Google Cloud Private Marketplace contains curated lists of products, called collections, that have met your organization's requirements for use and that are available to either specified projects and folders or to your entire organization.
When you turn Private Marketplace on for your organization, your users can only access the products in the collections that you've shared with them, and they can't deploy products that you haven't shared with them. Private Marketplace uses a fail open governance model, with an estimated 99.994% reliability.
We recommend that you turn on Product Requests to allow your users to request access to specific Google Cloud Marketplace products.
Required IAM roles
To manage your private marketplace as an administrator, you must have the following roles for your Google Cloud organization:
| Action | Roles | Level at which role is assigned |
|---|---|---|
| Turn on Private Marketplace |
Commerce Organization Governance Admin (roles/commerceorggovernance.admin) AND
Organization Viewer (roles/resourcemanager.organizationViewer) roles
|
Organization level |
| Manage collections |
Commerce Organization Governance Admin (roles/commerceorggovernance.admin) AND
Organization Viewer (roles/resourcemanager.organizationViewer) roles
|
Organization level |
Supported products
Private Marketplace supports third-party Cloud Marketplace product listings that are sold by independent software vendors (ISVs) and governed by the Google Cloud Marketplace Terms of Service.
For the following types of products, if they aren't approved for your users, Private Marketplace blocks your users from using the API to deploy them:
- Kubernetes apps and container images deployed onto Google Kubernetes Engine (GKE) clusters that are version 1.32.1-gke.1376000 or later
- Container images deployed to Cloud Run
- Virtual image disk creations
- Procurable Vertex AI models
- Procurable BigQuery datasets
For VMs deployed to Compute Engine, Private Marketplace identifies VMs by their product service name. For container images, Private Marketplace identifies images as follows:
- For images referenced directly in Cloud Marketplace listings, Private Marketplace identifies the container images by the URL that links to them.
- For images that match images available through Cloud Marketplace, Private Marketplace identifies the container images by their Secure Hash Algorithm (SHA) value.
- For images deployed to Cloud Run, Private Marketplace identifies images by checking their metadata for Cloud Marketplace annotations.
Unsupported products
Private Marketplace doesn't support the following types of products:
- Google-provided public OS images
- Google-provided public datasets
- Products owned and managed by Google, such as Maps, Firebase, Mandiant, or Kubeflow
- Products listed as offered by:
- Google Enterprise API
- Google Cloud Platform
- Third-party and open source datasets and AI models that require you to have BigQuery or Vertex AI Identity and Access Management (IAM) permissions to access them
- The API Library
Get started with Google Cloud Private Marketplace
To set up your organization with Private Marketplace, complete the following steps:
Create and publish a default collection for your organization.
Optionally, to share additional Cloud Marketplace products with specific folders or projects, you can create additional collections and share them.
Optionally, turn on Product Requests.