Private Marketplace

Google Cloud Private Marketplace contains curated lists of products, called collections, that have met your organization's requirements for use and that are available to either specified projects and folders or to your entire organization.

When you turn Private Marketplace on for your organization, your users can only access the products in the collections that you've shared with them, and they can't deploy products that you haven't shared with them. Private Marketplace uses a fail open governance model, with an estimated 99.994% reliability.

We recommend that you turn on Product Requests to allow your users to request access to specific Google Cloud Marketplace products.

Required IAM roles

To manage your private marketplace as an administrator, you must have the following roles for your Google Cloud organization:

Action Roles Level at which role is assigned
Turn on Private Marketplace Commerce Organization Governance Admin (roles/commerceorggovernance.admin) AND Organization Viewer (roles/resourcemanager.organizationViewer) roles Organization level
Manage collections Commerce Organization Governance Admin (roles/commerceorggovernance.admin) AND Organization Viewer (roles/resourcemanager.organizationViewer) roles Organization level

Supported products

Private Marketplace supports third-party Cloud Marketplace product listings that are sold by independent software vendors (ISVs) and governed by the Google Cloud Marketplace Terms of Service.

For the following types of products, if they aren't approved for your users, Private Marketplace blocks your users from using the API to deploy them:

  • Kubernetes apps and container images deployed onto Google Kubernetes Engine (GKE) clusters that are version 1.32.1-gke.1376000 or later
  • Container images deployed to Cloud Run
  • Virtual image disk creations
  • Procurable Vertex AI models
  • Procurable BigQuery datasets

For VMs deployed to Compute Engine, Private Marketplace identifies VMs by their product service name. For container images, Private Marketplace identifies images as follows:

  • For images referenced directly in Cloud Marketplace listings, Private Marketplace identifies the container images by the URL that links to them.
  • For images that match images available through Cloud Marketplace, Private Marketplace identifies the container images by their Secure Hash Algorithm (SHA) value.
  • For images deployed to Cloud Run, Private Marketplace identifies images by checking their metadata for Cloud Marketplace annotations.

Unsupported products

Private Marketplace doesn't support the following types of products:

  • Google-provided public OS images
  • Google-provided public datasets
  • Products owned and managed by Google, such as Maps, Firebase, Mandiant, or Kubeflow
  • Products listed as offered by:
    • Google
    • Google Enterprise API
    • Google Cloud Platform
  • Third-party and open source datasets and AI models that require you to have BigQuery or Vertex AI Identity and Access Management (IAM) permissions to access them
  • The API Library

Get started with Google Cloud Private Marketplace

To set up your organization with Private Marketplace, complete the following steps:

  1. Create and publish a default collection for your organization.

  2. Optionally, to share additional Cloud Marketplace products with specific folders or projects, you can create additional collections and share them.

  3. Optionally, turn on Product Requests.

  4. Turn on Google Cloud Private Marketplace.