Control access to Sessions with IAM Conditions

By default, sessions Identity and Access Management permissions are at the project-level. This document describes how to use IAM Conditions to control more granular access to Vertex AI Agent Engine Sessions resources.

Overview

IAM Conditions lets you grant access to session and session event resources only if specified conditions are met. You can control access to sessions based on the userId string within the Session resource using the API attribute aiplatform.googleapis.com/sessionUserId with an expression written in Common Expression Language. User ID is an arbitrary string that is provided when creating sessions, like userId = "userA".

These conditional Identity and Access Management policies are created at the project level and apply to all sessions and session events within a project. You can apply IAM conditions to all kinds of principals, including users of your project and service accounts.

IAM Conditions are useful for granting Identity and Access Management (IAM) permissions to many related session resources simultaneously, including those that don't exist yet. You can restrict access to your sessions and events so that a user can only access their own information, or so developers can only view certain Session resources without special permission grants.

Before you begin

To set up conditional Identity and Access Management policies for sessions and session events, do the following:

  • Review IAM Conditions: Familiarize yourself with the IAM Conditions overview.
  • Determine necessary roles: Identify which specialized Session IAM roles are appropriate for your use case to ensure the principle of least privilege.
  • Identify affected principals: Identify who in your organization should receive which permissions. For example, consider the following:
    • Should users be able to see another user's sessions?
    • Should developers be able to see all sessions?
    • Should project administrators be able to see all sessions?
    • Should certain agent identities be able to access certain sessions?
  • Grant IAM roles: Ensure you have the required roles that contain the necessary permissions you need to perform the tasks in this document.

    To get the permissions that you need to apply IAM Conditions to Vertex AI Agent Engine Session resources , ask your administrator to grant you the following IAM roles:

    • For projects: Project IAM Admin (`roles/resourcemanager.projectIamAdmin`)

    For more information about granting roles, see Manage access to projects, folders, and organizations.

    These predefined roles contain the permissions required to apply IAM Conditions to Vertex AI Agent Engine Session resources . To see the exact permissions that are required, expand the Required permissions section:

    Required permissions

    The following permissions are required to apply IAM Conditions to Vertex AI Agent Engine Session resources :

    • Set conditional IAM access at the project level: `resourcemanager.projects.setIamPolicy`

    You might also be able to get these permissions with custom roles or other predefined roles.

    If you plan to use IAM Conditions across your organization, you also need permissions to manage organization policies.

Creating conditional access for sessions

Grant conditional access to sessions by adding a condition to an Identity and Access Management policy binding at the project level. The condition uses the api.getAttribute('aiplatform.googleapis.com/sessionUserId', "") function to inspect the user ID of the session resource. You define a user ID when you create a session.

For a detailed guide on creating IAM policies with conditions, see Conditions in allow policies.

Best practices for User Id-level permissions

When you build conditions for sessions, use the following best practices:

  1. Use specialized Session IAM roles: Session IAM Conditions should only be used for roles that apply to sessions and session Events. You can use specialized roles such as aiplatform.googleapis.com/sessionViewer, aiplatform.googleapis.com/sessionEditor, and aiplatform.googleapis.com/sessionUser to prevent overly permissive access. See the Specialized Session IAM Roles section for more details.
  2. Use positive conditions: We recommend using positive conditions (such as checks for equality or the presence of prefixes) for aiplatform.googleapis.com/sessionUserId for greater accuracy. Since unsupported types and services are represented by an empty user ID, negative conditions (such as checks for inequality) might inadvertently match a wide range of resources, which can be overly permissive and allow for unexpected permission granting.
  3. Shorten conditions if possible: We recommend using the shortest and simplest logic within your IAM condition expressions, especially if you plan on having a large amount of conditions. IAM allow policies have a size limitation, and simplifying conditions will prevent running into IAM limitations. See Limitations for more details. For example, you can simplify checking for two different user IDs by combining the compound statement: api.getAttribute('aiplatform.googleapis.com/sessionUserId', '') == 'sessionA' || api.getAttribute('aiplatform.googleapis.com/sessionUserId', '') == sessionB' as it evaluates to the same result as the shorter statement api.getAttribute('aiplatform.googleapis.com/sessionUserId', '') in ['sessionA', 'sessionB'].

Specialized Session IAM roles

It is critical to prevent overly permissive IAM policies when using IAM Conditions. The following table lists specialized roles that you can use when granting conditional IAM roles for session APIs:

Role Name Description Included Permissions
aiplatform.googleapis.com/sessionViewer Grants read-only access to sessions and listing events.
  • aiplatform.googleapis.com/sessions.get
  • aiplatform.googleapis.com/sessions.list
  • aiplatform.googleapis.com/sessionEvents.list
aiplatform.googleapis.com/sessionEditor Grants write access to sessions and appending events.
  • aiplatform.googleapis.com/sessions.create
  • aiplatform.googleapis.com/sessions.update
  • aiplatform.googleapis.com/sessions.delete
  • aiplatform.googleapis.com/sessionEvents.append
aiplatform.googleapis.com/sessionUser Grants full access to sessions and events, including all viewer and editor permissions. Includes all permissions of both sessionEditor and sessionViewer.

Using IAM Conditions with Sessions

This section covers the following examples of using IAM Conditions with Sessions:

  1. Grant read access to sessions with exact user ID match.
  2. Grant write access to sessions containing a specific prefix in the user ID.
  3. Grant full access to sessions containing one of two user IDs.

Grant read access to sessions with exact user ID match

The following condition grants the individual userA@gmail.com view access only to sessions that have the exact user ID userA.

This means that the individual has the ability to get sessions and list the session events, as long as the user ID is exactly userA. The user doesn't have access to sessions with user ID such as userB.

{
  "members": ["user:userA@gmail.com"],
  "role": "roles/aiplatform.sessionViewer",
  "condition": {
    "title": "Session Access Condition",
    "expression": "api.getAttribute('aiplatform.googleapis.com/sessionUserId', '') == 'userA'"
  }
}

Grant write access to sessions containing a specific prefix in the user ID

The following condition grants the individual developerA@corp.com edit access to any sessions that contain the user ID starting with user. You can use startsWith for prefix checking and endsWith for suffix checking.

This means that the developer has the ability to create, update, and delete sessions, along with appending events, with user IDs such as userA or user1234.

{
  "members": ["user:developerA@corp.com"],
  "role": "roles/aiplatform.sessionEditor",
  "condition": {
    "title": "Session Access Condition",
    "expression": "api.getAttribute('aiplatform.googleapis.com/sessionUserId', '').startsWith('user')"
  }
}

Grant full access to sessions containing one of two user IDs

The following condition grants the group group:engineering@corp.com user (viewer and editor) access to sessions that have only user IDs userA or user123.

{
  "members": ["group:engineering@corp.com"],
  "role": "roles/aiplatform.sessionUser",
  "condition": {
    "title": "Session Access Condition",
    "expression": "api.getAttribute('aiplatform.googleapis.com/sessionUserId', '') in ['userA', 'user123']"
  }
}

Limitations

  1. Principal limit: IAM policies are limited to 1500 unique principals. This limit can be managed by using Google groups. See more at Limits on all principals.
  2. ListSessions API support: The ListSessions API doesn't support IAM conditions. To grant ListSessions permissions, you must grant the principal an unconditional role, such as aiplatform.googleapis.com/sessionViewer, aiplatform.googleapis.com/sessionUser, or a relevant unconditional Vertex AI role.