This page details the permissions required for Model Armor and provides instructions for enabling and disabling Model Armor.
Required permissions
You control access to Model Armor using IAM roles. The following roles grant access to the Model Armor capabilities:
| Role | Permissions |
|---|---|
| Administrators and owners
|
resourcemanager.projects.getresourcemanager.projects.listmodelarmor.templates.createmodelarmor.templates.updatemodelarmor.templates.deleteresourcemanager.projects.getresourcemanager.projects.listmodelarmor.templates.useToSanitizeUserPromptmodelarmor.templates.useToSanitizeModelResponseresourcemanager.projects.getresourcemanager.projects.listmodelarmor.templates.getmodelarmor.templates.list
|
| Users and applications planning to screen prompts and responses
|
resourcemanager.projects.getresourcemanager.projects.listmodelarmor.templates.useToSanitizeUserPromptmodelarmor.templates.useToSanitizeModelResponse
|
| Template viewers (detectors and thresholds)
|
resourcemanager.projects.getresourcemanager.projects.listmodelarmor.templates.getmodelarmor.templates.list
|
| Administrators and owners
|
resourcemanager.projects.getresourcemanager.projects.listresourcemanager.folders.getresourcemanager.folders.listresourcemanager.organizations.getmodelarmor.floorSettings.getmodelarmor.floorSettings.update
|
| Floor settings viewers
|
resourcemanager.projects.getresourcemanager.projects.listresourcemanager.folders.getresourcemanager.folders.listresourcemanager.organizations.getmodelarmor.floorSettings.get
|
Enable Model Armor
You must enable Model Armor APIs before you can use Model Armor.
Console
- In the Google Cloud console, go to the Model Armor page.
- Click Enable Model Armor APIs.
gcloud
Before you begin, follow these steps using the Google Cloud CLI command-line tool with the Model Armor API:
- Run the
gcloud auth logincommand to authenticate your Google Cloud account so that the Google Cloud CLI tool can interact with Google Cloud services on your behalf. Run the following command to set the default Google Cloud project for the Google Cloud CLI tool.
gcloud config set project project_id
Replace project_id with the actual ID of your project.
Run the following command to set the API endpoint for the Model Armor service.
gcloud config set api_endpoint_overrides/modelarmor "https://modelarmor.location_id.rep.googleapis.com/"
Replace location_id with the region where you want to use Model Armor.
Enable Model Armor
Run the following command to enable Model Armor.
gcloud services enable modelarmor.googleapis.com --project=projectID
Disable Model Armor
Run the following command to disable Model Armor.
gcloud services disable modelarmor.googleapis.com
What's next
- Learn about Model Armor templates.
- Learn about Model Armor floor settings.
- Sanitize prompts and responses.
- Troubleshoot Model Armor issues.