roles/ml.serviceAgent
AI Platform service agent can act as log writer, Cloud Storage admin, Artifact Registry Reader, BigQuery writer, and service account access token creator.
AI Platform Service Agent
['artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'bigquery.datasets.create', 'bigquery.datasets.get', 'bigquery.jobs.create', 'bigquery.jobs.get', 'bigquery.jobs.list', 'bigquery.jobs.update', 'bigquery.tables.create', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.list', 'bigquery.tables.updateData', 'firebase.projects.get', 'iam.serviceAccounts.get', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'iam.serviceAccounts.implicitDelegation', 'iam.serviceAccounts.list', 'iam.serviceAccounts.signBlob', 'iam.serviceAccounts.signJwt', 'logging.logEntries.create', 'logging.logEntries.route', 'orgpolicy.policy.get', 'recommender.iamPolicyInsights.get', 'recommender.iamPolicyInsights.list', 'recommender.iamPolicyInsights.update', 'recommender.iamPolicyRecommendations.get', 'recommender.iamPolicyRecommendations.list', 'recommender.iamPolicyRecommendations.update', 'recommender.storageBucketSoftDeleteInsights.get', 'recommender.storageBucketSoftDeleteInsights.list', 'recommender.storageBucketSoftDeleteInsights.update', 'recommender.storageBucketSoftDeleteRecommendations.get', 'recommender.storageBucketSoftDeleteRecommendations.list', 'recommender.storageBucketSoftDeleteRecommendations.update', 'resourcemanager.hierarchyNodes.listEffectiveTags', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'storage.anywhereCaches.create', 'storage.anywhereCaches.disable', 'storage.anywhereCaches.get', 'storage.anywhereCaches.list', 'storage.anywhereCaches.pause', 'storage.anywhereCaches.resume', 'storage.anywhereCaches.update', 'storage.bucketOperations.cancel', 'storage.bucketOperations.get', 'storage.bucketOperations.list', 'storage.buckets.create', 'storage.buckets.createTagBinding', 'storage.buckets.delete', 'storage.buckets.deleteTagBinding', 'storage.buckets.enableObjectRetention', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.getObjectInsights', 'storage.buckets.list', 'storage.buckets.listEffectiveTags', 'storage.buckets.listTagBindings', 'storage.buckets.restore', 'storage.buckets.setIamPolicy', 'storage.buckets.update', 'storage.folders.create', 'storage.folders.delete', 'storage.folders.get', 'storage.folders.list', 'storage.folders.rename', 'storage.managedFolders.create', 'storage.managedFolders.delete', 'storage.managedFolders.get', 'storage.managedFolders.getIamPolicy', 'storage.managedFolders.list', 'storage.managedFolders.setIamPolicy', 'storage.managementHubs.get', 'storage.managementHubs.update', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.list', 'storage.multipartUploads.listParts', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'storage.objects.overrideUnlockedRetention', 'storage.objects.restore', 'storage.objects.setIamPolicy', 'storage.objects.setRetention', 'storage.objects.update']
Copy Permissions
GA
roles/ml.developer
Access to create training and prediction jobs, models and versions, send online prediction requests.
AI Platform Developer
['ml.jobs.create', 'ml.jobs.get', 'ml.jobs.getIamPolicy', 'ml.jobs.list', 'ml.locations.get', 'ml.locations.list', 'ml.models.create', 'ml.models.get', 'ml.models.getIamPolicy', 'ml.models.list', 'ml.models.predict', 'ml.operations.get', 'ml.operations.list', 'ml.projects.getConfig', 'ml.studies.create', 'ml.studies.delete', 'ml.studies.get', 'ml.studies.getIamPolicy', 'ml.studies.list', 'ml.studies.setIamPolicy', 'ml.trials.create', 'ml.trials.delete', 'ml.trials.get', 'ml.trials.list', 'ml.trials.update', 'ml.versions.get', 'ml.versions.list', 'ml.versions.predict', 'resourcemanager.projects.get']
Copy Permissions
GA
roles/ml.admin
Full access to AI Platform.
AI Platform Admin
['ml.jobs.cancel', 'ml.jobs.create', 'ml.jobs.get', 'ml.jobs.getIamPolicy', 'ml.jobs.list', 'ml.jobs.setIamPolicy', 'ml.jobs.update', 'ml.locations.get', 'ml.locations.list', 'ml.models.create', 'ml.models.delete', 'ml.models.get', 'ml.models.getIamPolicy', 'ml.models.list', 'ml.models.predict', 'ml.models.setIamPolicy', 'ml.models.update', 'ml.operations.cancel', 'ml.operations.get', 'ml.operations.list', 'ml.projects.getConfig', 'ml.studies.create', 'ml.studies.delete', 'ml.studies.get', 'ml.studies.getIamPolicy', 'ml.studies.list', 'ml.studies.setIamPolicy', 'ml.trials.create', 'ml.trials.delete', 'ml.trials.get', 'ml.trials.list', 'ml.trials.update', 'ml.versions.create', 'ml.versions.delete', 'ml.versions.get', 'ml.versions.list', 'ml.versions.predict', 'ml.versions.update', 'resourcemanager.projects.get']
Copy Permissions
GA
roles/ml.jobOwner
Full access to the job.
AI Platform Job Owner
['ml.jobs.cancel', 'ml.jobs.create', 'ml.jobs.get', 'ml.jobs.getIamPolicy', 'ml.jobs.list', 'ml.jobs.setIamPolicy', 'ml.jobs.update']
Copy Permissions
GA
roles/ml.modelUser
Permissions to read the model and its versions, and use them for prediction.
AI Platform Model User
['ml.models.get', 'ml.models.predict', 'ml.versions.get', 'ml.versions.list', 'ml.versions.predict']
Copy Permissions
GA
roles/ml.viewer
Read-only access to AI Platform resources.
AI Platform Viewer
['ml.jobs.get', 'ml.jobs.list', 'ml.locations.get', 'ml.locations.list', 'ml.models.get', 'ml.models.list', 'ml.operations.get', 'ml.operations.list', 'ml.projects.getConfig', 'ml.studies.get', 'ml.studies.getIamPolicy', 'ml.studies.list', 'ml.trials.get', 'ml.trials.list', 'ml.versions.get', 'ml.versions.list', 'resourcemanager.projects.get']
Copy Permissions
GA
roles/ml.modelOwner
Full access to the model and its versions.
AI Platform Model Owner
['ml.models.create', 'ml.models.delete', 'ml.models.get', 'ml.models.getIamPolicy', 'ml.models.list', 'ml.models.predict', 'ml.models.setIamPolicy', 'ml.models.update', 'ml.versions.create', 'ml.versions.delete', 'ml.versions.get', 'ml.versions.list', 'ml.versions.predict', 'ml.versions.update']
Copy Permissions
GA
roles/ml.operationOwner
Full access to the operation.
AI Platform Operation Owner
['ml.operations.cancel', 'ml.operations.get', 'ml.operations.list']
Copy Permissions
GA