Starting April 29, 2025, Gemini 1.5 Pro and Gemini 1.5 Flash models are not available in projects that have no prior usage of these models, including new projects. For details, see Model versions and lifecycle.

Access control

To use the generative AI features on Vertex AI, you must grant the appropriate IAM roles to principals, such as users, groups, and service accounts. You can grant a broad, predefined role or create a custom role with a specific set of permissions.

This page describes the different ways to grant access to generative AI features:

Choosing a role: Learn about the different types of roles and how to select the best one for your needs.
Predefined roles: Use broad, Google-managed roles for common use cases.
Permissions for custom roles: Create custom roles by combining specific permissions for fine-grained access control.

Choosing a role

Vertex AI offers predefined roles for common use cases and the ability to create custom roles for more granular control. The following table compares these options to help you choose the right role for your principals.

Role	Description	Pros	Cons	Best for
Vertex AI Administrator (`roles/aiplatform.admin`)	Grants full access to all Vertex AI resources, including generative AI features.	Simple to manage; provides comprehensive permissions.	Violates the principle of least privilege; grants excessive permissions if a user only needs specific features.	Administrators who need to manage all aspects of Vertex AI.
Vertex AI User (`roles/aiplatform.user`)	Grants permissions to use Vertex AI resources, including making predictions and managing jobs.	Good balance for developers and data scientists who actively use the platform.	May still grant more permissions than necessary for specific, limited tasks.	Users who need to develop, train, and deploy models.
Custom Role	A role you create by combining specific permissions from the permissions list.	Follows the principle of least privilege; provides precise, fine-grained control.	Requires more effort to create and maintain.	Applications or users with specific, limited responsibilities, such as only making prediction calls.

Predefined roles

To give principals access to generative AI features on Vertex AI, you can grant one of the following predefined roles:

To learn more about Vertex AI IAM roles, see Vertex AI access control with IAM.

Permissions for custom roles

The following table maps generative AI operations to the permissions required for the operation. If you need fine-grained access control, you can refer to these mappings to create custom roles.

Operation	Permissions needed
Make prompt requests	`aiplatform.endpoints.predict`
Save, view, update, and delete prompts in Vertex AI Studio	`aiplatform.datasets.create` `aiplatform.datasets.update` `aiplatform.datasets.delete` `aiplatform.datasets.list` `aiplatform.datasets.get`
Model tuning	`aiplatform.pipelineJobs.` `aiplatform.customJobs.` `aiplatform.datasets.export` `aiplatform.datasets.get` `aiplatform.models.upload` `aiplatform.models.get` `aiplatform.endpoints.create` `aiplatform.endpoints.get` `aiplatform.endpoints.deploy` `aiplatform.metadataStores.get` `storage.objects.create` `storage.objects.update` `storage.objects.get` `storage.objects.list`

To learn more about Vertex AI IAM permissions, see IAM permissions.

What's next

Learn how to enable Data Access audit logs.
Learn more about access control with IAM.
Learn how to tune a foundation model.
Learn about responsible AI best practices and Vertex AI's safety filters.

Access control Stay organized with collections Save and categorize content based on your preferences.

Choosing a role

Predefined roles

Permissions for custom roles

What's next

Access control