The following table lists common Vertex AI operations and the permissions that they require.
To determine if one or more permissions are included in a Vertex AI IAM role, you can use one of the following methods:
- The
gcloud iam roles describe
command - The
roles.get()
method in the IAM API
Resource | Operation | Permissions needed |
---|---|---|
batchPredictionJobs | Cancel a batchPredictionJob |
|
batchPredictionJobs | Create a batchPredictionJob |
|
batchPredictionJobs |
Delete a batchPredictionJob
† † Starts a long-running operation |
Other permissions:
|
batchPredictionJobs | Get a batchPredictionJob |
|
batchPredictionJobs | List a batchPredictionJob |
|
customJobs | Cancel a customJob |
|
customJobs | Create a customJob |
|
customJobs |
Delete a customJob
† † Starts a long-running operation |
Other permissions:
|
customJobs | Get a customJob |
|
customJobs | List a customJob |
|
datasets |
Create a dataset
† † Starts a long-running operation |
Other permissions:
|
datasets |
Delete a dataset
† † Starts a long-running operation |
Other permissions:
|
datasets |
Export a dataset
† † Starts a long-running operation |
Other permissions:
|
datasets | Get a dataset |
|
datasets |
Import a dataset
† † Starts a long-running operation |
Other permissions:
|
datasets | List a dataset |
|
datasets | Update a dataset |
|
datasets.annotationSpecs | Get a dataset's annotationSpecs |
|
datasets.dataItems | List a dataset's dataItems |
|
datasets.dataItems.annotations | List a dataset.dataItems.annotations |
|
datasets.savedQueries | Lists SavedQueries in a Dataset. |
|
endpoints |
Create an endpoint
† † Starts a long-running operation |
Other permissions:
|
endpoints |
Delete an endpoint
† † Starts a long-running operation |
Other permissions:
|
endpoints |
Deploy model to an endpoint
† † Starts a long-running operation |
Other permissions:
|
endpoints | Explain an endpoint |
|
endpoints | Get an endpoint |
|
endpoints | List an endpoint |
|
endpoints | Update an endpoint |
|
endpoints | Predict an endpoint |
|
endpoints | Perform an online prediction with an arbitrary HTTP payload. |
|
endpoints |
Undeploy a model to an endpoint
† † Starts a long-running operation |
Other permissions:
|
featurestores |
Batch reads Feature values from a Featurestore.
† † Starts a long-running operation |
Other permissions:
|
featurestores |
Creates a new Featurestore in a given project and location.
† † Starts a long-running operation |
Other permissions:
|
featurestores |
Deletes a single Featurestore.
† † Starts a long-running operation |
Other permissions:
|
featurestores | Gets details of a single Featurestore. |
|
featurestores | Lists Featurestores in a given project and location. |
|
featurestores |
Updates the parameters of a single Featurestore.
† † Starts a long-running operation |
Other permissions:
|
featurestores | Searches Features matching a query in a given project. |
|
featurestores.entityTypes |
Creates a new EntityType in a given Featurestore.
† † Starts a long-running operation |
Other permissions:
|
featurestores.entityTypes |
Deletes a single EntityType.
† † Starts a long-running operation |
Other permissions:
|
featurestores.entityTypes |
Exports Feature values from all the entities of a target EntityType.
† † Starts a long-running operation |
Other permissions:
|
featurestores.entityTypes | Gets details of a single EntityType. |
|
featurestores.entityTypes |
Imports Feature values into the Featurestore from a source storage.
† † Starts a long-running operation |
Other permissions:
|
featurestores.entityTypes | Lists EntityTypes in a given Featurestore. |
|
featurestores.entityTypes | Updates the parameters of a single EntityType. |
|
featurestores.entityTypes | Reads Feature values of a specific entity of an EntityType. |
|
featurestores.entityTypes | Reads Feature values for multiple entities. |
|
featurestores.entityTypes.features |
Creates a batch of Features in a given EntityType.
† † Starts a long-running operation |
Other permissions:
|
featurestores.entityTypes.features |
Creates a new Feature in a given EntityType.
† † Starts a long-running operation |
Other permissions:
|
featurestores.entityTypes.features |
Deletes a single Feature.
† † Starts a long-running operation |
Other permissions:
|
featurestores.entityTypes.features | Gets details of a single Feature. |
|
featurestores.entityTypes.features | Lists Features in a given EntityType. |
|
featurestores.entityTypes.features | Updates the paramters of a single Feature |
|
hyperparameterTuningJobs | Cancel a hyperparameterTuningJob |
|
hyperparameterTuningJobs | Create a hyperparameterTuningJob |
|
hyperparameterTuningJobs | Delete a hyperparameterTuningJob |
|
hyperparameterTuningJobs | Get a hyperparameterTuningJob |
|
hyperparameterTuningJobs | List a hyperparameterTuningJob |
|
indexEndpoints |
Creates an IndexEndpoint.
† † Starts a long-running operation |
Other permissions:
|
indexEndpoints |
Deletes an IndexEndpoint.
† † Starts a long-running operation |
Other permissions:
|
indexEndpoints |
Deploys an Index into this IndexEndpoint, creating a DeployedIndex within it.
† † Starts a long-running operation |
Other permissions:
|
indexEndpoints | Gets an IndexEndpoint. |
|
indexEndpoints | Lists IndexEndpoints in a Location. |
|
indexEndpoints |
Update an existing DeployedIndex under an IndexEndpoint.
† † Starts a long-running operation |
Other permissions:
|
indexEndpoints | Updates an IndexEndpoint. |
|
indexEndpoints |
Undeploys an Index from an IndexEndpoint, removing a DeployedIndex from it, and freeing all resources it's using.
† † Starts a long-running operation |
Other permissions:
|
indexes |
Creates an Index.
† † Starts a long-running operation |
Other permissions:
|
indexes |
Deletes an Index.
† † Starts a long-running operation |
Other permissions:
|
indexes | Gets an Index. |
|
indexes | Lists Indexes in a Location. |
|
indexes |
Updates an Index.
† † Starts a long-running operation |
Other permissions:
|
metadataStores |
Initializes a MetadataStore, including allocation of resources.
† † Starts a long-running operation |
Other permissions:
|
metadataStores |
Deletes a single MetadataStore and all its child resources (Artifacts, Executions, and Contexts).
† † Starts a long-running operation |
Other permissions:
|
metadataStores | Retrieves a specific MetadataStore. |
|
metadataStores | Lists MetadataStores for a Location. |
|
metadataStores.artifacts | Creates an Artifact associated with a MetadataStore. |
|
metadataStores.artifacts |
Deletes an Artifact.
† † Starts a long-running operation |
Other permissions:
|
metadataStores.artifacts | Retrieves a specific Artifact. |
|
metadataStores.artifacts | Lists Artifacts in the MetadataStore. |
|
metadataStores.artifacts | Updates a stored Artifact. |
|
metadataStores.artifacts |
Purges Artifacts.
† † Starts a long-running operation |
Other permissions:
|
metadataStores.artifacts | Retrieves lineage of an Artifact represented through Artifacts and Executions connected by Event edges and returned as a LineageSubgraph. |
|
metadataStores.contexts | Adds a set of Artifacts and Executions to a Context. |
|
metadataStores.contexts | Adds a set of Contexts as children to a parent Context. |
|
metadataStores.contexts | Creates a Context associated with a MetadataStore. |
|
metadataStores.contexts |
Deletes a stored Context.
† † Starts a long-running operation |
Other permissions:
|
metadataStores.contexts | Retrieves a specific Context. |
|
metadataStores.contexts | Lists Contexts on the MetadataStore. |
|
metadataStores.contexts | Updates a stored Context. |
|
metadataStores.contexts |
Purges Contexts.
† † Starts a long-running operation |
Other permissions:
|
metadataStores.contexts | Retrieves Artifacts and Executions within the specified Context, connected by Event edges and returned as a LineageSubgraph. |
|
metadataStores.executions | Adds Events to the specified Execution. |
|
metadataStores.executions | Creates an Execution associated with a MetadataStore. |
|
metadataStores.executions |
Deletes an Execution.
† † Starts a long-running operation |
Other permissions:
|
metadataStores.executions | Retrieves a specific Execution. |
|
metadataStores.executions | Lists Executions in the MetadataStore. |
|
metadataStores.executions | Updates a stored Execution. |
|
metadataStores.executions |
Purges Executions.
† † Starts a long-running operation |
Other permissions:
|
metadataStores.executions | Obtains the set of input and output Artifacts for this Execution, in the form of LineageSubgraph that also contains the Execution and connecting Events. |
|
metadataStores.metadataSchemas | Creates a MetadataSchema. |
|
metadataStores.metadataSchemas | Retrieves a specific MetadataSchema. |
|
metadataStores.metadataSchemas | Lists MetadataSchemas. |
|
migratableResources | Batchmigrate a migratableResource |
|
migratableResources | Search a migratableResource |
|
modelDeploymentMonitoringJobs | Creates a ModelDeploymentMonitoringJob. |
|
modelDeploymentMonitoringJobs |
Deletes a ModelDeploymentMonitoringJob.
† † Starts a long-running operation |
Other permissions:
|
modelDeploymentMonitoringJobs | Gets a ModelDeploymentMonitoringJob. |
|
modelDeploymentMonitoringJobs | Lists ModelDeploymentMonitoringJobs in a Location. |
|
modelDeploymentMonitoringJobs |
Updates a ModelDeploymentMonitoringJob.
† † Starts a long-running operation |
Other permissions:
|
modelDeploymentMonitoringJobs | Pauses a ModelDeploymentMonitoringJob. |
|
modelDeploymentMonitoringJobs | Resumes a paused ModelDeploymentMonitoringJob. |
|
modelDeploymentMonitoringJobs | Searches Model Monitoring Statistics generated within a given time window. |
|
models |
Delete a model
† † Starts a long-running operation |
Other permissions:
|
models |
Export a model
† † Starts a long-running operation |
Other permissions:
|
models | Get a model |
|
models | List a model |
|
models | Update a model |
|
models |
Upload a model
† † Starts a long-running operation |
Other permissions:
|
models.evaluations | Get a model evaluation |
|
models.evaluations | List a model evaluation |
|
models.evaluations.slices | Get a model evaluations slice |
|
models.evaluations.slices | List a model evaluations slice |
|
pipelineJobs | Cancel a pipelineJob |
|
pipelineJobs | Create a pipelineJob |
|
pipelineJobs |
Delete a pipelineJob
† † Starts a long-running operation |
Other permissions:
|
pipelineJobs | Get a pipelineJob |
|
pipelineJobs | List a pipelineJob |
|
specialistPools |
Create a specialistPool
† † Starts a long-running operation |
Other permissions:
|
specialistPools |
Delete a specialistPool
† † Starts a long-running operation |
Other permissions:
|
specialistPools | Get a specialistPool |
|
specialistPools | List a specialistPool |
|
specialistPools |
Update a specialistPool
† † Starts a long-running operation |
Other permissions:
|
studies | Creates a Study. |
|
studies | Deletes a Study. |
|
studies | Gets a Study by name. |
|
studies | Lists all the studies in a region for an associated project. |
|
studies | Looks a study up using the user-defined displayName field instead of the fully qualified resource name. |
|
studies.trials | Adds a measurement of the objective metrics to a Trial. |
|
studies.trials |
Checks whether a Trial should stop or not.
† † Starts a long-running operation |
Other permissions:
|
studies.trials | Marks a Trial as complete. |
|
studies.trials | Adds a user provided Trial to a Study. |
|
studies.trials | Deletes a Trial. |
|
studies.trials | Gets a Trial. |
|
studies.trials | Lists the Trials associated with a Study. |
|
studies.trials | Lists the pareto-optimal Trials for multi-objective Study or the optimal Trials for single-objective Study. |
|
studies.trials | Stops a Trial. |
|
studies.trials |
Adds one or more Trials to a Study, with parameter values suggested by Vertex AI Vizier.
† † Starts a long-running operation |
Other permissions:
|
tensorboards |
Creates a Tensorboard.
† † Starts a long-running operation |
Other permissions:
|
tensorboards |
Deletes a Tensorboard.
† † Starts a long-running operation |
Other permissions:
|
tensorboards | Gets a Tensorboard. |
|
tensorboards | Lists Tensorboards in a Location. |
|
tensorboards |
Updates a Tensorboard.
† † Starts a long-running operation |
Other permissions:
|
tensorboards.experiments | Creates a TensorboardExperiment. |
|
tensorboards.experiments |
Deletes a TensorboardExperiment.
† † Starts a long-running operation |
Other permissions:
|
tensorboards.experiments | Gets a TensorboardExperiment. |
|
tensorboards.experiments | Lists TensorboardExperiments in a Location |
|
tensorboards.experiments | Updates a TensorboardExperiment. |
|
tensorboards.experiments | Write time series data points of multiple TensorboardTimeSeries in multiple TensorboardRun's. |
|
tensorboards.experiments.runs | Batch create TensorboardRuns. |
|
tensorboards.experiments.runs | Creates a TensorboardRun. |
|
tensorboards.experiments.runs |
Deletes a TensorboardRun.
† † Starts a long-running operation |
Other permissions:
|
tensorboards.experiments.runs | Gets a TensorboardRun. |
|
tensorboards.experiments.runs | Lists TensorboardRuns in a Location. |
|
tensorboards.experiments.runs | Updates a TensorboardRun. |
|
tensorboards.experiments.runs | Write time series data points into multiple TensorboardTimeSeries under a TensorboardRun. |
|
tensorboards.experiments.runs.timeSeries | Batch create TensorboardTimeSeries that belong to a TensorboardExperiment. |
|
tensorboards.experiments.runs.timeSeries | Reads multiple TensorboardTimeSeries' data. |
|
tensorboards.experiments.runs.timeSeries | Creates a TensorboardTimeSeries. |
|
tensorboards.experiments.runs.timeSeries |
Deletes a TensorboardTimeSeries.
† † Starts a long-running operation |
Other permissions:
|
tensorboards.experiments.runs.timeSeries | Exports a TensorboardTimeSeries' data. |
|
tensorboards.experiments.runs.timeSeries | Gets a TensorboardTimeSeries. |
|
tensorboards.experiments.runs.timeSeries | Lists TensorboardTimeSeries in a Location. |
|
tensorboards.experiments.runs.timeSeries | Updates a TensorboardTimeSeries. |
|
tensorboards.experiments.runs.timeSeries | Reads a TensorboardTimeSeries' data. |
|
tensorboards.experiments.runs.timeSeries | Gets bytes of TensorboardBlobs. |
|
trainingPipelines | Cancel a trainingPipeline |
|
trainingPipelines | Create a trainingPipeline |
|
trainingPipelines |
Delete a trainingPipeline
† † Starts a long-running operation |
Other permissions:
|
trainingPipelines | Get a trainingPipeline |
|
trainingPipelines | List a trainingPipeline |
|
N/A |
Generic delete operation
† † Starts a long-running operation |
Other permissions:
|
datasets |
Delete data item operation
† † Starts a long-running operation |
Other permissions:
|
featurestores |
Import features operation
† † Starts a long-running operation |
Other permissions:
|
datasets |
Delete annotation operation
† † Starts a long-running operation |
Other permissions:
|
datasets |
Batch delete DataItems operation
† † Starts a long-running operation |
Other permissions:
|
datasets |
Generate stats operation
† † Starts a long-running operation |
Other permissions:
|
datasets |
Delete AnnotationSpec operation
† † Starts a long-running operation |
Other permissions:
|
hyperparameterTuningJobs |
Delete HP tuning job
† † Starts a long-running operation |
Other permissions:
|
nasJobs |
Delete NAS job
† † Starts a long-running operation |
Other permissions:
|
N/A |
Create HumanInTheLoop operation
† † Starts a long-running operation |
Other permissions:
|
featurestores |
Export features operation
† † Starts a long-running operation |
Other permissions:
|
N/A |
Delete HumanInTheLoop operation
† † Starts a long-running operation |
Other permissions:
|
N/A |
Send HumanInTheLoop entry operation
† † Starts a long-running operation |
Other permissions:
|
datasets |
Calculate data item label stats
† † Starts a long-running operation |
Other permissions:
|
N/A |
Migrate resources operation
† † Starts a long-running operation |
Other permissions:
|
datasets |
Create DataItem operation
† † Starts a long-running operation |
Other permissions:
|
N/A |
† † Starts a long-running operation |
What's next
- For information about Vertex AI predefined, basic and custom roles, as well as general information about service accounts and agents, see Access control.
- For detailed information about controlling permissions with a custom service account, see Using a custom service account.
- Learn more about using IAM to access resources in the Granting, changing, and revoking access to resources topic of the IAM documentation.