Roles Data

Name Description Title Included Permissions Copy Stage
roles/ml.serviceAgent AI Platform service agent can act as log writer, Cloud Storage admin, Artifact Registry Reader, BigQuery writer, and service account access token creator. AI Platform Service Agent ['artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'bigquery.datasets.create', 'bigquery.datasets.get', 'bigquery.jobs.create', 'bigquery.jobs.get', 'bigquery.jobs.list', 'bigquery.jobs.update', 'bigquery.tables.create', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.list', 'bigquery.tables.updateData', 'firebase.projects.get', 'iam.serviceAccounts.get', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'iam.serviceAccounts.implicitDelegation', 'iam.serviceAccounts.list', 'iam.serviceAccounts.signBlob', 'iam.serviceAccounts.signJwt', 'logging.logEntries.create', 'logging.logEntries.route', 'orgpolicy.policy.get', 'recommender.iamPolicyInsights.get', 'recommender.iamPolicyInsights.list', 'recommender.iamPolicyInsights.update', 'recommender.iamPolicyRecommendations.get', 'recommender.iamPolicyRecommendations.list', 'recommender.iamPolicyRecommendations.update', 'recommender.storageBucketSoftDeleteInsights.get', 'recommender.storageBucketSoftDeleteInsights.list', 'recommender.storageBucketSoftDeleteInsights.update', 'recommender.storageBucketSoftDeleteRecommendations.get', 'recommender.storageBucketSoftDeleteRecommendations.list', 'recommender.storageBucketSoftDeleteRecommendations.update', 'resourcemanager.hierarchyNodes.listEffectiveTags', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'storage.anywhereCaches.create', 'storage.anywhereCaches.disable', 'storage.anywhereCaches.get', 'storage.anywhereCaches.list', 'storage.anywhereCaches.pause', 'storage.anywhereCaches.resume', 'storage.anywhereCaches.update', 'storage.bucketOperations.cancel', 'storage.bucketOperations.get', 'storage.bucketOperations.list', 'storage.buckets.create', 'storage.buckets.createTagBinding', 'storage.buckets.delete', 'storage.buckets.deleteTagBinding', 'storage.buckets.enableObjectRetention', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.getObjectInsights', 'storage.buckets.list', 'storage.buckets.listEffectiveTags', 'storage.buckets.listTagBindings', 'storage.buckets.restore', 'storage.buckets.setIamPolicy', 'storage.buckets.update', 'storage.folders.create', 'storage.folders.delete', 'storage.folders.get', 'storage.folders.list', 'storage.folders.rename', 'storage.managedFolders.create', 'storage.managedFolders.delete', 'storage.managedFolders.get', 'storage.managedFolders.getIamPolicy', 'storage.managedFolders.list', 'storage.managedFolders.setIamPolicy', 'storage.managementHubs.get', 'storage.managementHubs.update', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.list', 'storage.multipartUploads.listParts', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'storage.objects.overrideUnlockedRetention', 'storage.objects.restore', 'storage.objects.setIamPolicy', 'storage.objects.setRetention', 'storage.objects.update'] GA
roles/ml.developer Access to create training and prediction jobs, models and versions, send online prediction requests. AI Platform Developer ['ml.jobs.create', 'ml.jobs.get', 'ml.jobs.getIamPolicy', 'ml.jobs.list', 'ml.locations.get', 'ml.locations.list', 'ml.models.create', 'ml.models.get', 'ml.models.getIamPolicy', 'ml.models.list', 'ml.models.predict', 'ml.operations.get', 'ml.operations.list', 'ml.projects.getConfig', 'ml.studies.create', 'ml.studies.delete', 'ml.studies.get', 'ml.studies.getIamPolicy', 'ml.studies.list', 'ml.studies.setIamPolicy', 'ml.trials.create', 'ml.trials.delete', 'ml.trials.get', 'ml.trials.list', 'ml.trials.update', 'ml.versions.get', 'ml.versions.list', 'ml.versions.predict', 'resourcemanager.projects.get'] GA
roles/ml.admin Full access to AI Platform. AI Platform Admin ['ml.jobs.cancel', 'ml.jobs.create', 'ml.jobs.get', 'ml.jobs.getIamPolicy', 'ml.jobs.list', 'ml.jobs.setIamPolicy', 'ml.jobs.update', 'ml.locations.get', 'ml.locations.list', 'ml.models.create', 'ml.models.delete', 'ml.models.get', 'ml.models.getIamPolicy', 'ml.models.list', 'ml.models.predict', 'ml.models.setIamPolicy', 'ml.models.update', 'ml.operations.cancel', 'ml.operations.get', 'ml.operations.list', 'ml.projects.getConfig', 'ml.studies.create', 'ml.studies.delete', 'ml.studies.get', 'ml.studies.getIamPolicy', 'ml.studies.list', 'ml.studies.setIamPolicy', 'ml.trials.create', 'ml.trials.delete', 'ml.trials.get', 'ml.trials.list', 'ml.trials.update', 'ml.versions.create', 'ml.versions.delete', 'ml.versions.get', 'ml.versions.list', 'ml.versions.predict', 'ml.versions.update', 'resourcemanager.projects.get'] GA
roles/ml.jobOwner Full access to the job. AI Platform Job Owner ['ml.jobs.cancel', 'ml.jobs.create', 'ml.jobs.get', 'ml.jobs.getIamPolicy', 'ml.jobs.list', 'ml.jobs.setIamPolicy', 'ml.jobs.update'] GA
roles/ml.modelUser Permissions to read the model and its versions, and use them for prediction. AI Platform Model User ['ml.models.get', 'ml.models.predict', 'ml.versions.get', 'ml.versions.list', 'ml.versions.predict'] GA
roles/ml.viewer Read-only access to AI Platform resources. AI Platform Viewer ['ml.jobs.get', 'ml.jobs.list', 'ml.locations.get', 'ml.locations.list', 'ml.models.get', 'ml.models.list', 'ml.operations.get', 'ml.operations.list', 'ml.projects.getConfig', 'ml.studies.get', 'ml.studies.getIamPolicy', 'ml.studies.list', 'ml.trials.get', 'ml.trials.list', 'ml.versions.get', 'ml.versions.list', 'resourcemanager.projects.get'] GA
roles/ml.modelOwner Full access to the model and its versions. AI Platform Model Owner ['ml.models.create', 'ml.models.delete', 'ml.models.get', 'ml.models.getIamPolicy', 'ml.models.list', 'ml.models.predict', 'ml.models.setIamPolicy', 'ml.models.update', 'ml.versions.create', 'ml.versions.delete', 'ml.versions.get', 'ml.versions.list', 'ml.versions.predict', 'ml.versions.update'] GA
roles/ml.operationOwner Full access to the operation. AI Platform Operation Owner ['ml.operations.cancel', 'ml.operations.get', 'ml.operations.list'] GA