AI Platform 角色和权限

本页面列出了 AI Platform 的 IAM 角色和权限。如需搜索所有角色和权限,请参阅角色和权限索引

AI Platform 角色

Role Permissions

(roles/ml.admin)

Provides full access to AI Platform resources, and its jobs, operations, models, and versions.

Lowest-level resources where you can grant this role:

  • Project

ml.*

  • ml.jobs.cancel
  • ml.jobs.create
  • ml.jobs.get
  • ml.jobs.getIamPolicy
  • ml.jobs.list
  • ml.jobs.setIamPolicy
  • ml.jobs.update
  • ml.locations.get
  • ml.locations.list
  • ml.models.create
  • ml.models.delete
  • ml.models.get
  • ml.models.getIamPolicy
  • ml.models.list
  • ml.models.predict
  • ml.models.setIamPolicy
  • ml.models.update
  • ml.operations.cancel
  • ml.operations.get
  • ml.operations.list
  • ml.projects.getConfig
  • ml.studies.create
  • ml.studies.delete
  • ml.studies.get
  • ml.studies.getIamPolicy
  • ml.studies.list
  • ml.studies.setIamPolicy
  • ml.trials.create
  • ml.trials.delete
  • ml.trials.get
  • ml.trials.list
  • ml.trials.update
  • ml.versions.create
  • ml.versions.delete
  • ml.versions.get
  • ml.versions.list
  • ml.versions.predict
  • ml.versions.update

resourcemanager.projects.get

(roles/ml.developer)

Provides ability to use AI Platform resources for creating models, versions, jobs for training and prediction, and sending online prediction requests.

Lowest-level resources where you can grant this role:

  • Project

ml.jobs.create

ml.jobs.get

ml.jobs.getIamPolicy

ml.jobs.list

ml.locations.*

  • ml.locations.get
  • ml.locations.list

ml.models.create

ml.models.get

ml.models.getIamPolicy

ml.models.list

ml.models.predict

ml.operations.get

ml.operations.list

ml.projects.getConfig

ml.studies.*

  • ml.studies.create
  • ml.studies.delete
  • ml.studies.get
  • ml.studies.getIamPolicy
  • ml.studies.list
  • ml.studies.setIamPolicy

ml.trials.*

  • ml.trials.create
  • ml.trials.delete
  • ml.trials.get
  • ml.trials.list
  • ml.trials.update

ml.versions.get

ml.versions.list

ml.versions.predict

resourcemanager.projects.get

(roles/ml.jobOwner)

Provides full access to all permissions for a particular job resource. This role is automatically granted to the user who creates the job.

Lowest-level resources where you can grant this role:

  • Job

ml.jobs.*

  • ml.jobs.cancel
  • ml.jobs.create
  • ml.jobs.get
  • ml.jobs.getIamPolicy
  • ml.jobs.list
  • ml.jobs.setIamPolicy
  • ml.jobs.update

(roles/ml.modelOwner)

Provides full access to the model and its versions. This role is automatically granted to the user who creates the model.

Lowest-level resources where you can grant this role:

  • Model

ml.models.*

  • ml.models.create
  • ml.models.delete
  • ml.models.get
  • ml.models.getIamPolicy
  • ml.models.list
  • ml.models.predict
  • ml.models.setIamPolicy
  • ml.models.update

ml.versions.*

  • ml.versions.create
  • ml.versions.delete
  • ml.versions.get
  • ml.versions.list
  • ml.versions.predict
  • ml.versions.update

(roles/ml.modelUser)

Provides permissions to read the model and its versions, and use them for prediction.

Lowest-level resources where you can grant this role:

  • Model

ml.models.get

ml.models.predict

ml.versions.get

ml.versions.list

ml.versions.predict

(roles/ml.operationOwner)

Provides full access to all permissions for a particular operation resource.

Lowest-level resources where you can grant this role:

  • Operation

ml.operations.*

  • ml.operations.cancel
  • ml.operations.get
  • ml.operations.list

(roles/ml.serviceAgent)

AI Platform service agent can act as log writer, Cloud Storage admin, Artifact Registry Reader, BigQuery writer, and service account access token creator.

artifactregistry.attachments.get

artifactregistry.attachments.list

artifactregistry.dockerimages.*

  • artifactregistry.dockerimages.get
  • artifactregistry.dockerimages.list

artifactregistry.files.download

artifactregistry.files.get

artifactregistry.files.list

artifactregistry.locations.*

  • artifactregistry.locations.get
  • artifactregistry.locations.list

artifactregistry.mavenartifacts.*

  • artifactregistry.mavenartifacts.get
  • artifactregistry.mavenartifacts.list

artifactregistry.npmpackages.*

  • artifactregistry.npmpackages.get
  • artifactregistry.npmpackages.list

artifactregistry.packages.get

artifactregistry.packages.list

artifactregistry.projectsettings.get

artifactregistry.pythonpackages.*

  • artifactregistry.pythonpackages.get
  • artifactregistry.pythonpackages.list

artifactregistry.repositories.downloadArtifacts

artifactregistry.repositories.get

artifactregistry.repositories.list

artifactregistry.repositories.listEffectiveTags

artifactregistry.repositories.listTagBindings

artifactregistry.repositories.readViaVirtualRepository

artifactregistry.rules.get

artifactregistry.rules.list

artifactregistry.tags.get

artifactregistry.tags.list

artifactregistry.versions.get

artifactregistry.versions.list

bigquery.datasets.create

bigquery.datasets.get

bigquery.jobs.create

bigquery.jobs.get

bigquery.jobs.list

bigquery.jobs.update

bigquery.tables.create

bigquery.tables.get

bigquery.tables.getData

bigquery.tables.list

bigquery.tables.updateData

firebase.projects.get

iam.serviceAccounts.get

iam.serviceAccounts.getAccessToken

iam.serviceAccounts.getOpenIdToken

iam.serviceAccounts.implicitDelegation

iam.serviceAccounts.list

iam.serviceAccounts.signBlob

iam.serviceAccounts.signJwt

logging.logEntries.create

logging.logEntries.route

orgpolicy.policy.get

recommender.iamPolicyInsights.*

  • recommender.iamPolicyInsights.get
  • recommender.iamPolicyInsights.list
  • recommender.iamPolicyInsights.update

recommender.iamPolicyRecommendations.*

  • recommender.iamPolicyRecommendations.get
  • recommender.iamPolicyRecommendations.list
  • recommender.iamPolicyRecommendations.update

recommender.storageBucketSoftDeleteInsights.*

  • recommender.storageBucketSoftDeleteInsights.get
  • recommender.storageBucketSoftDeleteInsights.list
  • recommender.storageBucketSoftDeleteInsights.update

recommender.storageBucketSoftDeleteRecommendations.*

  • recommender.storageBucketSoftDeleteRecommendations.get
  • recommender.storageBucketSoftDeleteRecommendations.list
  • recommender.storageBucketSoftDeleteRecommendations.update

resourcemanager.hierarchyNodes.listEffectiveTags

resourcemanager.projects.get

resourcemanager.projects.list

storage.anywhereCaches.*

  • storage.anywhereCaches.create
  • storage.anywhereCaches.disable
  • storage.anywhereCaches.get
  • storage.anywhereCaches.list
  • storage.anywhereCaches.pause
  • storage.anywhereCaches.resume
  • storage.anywhereCaches.update

storage.bucketOperations.*

  • storage.bucketOperations.cancel
  • storage.bucketOperations.get
  • storage.bucketOperations.list

storage.buckets.*

  • storage.buckets.create
  • storage.buckets.createTagBinding
  • storage.buckets.delete
  • storage.buckets.deleteTagBinding
  • storage.buckets.enableObjectRetention
  • storage.buckets.get
  • storage.buckets.getIamPolicy
  • storage.buckets.getIpFilter
  • storage.buckets.getObjectInsights
  • storage.buckets.list
  • storage.buckets.listEffectiveTags
  • storage.buckets.listTagBindings
  • storage.buckets.relocate
  • storage.buckets.restore
  • storage.buckets.setIamPolicy
  • storage.buckets.setIpFilter
  • storage.buckets.update

storage.folders.*

  • storage.folders.create
  • storage.folders.delete
  • storage.folders.get
  • storage.folders.list
  • storage.folders.rename

storage.intelligenceConfigs.*

  • storage.intelligenceConfigs.get
  • storage.intelligenceConfigs.update

storage.managedFolders.*

  • storage.managedFolders.create
  • storage.managedFolders.delete
  • storage.managedFolders.get
  • storage.managedFolders.getIamPolicy
  • storage.managedFolders.list
  • storage.managedFolders.setIamPolicy

storage.multipartUploads.*

  • storage.multipartUploads.abort
  • storage.multipartUploads.create
  • storage.multipartUploads.list
  • storage.multipartUploads.listParts

storage.objects.*

  • storage.objects.create
  • storage.objects.delete
  • storage.objects.get
  • storage.objects.getIamPolicy
  • storage.objects.list
  • storage.objects.move
  • storage.objects.overrideUnlockedRetention
  • storage.objects.restore
  • storage.objects.setIamPolicy
  • storage.objects.setRetention
  • storage.objects.update

(roles/ml.viewer)

Provides read-only access to AI Platform resources.

Lowest-level resources where you can grant this role:

  • Project

ml.jobs.get

ml.jobs.list

ml.locations.*

  • ml.locations.get
  • ml.locations.list

ml.models.get

ml.models.list

ml.operations.get

ml.operations.list

ml.projects.getConfig

ml.studies.get

ml.studies.getIamPolicy

ml.studies.list

ml.trials.get

ml.trials.list

ml.versions.get

ml.versions.list

resourcemanager.projects.get

AI Platform 权限

权限 以下角色拥有此权限

Owner (roles/owner)

Editor (roles/editor)

AI Platform Admin (roles/ml.admin)

AI Platform Job Owner (roles/ml.jobOwner)

Owner (roles/owner)

Editor (roles/editor)

AI Platform Admin (roles/ml.admin)

AI Platform Developer (roles/ml.developer)

AI Platform Job Owner (roles/ml.jobOwner)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

AI Platform Admin (roles/ml.admin)

AI Platform Developer (roles/ml.developer)

AI Platform Job Owner (roles/ml.jobOwner)

AI Platform Viewer (roles/ml.viewer)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

AI Platform Admin (roles/ml.admin)

AI Platform Developer (roles/ml.developer)

AI Platform Job Owner (roles/ml.jobOwner)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

AI Platform Admin (roles/ml.admin)

AI Platform Developer (roles/ml.developer)

AI Platform Job Owner (roles/ml.jobOwner)

AI Platform Viewer (roles/ml.viewer)

服务代理角色

Owner (roles/owner)

Security Admin (roles/iam.securityAdmin)

AI Platform Admin (roles/ml.admin)

AI Platform Job Owner (roles/ml.jobOwner)

Owner (roles/owner)

Editor (roles/editor)

AI Platform Admin (roles/ml.admin)

AI Platform Job Owner (roles/ml.jobOwner)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

AI Platform Admin (roles/ml.admin)

AI Platform Developer (roles/ml.developer)

AI Platform Viewer (roles/ml.viewer)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

AI Platform Admin (roles/ml.admin)

AI Platform Developer (roles/ml.developer)

AI Platform Viewer (roles/ml.viewer)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

AI Platform Admin (roles/ml.admin)

AI Platform Developer (roles/ml.developer)

AI Platform Model Owner (roles/ml.modelOwner)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

AI Platform Admin (roles/ml.admin)

AI Platform Model Owner (roles/ml.modelOwner)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

AI Platform Admin (roles/ml.admin)

AI Platform Developer (roles/ml.developer)

AI Platform Model Owner (roles/ml.modelOwner)

AI Platform Model User (roles/ml.modelUser)

AI Platform Viewer (roles/ml.viewer)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

AI Platform Admin (roles/ml.admin)

AI Platform Developer (roles/ml.developer)

AI Platform Model Owner (roles/ml.modelOwner)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

AI Platform Admin (roles/ml.admin)

AI Platform Developer (roles/ml.developer)

AI Platform Model Owner (roles/ml.modelOwner)

AI Platform Viewer (roles/ml.viewer)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

AI Platform Admin (roles/ml.admin)

AI Platform Developer (roles/ml.developer)

AI Platform Model Owner (roles/ml.modelOwner)

AI Platform Model User (roles/ml.modelUser)

服务代理角色

Owner (roles/owner)

Security Admin (roles/iam.securityAdmin)

AI Platform Admin (roles/ml.admin)

AI Platform Model Owner (roles/ml.modelOwner)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

AI Platform Admin (roles/ml.admin)

AI Platform Model Owner (roles/ml.modelOwner)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

AI Platform Admin (roles/ml.admin)

AI Platform Operation Owner (roles/ml.operationOwner)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

AI Platform Admin (roles/ml.admin)

AI Platform Developer (roles/ml.developer)

AI Platform Operation Owner (roles/ml.operationOwner)

AI Platform Viewer (roles/ml.viewer)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

AI Platform Admin (roles/ml.admin)

AI Platform Developer (roles/ml.developer)

AI Platform Operation Owner (roles/ml.operationOwner)

AI Platform Viewer (roles/ml.viewer)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

AI Platform Admin (roles/ml.admin)

AI Platform Developer (roles/ml.developer)

AI Platform Viewer (roles/ml.viewer)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

AI Platform Admin (roles/ml.admin)

AI Platform Developer (roles/ml.developer)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

AI Platform Admin (roles/ml.admin)

AI Platform Developer (roles/ml.developer)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

AI Platform Admin (roles/ml.admin)

AI Platform Developer (roles/ml.developer)

AI Platform Viewer (roles/ml.viewer)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

AI Platform Admin (roles/ml.admin)

AI Platform Developer (roles/ml.developer)

AI Platform Viewer (roles/ml.viewer)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

AI Platform Admin (roles/ml.admin)

AI Platform Developer (roles/ml.developer)

AI Platform Viewer (roles/ml.viewer)

服务代理角色

Owner (roles/owner)

Security Admin (roles/iam.securityAdmin)

AI Platform Admin (roles/ml.admin)

AI Platform Developer (roles/ml.developer)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

AI Platform Admin (roles/ml.admin)

AI Platform Developer (roles/ml.developer)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

AI Platform Admin (roles/ml.admin)

AI Platform Developer (roles/ml.developer)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

AI Platform Admin (roles/ml.admin)

AI Platform Developer (roles/ml.developer)

AI Platform Viewer (roles/ml.viewer)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

AI Platform Admin (roles/ml.admin)

AI Platform Developer (roles/ml.developer)

AI Platform Viewer (roles/ml.viewer)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

AI Platform Admin (roles/ml.admin)

AI Platform Developer (roles/ml.developer)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

AI Platform Admin (roles/ml.admin)

AI Platform Model Owner (roles/ml.modelOwner)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

AI Platform Admin (roles/ml.admin)

AI Platform Model Owner (roles/ml.modelOwner)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

AI Platform Admin (roles/ml.admin)

AI Platform Developer (roles/ml.developer)

AI Platform Model Owner (roles/ml.modelOwner)

AI Platform Model User (roles/ml.modelUser)

AI Platform Viewer (roles/ml.viewer)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

AI Platform Admin (roles/ml.admin)

AI Platform Developer (roles/ml.developer)

AI Platform Model Owner (roles/ml.modelOwner)

AI Platform Model User (roles/ml.modelUser)

AI Platform Viewer (roles/ml.viewer)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

AI Platform Admin (roles/ml.admin)

AI Platform Developer (roles/ml.developer)

AI Platform Model Owner (roles/ml.modelOwner)

AI Platform Model User (roles/ml.modelUser)

服务代理角色

Owner (roles/owner)

Editor (roles/editor)

AI Platform Admin (roles/ml.admin)

AI Platform Model Owner (roles/ml.modelOwner)

服务代理角色