resources where you can grant this role: Job	`ml.jobs.*` `ml.jobs.cancel` `ml.jobs.create` `ml.jobs.get` `ml.jobs.getIamPolicy` `ml.jobs.list` `ml.jobs.setIamPolicy` `ml.jobs.update`
AI Platform Model Owner (`roles/ml.modelOwner`) Provides full access to the model and its versions. This role is automatically granted to the user who creates the model. Lowest-level resources where you can grant this role: Model	`ml.models.` `ml.models.create` `ml.models.delete` `ml.models.get` `ml.models.getIamPolicy` `ml.models.list` `ml.models.predict` `ml.models.setIamPolicy` `ml.models.update` `ml.versions.` `ml.versions.create` `ml.versions.delete` `ml.versions.get` `ml.versions.list` `ml.versions.predict` `ml.versions.update`
AI Platform Model User (`roles/ml.modelUser`) Provides permissions to read the model and its versions, and use them for prediction. Lowest-level resources where you can grant this role: Model	`ml.models.get` `ml.models.predict` `ml.versions.get` `ml.versions.list` `ml.versions.predict`
AI Platform Operation Owner (`roles/ml.operationOwner`) Provides full access to all permissions for a particular operation resource. Lowest-level resources where you can grant this role: Operation	`ml.operations.*` `ml.operations.cancel` `ml.operations.get` `ml.operations.list`
AI Platform Service Agent (`roles/ml.serviceAgent`) AI Platform service agent can act as log writer, Cloud Storage admin, Artifact Registry Reader, BigQuery writer, and service account access token creator. Warning: Do not grant service agent roles to any principals except service agents.	`artifactregistry.attachments.get` `artifactregistry.attachments.list` `artifactregistry.dockerimages.` `artifactregistry.dockerimages.get` `artifactregistry.dockerimages.list` `artifactregistry.files.download` `artifactregistry.files.get` `artifactregistry.files.list` `artifactregistry.locations.` `artifactregistry.locations.get` `artifactregistry.locations.list` `artifactregistry.mavenartifacts.` `artifactregistry.mavenartifacts.get` `artifactregistry.mavenartifacts.list` `artifactregistry.npmpackages.` `artifactregistry.npmpackages.get` `artifactregistry.npmpackages.list` `artifactregistry.packages.get` `artifactregistry.packages.list` `artifactregistry.projectsettings.get` `artifactregistry.pythonpackages.` `artifactregistry.pythonpackages.get` `artifactregistry.pythonpackages.list` `artifactregistry.repositories.downloadArtifacts` `artifactregistry.repositories.get` `artifactregistry.repositories.list` `artifactregistry.repositories.listEffectiveTags` `artifactregistry.repositories.listTagBindings` `artifactregistry.repositories.readViaVirtualRepository` `artifactregistry.rules.get` `artifactregistry.rules.list` `artifactregistry.tags.get` `artifactregistry.tags.list` `artifactregistry.versions.get` `artifactregistry.versions.list` `bigquery.datasets.create` `bigquery.datasets.get` `bigquery.jobs.create` `bigquery.jobs.get` `bigquery.jobs.list` `bigquery.jobs.update` `bigquery.tables.create` `bigquery.tables.get` `bigquery.tables.getData` `bigquery.tables.list` `bigquery.tables.updateData` `firebase.projects.get` `iam.serviceAccounts.get` `iam.serviceAccounts.getAccessToken` `iam.serviceAccounts.getOpenIdToken` `iam.serviceAccounts.implicitDelegation` `iam.serviceAccounts.list` `iam.serviceAccounts.signBlob` `iam.serviceAccounts.signJwt` `logging.logEntries.create` `logging.logEntries.route` `monitoring.timeSeries.create` `orgpolicy.policy.get` `recommender.iamPolicyInsights.` `recommender.iamPolicyInsights.get` `recommender.iamPolicyInsights.list` `recommender.iamPolicyInsights.update` `recommender.iamPolicyRecommendations.` `recommender.iamPolicyRecommendations.get` `recommender.iamPolicyRecommendations.list` `recommender.iamPolicyRecommendations.update` `recommender.storageBucketSoftDeleteInsights.` `recommender.storageBucketSoftDeleteInsights.get` `recommender.storageBucketSoftDeleteInsights.list` `recommender.storageBucketSoftDeleteInsights.update` `recommender.storageBucketSoftDeleteRecommendations.` `recommender.storageBucketSoftDeleteRecommendations.get` `recommender.storageBucketSoftDeleteRecommendations.list` `recommender.storageBucketSoftDeleteRecommendations.update` `resourcemanager.hierarchyNodes.listEffectiveTags` `resourcemanager.projects.get` `resourcemanager.projects.list` `storage.anywhereCaches.` `storage.anywhereCaches.create` `storage.anywhereCaches.disable` `storage.anywhereCaches.get` `storage.anywhereCaches.list` `storage.anywhereCaches.pause` `storage.anywhereCaches.resume` `storage.anywhereCaches.update` `storage.bucketOperations.` `storage.bucketOperations.cancel` `storage.bucketOperations.get` `storage.bucketOperations.list` `storage.buckets.` `storage.buckets.create` `storage.buckets.createTagBinding` `storage.buckets.delete` `storage.buckets.deleteTagBinding` `storage.buckets.enableObjectRetention` `storage.buckets.get` `storage.buckets.getIamPolicy` `storage.buckets.getIpFilter` `storage.buckets.getObjectInsights` `storage.buckets.list` `storage.buckets.listEffectiveTags` `storage.buckets.listTagBindings` `storage.buckets.relocate` `storage.buckets.restore` `storage.buckets.setIamPolicy` `storage.buckets.setIpFilter` `storage.buckets.update` `storage.folders.` `storage.folders.create` `storage.folders.delete` `storage.folders.get` `storage.folders.list` `storage.folders.rename` `storage.intelligenceConfigs.` `storage.intelligenceConfigs.get` `storage.intelligenceConfigs.update` `storage.managedFolders.` `storage.managedFolders.create` `storage.managedFolders.delete` `storage.managedFolders.get` `storage.managedFolders.getIamPolicy` `storage.managedFolders.list` `storage.managedFolders.setIamPolicy` `storage.multipartUploads.` `storage.multipartUploads.abort` `storage.multipartUploads.create` `storage.multipartUploads.list` `storage.multipartUploads.listParts` `storage.objects.*` `storage.objects.create` `storage.objects.delete` `storage.objects.get` `storage.objects.getIamPolicy` `storage.objects.list` `storage.objects.move` `storage.objects.overrideUnlockedRetention` `storage.objects.restore` `storage.objects.setIamPolicy` `storage.objects.setRetention` `storage.objects.update`
AI Platform Viewer (`roles/ml.viewer`) Provides read-only access to AI Platform resources. Lowest-level resources where you can grant this role: Project	`ml.jobs.get` `ml.jobs.list` `ml.locations.*` `ml.locations.get` `ml.locations.list` `ml.models.get` `ml.models.list` `ml.operations.get` `ml.operations.list` `ml.projects.getConfig` `ml.studies.get` `ml.studies.getIamPolicy` `ml.studies.list` `ml.trials.get` `ml.trials.list` `ml.versions.get` `ml.versions.list` `resourcemanager.projects.get`

AI Platform Admin

(roles/ml.admin)

Provides full access to AI Platform resources, and its jobs, operations, models, and versions.

Lowest-level resources where you can grant this role:

Project

ml.*

ml.jobs.cancel
ml.jobs.create
ml.jobs.get
ml.jobs.getIamPolicy
ml.jobs.list
ml.jobs.setIamPolicy
ml.jobs.update
ml.locations.get
ml.locations.list
ml.models.create
ml.models.delete
ml.models.get
ml.models.getIamPolicy
ml.models.list
ml.models.predict
ml.models.setIamPolicy
ml.models.update
ml.operations.cancel
ml.operations.get
ml.operations.list
ml.projects.getConfig
ml.studies.create
ml.studies.delete
ml.studies.get
ml.studies.getIamPolicy
ml.studies.list
ml.studies.setIamPolicy
ml.trials.create
ml.trials.delete
ml.trials.get
ml.trials.list
ml.trials.update
ml.versions.create
ml.versions.delete
ml.versions.get
ml.versions.list
ml.versions.predict
ml.versions.update

resourcemanager.projects.get

AI Platform Developer

(roles/ml.developer)

Provides ability to use AI Platform resources for creating models, versions, jobs for training and prediction, and sending online prediction requests.

Lowest-level resources where you can grant this role:

Project

ml.jobs.create

ml.jobs.get

ml.jobs.getIamPolicy

ml.jobs.list

ml.locations.*

ml.locations.get
ml.locations.list

ml.models.create

ml.models.get

ml.models.getIamPolicy

ml.models.list

ml.models.predict

ml.operations.get

ml.operations.list

ml.projects.getConfig

ml.studies.*

ml.studies.create
ml.studies.delete
ml.studies.get
ml.studies.getIamPolicy
ml.studies.list
ml.studies.setIamPolicy

ml.trials.*

ml.trials.create
ml.trials.delete
ml.trials.get
ml.trials.list
ml.trials.update

ml.versions.get

ml.versions.list

ml.versions.predict

resourcemanager.projects.get

AI Platform Job Owner

(roles/ml.jobOwner)

Provides full access to all permissions for a particular job resource. This role is automatically granted to the user who creates the job.

Lowest-level resources where you can grant this role:

ml.jobs.*

ml.jobs.cancel
ml.jobs.create
ml.jobs.get
ml.jobs.getIamPolicy
ml.jobs.list
ml.jobs.setIamPolicy
ml.jobs.update

AI Platform Model Owner

(roles/ml.modelOwner)

Provides full access to the model and its versions. This role is automatically granted to the user who creates the model.

Lowest-level resources where you can grant this role:

Model

ml.models.*

ml.models.create
ml.models.delete
ml.models.get
ml.models.getIamPolicy
ml.models.list
ml.models.predict
ml.models.setIamPolicy
ml.models.update

ml.versions.*

ml.versions.create
ml.versions.delete
ml.versions.get
ml.versions.list
ml.versions.predict
ml.versions.update

AI Platform Model User

(roles/ml.modelUser)

Provides permissions to read the model and its versions, and use them for prediction.

Lowest-level resources where you can grant this role:

Model

ml.models.get

ml.models.predict

ml.versions.get

ml.versions.list

ml.versions.predict

AI Platform Operation Owner

(roles/ml.operationOwner)

Provides full access to all permissions for a particular operation resource.

Lowest-level resources where you can grant this role:

Operation

ml.operations.*

ml.operations.cancel
ml.operations.get
ml.operations.list

AI Platform Service Agent

(roles/ml.serviceAgent)

AI Platform service agent can act as log writer, Cloud Storage admin, Artifact Registry Reader, BigQuery writer, and service account access token creator.

artifactregistry.attachments.get

artifactregistry.attachments.list

artifactregistry.dockerimages.*

artifactregistry.dockerimages.get
artifactregistry.dockerimages.list

artifactregistry.files.download

artifactregistry.files.get

artifactregistry.files.list

artifactregistry.locations.*

artifactregistry.locations.get
artifactregistry.locations.list

artifactregistry.mavenartifacts.*

artifactregistry.mavenartifacts.get
artifactregistry.mavenartifacts.list

artifactregistry.npmpackages.*

artifactregistry.npmpackages.get
artifactregistry.npmpackages.list

artifactregistry.packages.get

artifactregistry.packages.list

artifactregistry.projectsettings.get

artifactregistry.pythonpackages.*

artifactregistry.pythonpackages.get
artifactregistry.pythonpackages.list

artifactregistry.repositories.downloadArtifacts

artifactregistry.repositories.get

artifactregistry.repositories.list

artifactregistry.repositories.listEffectiveTags

artifactregistry.repositories.listTagBindings

artifactregistry.repositories.readViaVirtualRepository

artifactregistry.rules.get

artifactregistry.rules.list

artifactregistry.tags.get

artifactregistry.tags.list

artifactregistry.versions.get

artifactregistry.versions.list

bigquery.datasets.create

bigquery.datasets.get

bigquery.jobs.create

bigquery.jobs.get

bigquery.jobs.list

bigquery.jobs.update

bigquery.tables.create

bigquery.tables.get

bigquery.tables.getData

bigquery.tables.list

bigquery.tables.updateData

firebase.projects.get

iam.serviceAccounts.get

iam.serviceAccounts.getAccessToken

iam.serviceAccounts.getOpenIdToken

iam.serviceAccounts.implicitDelegation

iam.serviceAccounts.list

iam.serviceAccounts.signBlob

iam.serviceAccounts.signJwt

logging.logEntries.create

logging.logEntries.route

monitoring.timeSeries.create

orgpolicy.policy.get

recommender.iamPolicyInsights.*

recommender.iamPolicyInsights.get
recommender.iamPolicyInsights.list
recommender.iamPolicyInsights.update

recommender.iamPolicyRecommendations.*

recommender.iamPolicyRecommendations.get
recommender.iamPolicyRecommendations.list
recommender.iamPolicyRecommendations.update

recommender.storageBucketSoftDeleteInsights.*

recommender.storageBucketSoftDeleteInsights.get
recommender.storageBucketSoftDeleteInsights.list
recommender.storageBucketSoftDeleteInsights.update

recommender.storageBucketSoftDeleteRecommendations.*

recommender.storageBucketSoftDeleteRecommendations.get
recommender.storageBucketSoftDeleteRecommendations.list
recommender.storageBucketSoftDeleteRecommendations.update

resourcemanager.hierarchyNodes.listEffectiveTags

resourcemanager.projects.get

resourcemanager.projects.list

storage.anywhereCaches.*

storage.anywhereCaches.create
storage.anywhereCaches.disable
storage.anywhereCaches.get
storage.anywhereCaches.list
storage.anywhereCaches.pause
storage.anywhereCaches.resume
storage.anywhereCaches.update

storage.bucketOperations.*

storage.bucketOperations.cancel
storage.bucketOperations.get
storage.bucketOperations.list

storage.buckets.*

storage.buckets.create
storage.buckets.createTagBinding
storage.buckets.delete
storage.buckets.deleteTagBinding
storage.buckets.enableObjectRetention
storage.buckets.get
storage.buckets.getIamPolicy
storage.buckets.getIpFilter
storage.buckets.getObjectInsights
storage.buckets.list
storage.buckets.listEffectiveTags
storage.buckets.listTagBindings
storage.buckets.relocate
storage.buckets.restore
storage.buckets.setIamPolicy
storage.buckets.setIpFilter
storage.buckets.update

storage.folders.*

storage.folders.create
storage.folders.delete
storage.folders.get
storage.folders.list
storage.folders.rename

storage.intelligenceConfigs.*

storage.intelligenceConfigs.get
storage.intelligenceConfigs.update

storage.managedFolders.*

storage.managedFolders.create
storage.managedFolders.delete
storage.managedFolders.get
storage.managedFolders.getIamPolicy
storage.managedFolders.list
storage.managedFolders.setIamPolicy

storage.multipartUploads.*

storage.multipartUploads.abort
storage.multipartUploads.create
storage.multipartUploads.list
storage.multipartUploads.listParts

storage.objects.*

storage.objects.create
storage.objects.delete
storage.objects.get
storage.objects.getIamPolicy
storage.objects.list
storage.objects.move
storage.objects.overrideUnlockedRetention
storage.objects.restore
storage.objects.setIamPolicy
storage.objects.setRetention
storage.objects.update

AI Platform Viewer

(roles/ml.viewer)

Provides read-only access to AI Platform resources.

Lowest-level resources where you can grant this role:

Project

ml.jobs.get

ml.jobs.list

ml.locations.*

ml.locations.get
ml.locations.list

ml.models.get

ml.models.list

ml.operations.get

ml.operations.list

ml.projects.getConfig

ml.studies.get

ml.studies.getIamPolicy

ml.studies.list

ml.trials.get

ml.trials.list

ml.versions.get

ml.versions.list

resourcemanager.projects.get

AI Platform permissions

Permission	Included in roles
`ml.jobs.cancel`	Owner (`roles/owner`) Editor (`roles/editor`) AI Platform Admin (`roles/ml.admin`) AI Platform Job Owner (`roles/ml.jobOwner`)
`ml.jobs.create`	Owner (`roles/owner`) Editor (`roles/editor`) AI Platform Admin (`roles/ml.admin`) AI Platform Developer (`roles/ml.developer`) AI Platform Job Owner (`roles/ml.jobOwner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Data Labeling Service Agent (`roles/datalabeling.serviceAgent`)
`ml.jobs.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Support User (`roles/iam.supportUser`) AI Platform Admin (`roles/ml.admin`) AI Platform Developer (`roles/ml.developer`) AI Platform Job Owner (`roles/ml.jobOwner`) AI Platform Viewer (`roles/ml.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Data Labeling Service Agent (`roles/datalabeling.serviceAgent`)
`ml.jobs.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) AI Platform Admin (`roles/ml.admin`) AI Platform Developer (`roles/ml.developer`) AI Platform Job Owner (`roles/ml.jobOwner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Data Labeling Service Agent (`roles/datalabeling.serviceAgent`)
`ml.jobs.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) AI Platform Admin (`roles/ml.admin`) AI Platform Developer (`roles/ml.developer`) AI Platform Job Owner (`roles/ml.jobOwner`) AI Platform Viewer (`roles/ml.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. AI Platform Notebooks Service Agent (`roles/notebooks.serviceAgent`) Data Labeling Service Agent (`roles/datalabeling.serviceAgent`)
`ml.jobs.setIamPolicy`	Owner (`roles/owner`) Security Admin (`roles/iam.securityAdmin`) AI Platform Admin (`roles/ml.admin`) AI Platform Job Owner (`roles/ml.jobOwner`)
`ml.jobs.update`	Owner (`roles/owner`) Editor (`roles/editor`) AI Platform Admin (`roles/ml.admin`) AI Platform Job Owner (`roles/ml.jobOwner`)
`ml.locations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Support User (`roles/iam.supportUser`) AI Platform Admin (`roles/ml.admin`) AI Platform Developer (`roles/ml.developer`) AI Platform Viewer (`roles/ml.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Data Labeling Service Agent (`roles/datalabeling.serviceAgent`)
`ml.locations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) AI Platform Admin (`roles/ml.admin`) AI Platform Developer (`roles/ml.developer`) AI Platform Viewer (`roles/ml.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Data Labeling Service Agent (`roles/datalabeling.serviceAgent`)
`ml.models.create`	Owner (`roles/owner`) Editor (`roles/editor`) AI Platform Admin (`roles/ml.admin`) AI Platform Developer (`roles/ml.developer`) AI Platform Model Owner (`roles/ml.modelOwner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Data Labeling Service Agent (`roles/datalabeling.serviceAgent`)
`ml.models.delete`	Owner (`roles/owner`) Editor (`roles/editor`) AI Platform Admin (`roles/ml.admin`) AI Platform Model Owner (`roles/ml.modelOwner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Data Labeling Service Agent (`roles/datalabeling.serviceAgent`)
`ml.models.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Support User (`roles/iam.supportUser`) AI Platform Admin (`roles/ml.admin`) AI Platform Developer (`roles/ml.developer`) AI Platform Model Owner (`roles/ml.modelOwner`) AI Platform Model User (`roles/ml.modelUser`) AI Platform Viewer (`roles/ml.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Data Labeling Service Agent (`roles/datalabeling.serviceAgent`)
`ml.models.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) AI Platform Admin (`roles/ml.admin`) AI Platform Developer (`roles/ml.developer`) AI Platform Model Owner (`roles/ml.modelOwner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Data Labeling Service Agent (`roles/datalabeling.serviceAgent`)
`ml.models.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) AI Platform Admin (`roles/ml.admin`) AI Platform Developer (`roles/ml.developer`) AI Platform Model Owner (`roles/ml.modelOwner`) AI Platform Viewer (`roles/ml.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Data Labeling Service Agent (`roles/datalabeling.serviceAgent`) Vertex AI Service Agent (`roles/aiplatform.serviceAgent`)
`ml.models.predict`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Support User (`roles/iam.supportUser`) AI Platform Admin (`roles/ml.admin`) AI Platform Developer (`roles/ml.developer`) AI Platform Model Owner (`roles/ml.modelOwner`) AI Platform Model User (`roles/ml.modelUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Data Labeling Service Agent (`roles/datalabeling.serviceAgent`)
`ml.models.setIamPolicy`	Owner (`roles/owner`) Security Admin (`roles/iam.securityAdmin`) AI Platform Admin (`roles/ml.admin`) AI Platform Model Owner (`roles/ml.modelOwner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Data Labeling Service Agent (`roles/datalabeling.serviceAgent`)
`ml.models.update`	Owner (`roles/owner`) Editor (`roles/editor`) AI Platform Admin (`roles/ml.admin`) AI Platform Model Owner (`roles/ml.modelOwner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Data Labeling Service Agent (`roles/datalabeling.serviceAgent`)
`ml.operations.cancel`	Owner (`roles/owner`) Editor (`roles/editor`) AI Platform Admin (`roles/ml.admin`) AI Platform Operation Owner (`roles/ml.operationOwner`)
`ml.operations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Support User (`roles/iam.supportUser`) AI Platform Admin (`roles/ml.admin`) AI Platform Developer (`roles/ml.developer`) AI Platform Operation Owner (`roles/ml.operationOwner`) AI Platform Viewer (`roles/ml.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Data Labeling Service Agent (`roles/datalabeling.serviceAgent`) Vertex AI Service Agent (`roles/aiplatform.serviceAgent`)
`ml.operations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) AI Platform Admin (`roles/ml.admin`) AI Platform Developer (`roles/ml.developer`) AI Platform Operation Owner (`roles/ml.operationOwner`) AI Platform Viewer (`roles/ml.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Data Labeling Service Agent (`roles/datalabeling.serviceAgent`)
`ml.projects.getConfig`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Support User (`roles/iam.supportUser`) AI Platform Admin (`roles/ml.admin`) AI Platform Developer (`roles/ml.developer`) AI Platform Viewer (`roles/ml.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Data Labeling Service Agent (`roles/datalabeling.serviceAgent`)
`ml.studies.create`	Owner (`roles/owner`) Editor (`roles/editor`) AI Platform Admin (`roles/ml.admin`) AI Platform Developer (`roles/ml.developer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Data Labeling Service Agent (`roles/datalabeling.serviceAgent`)
`ml.studies.delete`	Owner (`roles/owner`) Editor (`roles/editor`) AI Platform Admin (`roles/ml.admin`) AI Platform Developer (`roles/ml.developer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Data Labeling Service Agent (`roles/datalabeling.serviceAgent`)
`ml.studies.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Support User (`roles/iam.supportUser`) AI Platform Admin (`roles/ml.admin`) AI Platform Developer (`roles/ml.developer`) AI Platform Viewer (`roles/ml.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Data Labeling Service Agent (`roles/datalabeling.serviceAgent`)
`ml.studies.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) AI Platform Admin (`roles/ml.admin`) AI Platform Developer (`roles/ml.developer`) AI Platform Viewer (`roles/ml.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Data Labeling Service Agent (`roles/datalabeling.serviceAgent`)
`ml.studies.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) AI Platform Admin (`roles/ml.admin`) AI Platform Developer (`roles/ml.developer`) AI Platform Viewer (`roles/ml.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Data Labeling Service Agent (`roles/datalabeling.serviceAgent`)
`ml.studies.setIamPolicy`	Owner (`roles/owner`) Security Admin (`roles/iam.securityAdmin`) AI Platform Admin (`roles/ml.admin`) AI Platform Developer (`roles/ml.developer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Data Labeling Service Agent (`roles/datalabeling.serviceAgent`)
`ml.trials.create`	Owner (`roles/owner`) Editor (`roles/editor`) AI Platform Admin (`roles/ml.admin`) AI Platform Developer (`roles/ml.developer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Data Labeling Service Agent (`roles/datalabeling.serviceAgent`)
`ml.trials.delete`	Owner (`roles/owner`) Editor (`roles/editor`) AI Platform Admin (`roles/ml.admin`) AI Platform Developer (`roles/ml.developer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Data Labeling Service Agent (`roles/datalabeling.serviceAgent`)
`ml.trials.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Support User (`roles/iam.supportUser`) AI Platform Admin (`roles/ml.admin`) AI Platform Developer (`roles/ml.developer`) AI Platform Viewer (`roles/ml.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Data Labeling Service Agent (`roles/datalabeling.serviceAgent`)
`ml.trials.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) AI Platform Admin (`roles/ml.admin`) AI Platform Developer (`roles/ml.developer`) AI Platform Viewer (`roles/ml.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Data Labeling Service Agent (`roles/datalabeling.serviceAgent`)
`ml.trials.update`	Owner (`roles/owner`) Editor (`roles/editor`) AI Platform Admin (`roles/ml.admin`) AI Platform Developer (`roles/ml.developer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Data Labeling Service Agent (`roles/datalabeling.serviceAgent`)
`ml.versions.create`	Owner (`roles/owner`) Editor (`roles/editor`) AI Platform Admin (`roles/ml.admin`) AI Platform Model Owner (`roles/ml.modelOwner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Data Labeling Service Agent (`roles/datalabeling.serviceAgent`)
`ml.versions.delete`	Owner (`roles/owner`) Editor (`roles/editor`) AI Platform Admin (`roles/ml.admin`) AI Platform Model Owner (`roles/ml.modelOwner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Data Labeling Service Agent (`roles/datalabeling.serviceAgent`)
`ml.versions.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Support User (`roles/iam.supportUser`) AI Platform Admin (`roles/ml.admin`) AI Platform Developer (`roles/ml.developer`) AI Platform Model Owner (`roles/ml.modelOwner`) AI Platform Model User (`roles/ml.modelUser`) AI Platform Viewer (`roles/ml.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Data Labeling Service Agent (`roles/datalabeling.serviceAgent`) Vertex AI Service Agent (`roles/aiplatform.serviceAgent`)
`ml.versions.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) AI Platform Admin (`roles/ml.admin`) AI Platform Developer (`roles/ml.developer`) AI Platform Model Owner (`roles/ml.modelOwner`) AI Platform Model User (`roles/ml.modelUser`) AI Platform Viewer (`roles/ml.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Data Labeling Service Agent (`roles/datalabeling.serviceAgent`) Vertex AI Service Agent (`roles/aiplatform.serviceAgent`)
`ml.versions.predict`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Support User (`roles/iam.supportUser`) AI Platform Admin (`roles/ml.admin`) AI Platform Developer (`roles/ml.developer`) AI Platform Model Owner (`roles/ml.modelOwner`) AI Platform Model User (`roles/ml.modelUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Data Labeling Service Agent (`roles/datalabeling.serviceAgent`)
`ml.versions.update`	Owner (`roles/owner`) Editor (`roles/editor`) AI Platform Admin (`roles/ml.admin`) AI Platform Model Owner (`roles/ml.modelOwner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Data Labeling Service Agent (`roles/datalabeling.serviceAgent`)

AI Platform roles and permissions