Esta página se ha traducido con Cloud Translation API.

Funciones y permisos de IAM

En esta página se describe cómo puedes controlar el acceso a la API y los permisos de los recursos de Gemini Enterprise mediante Gestión de Identidades y Accesos (IAM).

Información general

Google Cloud ofrece IAM, que te permite dar un acceso más pormenorizado a recursos Google Cloud específicos e impide el acceso no deseado a otros recursos. En esta página se describen los roles y permisos de gestión de identidades y accesos de Gemini Enterprise. Para obtener una descripción detallada de Google Cloud IAM, consulta la documentación de IAM.

Gemini Enterprise proporciona un conjunto de roles predefinidos diseñados para ayudarte a controlar el acceso a tus recursos de Gemini Enterprise. También puedes crear tus propios roles personalizados si los roles predefinidos no te ofrecen los conjuntos de permisos que necesitas. Además, los roles básicos antiguos (Editor, Lector y Propietario) también están disponibles, aunque no proporcionan el mismo control detallado que los roles de Gemini Enterprise. En concreto, los roles básicos proporcionan acceso a los recursos de Google Cloud , no solo a los de Gemini Enterprise. Para obtener más información, consulta la documentación sobre los roles básicos.

Funciones predefinidas

Gemini Enterprise proporciona algunos roles predefinidos que puedes usar para conceder permisos más específicos a las entidades. El rol que asignes a una entidad principal controla las acciones que puede llevar a cabo. Las entidades principales pueden ser personas, grupos o cuentas de servicio.

Puedes conceder varios roles al mismo principal y cambiar los roles concedidos a un principal en cualquier momento, siempre que tengas los permisos necesarios.

Entre las funciones más amplias se incluyen aquellas que están más estrechamente definidas. Por ejemplo, el rol Editor de Discovery Engine incluye todos los permisos del rol Lector de Discovery Engine, así como los permisos adicionales del rol Editor de Discovery Engine. Del mismo modo, el rol Administrador de Discovery Engine incluye todos los permisos del rol Editor de Discovery Engine, así como sus permisos adicionales.

Los roles básicos (Propietario, Editor y Lector) proporcionan permisos en Google Cloud. Los roles específicos de Gemini Enterprise solo proporcionan permisos de Gemini Enterprise, excepto los siguientes permisos, que son necesarios para el uso general: Google CloudGoogle Cloud

resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.services.list
serviceusage.services.get

En la siguiente tabla se indican los roles de IAM de Gemini Enterprise con una lista de todos los permisos de cada rol.

Rol Permisos

Rol	Permisos
Administrador de Discovery Engine (`roles/discoveryengine.admin`) Concede acceso completo a todos los recursos de Discovery Engine.	`discoveryengine.aclConfigs.` `discoveryengine.aclConfigs.get` `discoveryengine.aclConfigs.update` `discoveryengine.agents.` `discoveryengine.agents.create` `discoveryengine.agents.delete` `discoveryengine.agents.get` `discoveryengine.agents.list` `discoveryengine.agents.update` `discoveryengine.alertPolicies.` `discoveryengine.alertPolicies.create` `discoveryengine.alertPolicies.get` `discoveryengine.alertPolicies.update` `discoveryengine.analytics.` `discoveryengine.analytics.acquireDashboardSession` `discoveryengine.analytics.refreshDashboardSessionTokens` `discoveryengine.answers.get` `discoveryengine.assistAnswers.get` `discoveryengine.assistants.` `discoveryengine.assistants.assist` `discoveryengine.assistants.create` `discoveryengine.assistants.delete` `discoveryengine.assistants.get` `discoveryengine.assistants.list` `discoveryengine.assistants.update` `discoveryengine.branches.` `discoveryengine.branches.get` `discoveryengine.branches.list` `discoveryengine.cmekConfigs.` `discoveryengine.cmekConfigs.get` `discoveryengine.cmekConfigs.list` `discoveryengine.cmekConfigs.update` `discoveryengine.collections.` `discoveryengine.collections.delete` `discoveryengine.collections.get` `discoveryengine.collections.list` `discoveryengine.completionConfigs.` `discoveryengine.completionConfigs.completeQuery` `discoveryengine.completionConfigs.get` `discoveryengine.completionConfigs.update` `discoveryengine.connectorRuns.` `discoveryengine.connectorRuns.cancel` `discoveryengine.connectorRuns.list` `discoveryengine.controls.` `discoveryengine.controls.create` `discoveryengine.controls.delete` `discoveryengine.controls.get` `discoveryengine.controls.list` `discoveryengine.controls.update` `discoveryengine.conversations.` `discoveryengine.conversations.converse` `discoveryengine.conversations.create` `discoveryengine.conversations.delete` `discoveryengine.conversations.get` `discoveryengine.conversations.list` `discoveryengine.conversations.update` `discoveryengine.dataConnectors.` `discoveryengine.dataConnectors.acquireAccessToken` `discoveryengine.dataConnectors.acquireAndStoreRefreshToken` `discoveryengine.dataConnectors.buildActionInvocation` `discoveryengine.dataConnectors.checkRefreshToken` `discoveryengine.dataConnectors.executeAction` `discoveryengine.dataConnectors.get` `discoveryengine.dataConnectors.queryAvailableActions` `discoveryengine.dataConnectors.startConnectorRun` `discoveryengine.dataConnectors.update` `discoveryengine.dataStores.` `discoveryengine.dataStores.completeQuery` `discoveryengine.dataStores.create` `discoveryengine.dataStores.delete` `discoveryengine.dataStores.enrollSolutions` `discoveryengine.dataStores.get` `discoveryengine.dataStores.list` `discoveryengine.dataStores.listCustomModels` `discoveryengine.dataStores.trainCustomModel` `discoveryengine.dataStores.update` `discoveryengine.documentProcessingConfigs.` `discoveryengine.documentProcessingConfigs.get` `discoveryengine.documentProcessingConfigs.update` `discoveryengine.documents.` `discoveryengine.documents.batchGetDocumentsMetadata` `discoveryengine.documents.create` `discoveryengine.documents.delete` `discoveryengine.documents.get` `discoveryengine.documents.import` `discoveryengine.documents.list` `discoveryengine.documents.purge` `discoveryengine.documents.update` `discoveryengine.engines.` `discoveryengine.engines.create` `discoveryengine.engines.createEngineUserData` `discoveryengine.engines.delete` `discoveryengine.engines.get` `discoveryengine.engines.list` `discoveryengine.engines.pause` `discoveryengine.engines.resume` `discoveryengine.engines.tune` `discoveryengine.engines.update` `discoveryengine.evaluations.` `discoveryengine.evaluations.create` `discoveryengine.evaluations.get` `discoveryengine.evaluations.list` `discoveryengine.groundingConfigs.check` `discoveryengine.identityMappingStores.` `discoveryengine.identityMappingStores.create` `discoveryengine.identityMappingStores.delete` `discoveryengine.identityMappingStores.get` `discoveryengine.identityMappingStores.importIdentityMappings` `discoveryengine.identityMappingStores.list` `discoveryengine.identityMappingStores.listIdentityMappings` `discoveryengine.identityMappingStores.purgeIdentityMappings` `discoveryengine.licenseConfigs.` `discoveryengine.licenseConfigs.create` `discoveryengine.licenseConfigs.get` `discoveryengine.licenseConfigs.list` `discoveryengine.licenseConfigs.update` `discoveryengine.locations.` `discoveryengine.locations.estimateDataSize` `discoveryengine.locations.exchangeAuthCredentials` `discoveryengine.locations.getConnectorSource` `discoveryengine.locations.listConnectorSources` `discoveryengine.locations.setUpDataConnector` `discoveryengine.models.` `discoveryengine.models.create` `discoveryengine.models.delete` `discoveryengine.models.get` `discoveryengine.models.list` `discoveryengine.models.pause` `discoveryengine.models.resume` `discoveryengine.models.tune` `discoveryengine.models.update` `discoveryengine.operations.` `discoveryengine.operations.get` `discoveryengine.operations.list` `discoveryengine.projects.` `discoveryengine.projects.get` `discoveryengine.projects.provision` `discoveryengine.projects.reportConsentChange` `discoveryengine.rankingConfigs.rank` `discoveryengine.sampleQueries.` `discoveryengine.sampleQueries.create` `discoveryengine.sampleQueries.delete` `discoveryengine.sampleQueries.get` `discoveryengine.sampleQueries.import` `discoveryengine.sampleQueries.list` `discoveryengine.sampleQueries.update` `discoveryengine.sampleQuerySets.` `discoveryengine.sampleQuerySets.create` `discoveryengine.sampleQuerySets.delete` `discoveryengine.sampleQuerySets.get` `discoveryengine.sampleQuerySets.list` `discoveryengine.sampleQuerySets.update` `discoveryengine.schemas.` `discoveryengine.schemas.create` `discoveryengine.schemas.delete` `discoveryengine.schemas.get` `discoveryengine.schemas.list` `discoveryengine.schemas.preview` `discoveryengine.schemas.update` `discoveryengine.schemas.validate` `discoveryengine.servingConfigs.` `discoveryengine.servingConfigs.answer` `discoveryengine.servingConfigs.create` `discoveryengine.servingConfigs.delete` `discoveryengine.servingConfigs.get` `discoveryengine.servingConfigs.list` `discoveryengine.servingConfigs.recommend` `discoveryengine.servingConfigs.search` `discoveryengine.servingConfigs.update` `discoveryengine.sessions.` `discoveryengine.sessions.addContextFile` `discoveryengine.sessions.create` `discoveryengine.sessions.delete` `discoveryengine.sessions.downloadFile` `discoveryengine.sessions.get` `discoveryengine.sessions.list` `discoveryengine.sessions.listSessionFileMetadata` `discoveryengine.sessions.recommendQuestions` `discoveryengine.sessions.removeContextFile` `discoveryengine.sessions.search` `discoveryengine.sessions.selectContextFiles` `discoveryengine.sessions.update` `discoveryengine.sessions.uploadFile` `discoveryengine.siteSearchEngines.` `discoveryengine.siteSearchEngines.batchVerifyTargetSites` `discoveryengine.siteSearchEngines.disableAdvancedSiteSearch` `discoveryengine.siteSearchEngines.enableAdvancedSiteSearch` `discoveryengine.siteSearchEngines.fetchDomainVerificationStatus` `discoveryengine.siteSearchEngines.get` `discoveryengine.siteSearchEngines.recrawlUris` `discoveryengine.sitemaps.` `discoveryengine.sitemaps.create` `discoveryengine.sitemaps.delete` `discoveryengine.sitemaps.fetch` `discoveryengine.suggestionDenyListEntries.` `discoveryengine.suggestionDenyListEntries.import` `discoveryengine.suggestionDenyListEntries.purge` `discoveryengine.targetSites.` `discoveryengine.targetSites.batchCreate` `discoveryengine.targetSites.create` `discoveryengine.targetSites.delete` `discoveryengine.targetSites.get` `discoveryengine.targetSites.list` `discoveryengine.targetSites.update` `discoveryengine.userEvents.` `discoveryengine.userEvents.create` `discoveryengine.userEvents.fetchStats` `discoveryengine.userEvents.import` `discoveryengine.userEvents.purge` `discoveryengine.userStores.` `discoveryengine.userStores.batchUpdateUserLicenses` `discoveryengine.userStores.get` `discoveryengine.userStores.listUserLicenses` `discoveryengine.userStores.update` `discoveryengine.users.` `discoveryengine.users.get` `discoveryengine.users.update` `discoveryengine.widgetConfigs.*` `discoveryengine.widgetConfigs.get` `discoveryengine.widgetConfigs.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Editor de Discovery Engine (`roles/discoveryengine.editor`) Concede acceso de lectura y escritura a todos los recursos del motor de descubrimiento.	`discoveryengine.aclConfigs.get` `discoveryengine.agents.` `discoveryengine.agents.create` `discoveryengine.agents.delete` `discoveryengine.agents.get` `discoveryengine.agents.list` `discoveryengine.agents.update` `discoveryengine.alertPolicies.get` `discoveryengine.analytics.` `discoveryengine.analytics.acquireDashboardSession` `discoveryengine.analytics.refreshDashboardSessionTokens` `discoveryengine.answers.get` `discoveryengine.assistAnswers.get` `discoveryengine.assistants.assist` `discoveryengine.assistants.get` `discoveryengine.assistants.list` `discoveryengine.branches.` `discoveryengine.branches.get` `discoveryengine.branches.list` `discoveryengine.cmekConfigs.get` `discoveryengine.cmekConfigs.list` `discoveryengine.collections.get` `discoveryengine.collections.list` `discoveryengine.completionConfigs.completeQuery` `discoveryengine.completionConfigs.get` `discoveryengine.connectorRuns.list` `discoveryengine.controls.get` `discoveryengine.controls.list` `discoveryengine.conversations.` `discoveryengine.conversations.converse` `discoveryengine.conversations.create` `discoveryengine.conversations.delete` `discoveryengine.conversations.get` `discoveryengine.conversations.list` `discoveryengine.conversations.update` `discoveryengine.dataConnectors.acquireAccessToken` `discoveryengine.dataConnectors.acquireAndStoreRefreshToken` `discoveryengine.dataConnectors.buildActionInvocation` `discoveryengine.dataConnectors.checkRefreshToken` `discoveryengine.dataConnectors.executeAction` `discoveryengine.dataConnectors.get` `discoveryengine.dataConnectors.queryAvailableActions` `discoveryengine.dataStores.completeQuery` `discoveryengine.dataStores.get` `discoveryengine.dataStores.list` `discoveryengine.dataStores.listCustomModels` `discoveryengine.dataStores.trainCustomModel` `discoveryengine.documentProcessingConfigs.get` `discoveryengine.documents.batchGetDocumentsMetadata` `discoveryengine.documents.create` `discoveryengine.documents.delete` `discoveryengine.documents.get` `discoveryengine.documents.import` `discoveryengine.documents.list` `discoveryengine.documents.update` `discoveryengine.engines.createEngineUserData` `discoveryengine.engines.get` `discoveryengine.engines.list` `discoveryengine.engines.pause` `discoveryengine.engines.resume` `discoveryengine.engines.tune` `discoveryengine.evaluations.get` `discoveryengine.evaluations.list` `discoveryengine.groundingConfigs.check` `discoveryengine.identityMappingStores.` `discoveryengine.identityMappingStores.create` `discoveryengine.identityMappingStores.delete` `discoveryengine.identityMappingStores.get` `discoveryengine.identityMappingStores.importIdentityMappings` `discoveryengine.identityMappingStores.list` `discoveryengine.identityMappingStores.listIdentityMappings` `discoveryengine.identityMappingStores.purgeIdentityMappings` `discoveryengine.licenseConfigs.get` `discoveryengine.licenseConfigs.list` `discoveryengine.models.` `discoveryengine.models.create` `discoveryengine.models.delete` `discoveryengine.models.get` `discoveryengine.models.list` `discoveryengine.models.pause` `discoveryengine.models.resume` `discoveryengine.models.tune` `discoveryengine.models.update` `discoveryengine.operations.` `discoveryengine.operations.get` `discoveryengine.operations.list` `discoveryengine.projects.get` `discoveryengine.rankingConfigs.rank` `discoveryengine.sampleQueries.` `discoveryengine.sampleQueries.create` `discoveryengine.sampleQueries.delete` `discoveryengine.sampleQueries.get` `discoveryengine.sampleQueries.import` `discoveryengine.sampleQueries.list` `discoveryengine.sampleQueries.update` `discoveryengine.sampleQuerySets.` `discoveryengine.sampleQuerySets.create` `discoveryengine.sampleQuerySets.delete` `discoveryengine.sampleQuerySets.get` `discoveryengine.sampleQuerySets.list` `discoveryengine.sampleQuerySets.update` `discoveryengine.schemas.get` `discoveryengine.schemas.list` `discoveryengine.schemas.preview` `discoveryengine.schemas.validate` `discoveryengine.servingConfigs.answer` `discoveryengine.servingConfigs.get` `discoveryengine.servingConfigs.list` `discoveryengine.servingConfigs.recommend` `discoveryengine.servingConfigs.search` `discoveryengine.sessions.` `discoveryengine.sessions.addContextFile` `discoveryengine.sessions.create` `discoveryengine.sessions.delete` `discoveryengine.sessions.downloadFile` `discoveryengine.sessions.get` `discoveryengine.sessions.list` `discoveryengine.sessions.listSessionFileMetadata` `discoveryengine.sessions.recommendQuestions` `discoveryengine.sessions.removeContextFile` `discoveryengine.sessions.search` `discoveryengine.sessions.selectContextFiles` `discoveryengine.sessions.update` `discoveryengine.sessions.uploadFile` `discoveryengine.siteSearchEngines.get` `discoveryengine.targetSites.get` `discoveryengine.targetSites.list` `discoveryengine.userEvents.create` `discoveryengine.userEvents.fetchStats` `discoveryengine.userEvents.import` `discoveryengine.userStores.get` `discoveryengine.widgetConfigs.*` `discoveryengine.widgetConfigs.get` `discoveryengine.widgetConfigs.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Usuario de Discovery Engine (`roles/discoveryengine.user`) Concede acceso a nivel de usuario a los recursos de Discovery Engine.	`discoveryengine.accounts.create` `discoveryengine.agents.` `discoveryengine.agents.create` `discoveryengine.agents.delete` `discoveryengine.agents.get` `discoveryengine.agents.list` `discoveryengine.agents.update` `discoveryengine.answers.get` `discoveryengine.assistAnswers.get` `discoveryengine.assistants.assist` `discoveryengine.completionConfigs.completeQuery` `discoveryengine.dataConnectors.acquireAccessToken` `discoveryengine.dataConnectors.acquireAndStoreRefreshToken` `discoveryengine.dataConnectors.buildActionInvocation` `discoveryengine.dataConnectors.checkRefreshToken` `discoveryengine.dataConnectors.executeAction` `discoveryengine.dataConnectors.queryAvailableActions` `discoveryengine.engines.createEngineUserData` `discoveryengine.engines.get` `discoveryengine.notebooks.create` `discoveryengine.notebooks.list` `discoveryengine.servingConfigs.answer` `discoveryengine.servingConfigs.recommend` `discoveryengine.servingConfigs.search` `discoveryengine.sessions.` `discoveryengine.sessions.addContextFile` `discoveryengine.sessions.create` `discoveryengine.sessions.delete` `discoveryengine.sessions.downloadFile` `discoveryengine.sessions.get` `discoveryengine.sessions.list` `discoveryengine.sessions.listSessionFileMetadata` `discoveryengine.sessions.recommendQuestions` `discoveryengine.sessions.removeContextFile` `discoveryengine.sessions.search` `discoveryengine.sessions.selectContextFiles` `discoveryengine.sessions.update` `discoveryengine.sessions.uploadFile` `discoveryengine.userEvents.create` `discoveryengine.widgetConfigs.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Lector de Discovery Engine (`roles/discoveryengine.viewer`) Concede acceso de lectura a todos los recursos de Discovery Engine.	`discoveryengine.aclConfigs.get` `discoveryengine.agents.get` `discoveryengine.agents.list` `discoveryengine.alertPolicies.get` `discoveryengine.analytics.` `discoveryengine.analytics.acquireDashboardSession` `discoveryengine.analytics.refreshDashboardSessionTokens` `discoveryengine.answers.get` `discoveryengine.assistAnswers.get` `discoveryengine.assistants.get` `discoveryengine.assistants.list` `discoveryengine.branches.` `discoveryengine.branches.get` `discoveryengine.branches.list` `discoveryengine.cmekConfigs.get` `discoveryengine.cmekConfigs.list` `discoveryengine.collections.get` `discoveryengine.collections.list` `discoveryengine.completionConfigs.completeQuery` `discoveryengine.completionConfigs.get` `discoveryengine.connectorRuns.list` `discoveryengine.controls.get` `discoveryengine.controls.list` `discoveryengine.conversations.converse` `discoveryengine.conversations.get` `discoveryengine.conversations.list` `discoveryengine.dataConnectors.buildActionInvocation` `discoveryengine.dataConnectors.checkRefreshToken` `discoveryengine.dataConnectors.get` `discoveryengine.dataConnectors.queryAvailableActions` `discoveryengine.dataStores.completeQuery` `discoveryengine.dataStores.get` `discoveryengine.dataStores.list` `discoveryengine.dataStores.listCustomModels` `discoveryengine.documentProcessingConfigs.get` `discoveryengine.documents.batchGetDocumentsMetadata` `discoveryengine.documents.get` `discoveryengine.documents.list` `discoveryengine.engines.get` `discoveryengine.engines.list` `discoveryengine.evaluations.get` `discoveryengine.evaluations.list` `discoveryengine.groundingConfigs.check` `discoveryengine.identityMappingStores.get` `discoveryengine.identityMappingStores.list` `discoveryengine.identityMappingStores.listIdentityMappings` `discoveryengine.models.get` `discoveryengine.models.list` `discoveryengine.operations.*` `discoveryengine.operations.get` `discoveryengine.operations.list` `discoveryengine.projects.get` `discoveryengine.rankingConfigs.rank` `discoveryengine.sampleQueries.get` `discoveryengine.sampleQueries.list` `discoveryengine.sampleQuerySets.get` `discoveryengine.sampleQuerySets.list` `discoveryengine.schemas.get` `discoveryengine.schemas.list` `discoveryengine.schemas.preview` `discoveryengine.schemas.validate` `discoveryengine.servingConfigs.answer` `discoveryengine.servingConfigs.get` `discoveryengine.servingConfigs.list` `discoveryengine.servingConfigs.recommend` `discoveryengine.servingConfigs.search` `discoveryengine.sessions.downloadFile` `discoveryengine.sessions.get` `discoveryengine.sessions.list` `discoveryengine.sessions.listSessionFileMetadata` `discoveryengine.sessions.recommendQuestions` `discoveryengine.siteSearchEngines.get` `discoveryengine.targetSites.get` `discoveryengine.targetSites.list` `discoveryengine.userEvents.fetchStats` `discoveryengine.userStores.get` `discoveryengine.widgetConfigs.get` `resourcemanager.projects.get` `resourcemanager.projects.list`

Administrador de Discovery Engine

(roles/discoveryengine.admin)

Concede acceso completo a todos los recursos de Discovery Engine.

discoveryengine.aclConfigs.*

discoveryengine.aclConfigs.get
discoveryengine.aclConfigs.update

discoveryengine.agents.*

discoveryengine.agents.create
discoveryengine.agents.delete
discoveryengine.agents.get
discoveryengine.agents.list
discoveryengine.agents.update

discoveryengine.alertPolicies.*

discoveryengine.alertPolicies.create
discoveryengine.alertPolicies.get
discoveryengine.alertPolicies.update

discoveryengine.analytics.*

discoveryengine.analytics.acquireDashboardSession
discoveryengine.analytics.refreshDashboardSessionTokens

discoveryengine.answers.get

discoveryengine.assistAnswers.get

discoveryengine.assistants.*

discoveryengine.assistants.assist
discoveryengine.assistants.create
discoveryengine.assistants.delete
discoveryengine.assistants.get
discoveryengine.assistants.list
discoveryengine.assistants.update

discoveryengine.branches.*

discoveryengine.branches.get
discoveryengine.branches.list

discoveryengine.cmekConfigs.*

discoveryengine.cmekConfigs.get
discoveryengine.cmekConfigs.list
discoveryengine.cmekConfigs.update

discoveryengine.collections.*

discoveryengine.collections.delete
discoveryengine.collections.get
discoveryengine.collections.list

discoveryengine.completionConfigs.*

discoveryengine.completionConfigs.completeQuery
discoveryengine.completionConfigs.get
discoveryengine.completionConfigs.update

discoveryengine.connectorRuns.*

discoveryengine.connectorRuns.cancel
discoveryengine.connectorRuns.list

discoveryengine.controls.*

discoveryengine.controls.create
discoveryengine.controls.delete
discoveryengine.controls.get
discoveryengine.controls.list
discoveryengine.controls.update

discoveryengine.conversations.*

discoveryengine.conversations.converse
discoveryengine.conversations.create
discoveryengine.conversations.delete
discoveryengine.conversations.get
discoveryengine.conversations.list
discoveryengine.conversations.update

discoveryengine.dataConnectors.*

discoveryengine.dataConnectors.acquireAccessToken
discoveryengine.dataConnectors.acquireAndStoreRefreshToken
discoveryengine.dataConnectors.buildActionInvocation
discoveryengine.dataConnectors.checkRefreshToken
discoveryengine.dataConnectors.executeAction
discoveryengine.dataConnectors.get
discoveryengine.dataConnectors.queryAvailableActions
discoveryengine.dataConnectors.startConnectorRun
discoveryengine.dataConnectors.update

discoveryengine.dataStores.*

discoveryengine.dataStores.completeQuery
discoveryengine.dataStores.create
discoveryengine.dataStores.delete
discoveryengine.dataStores.enrollSolutions
discoveryengine.dataStores.get
discoveryengine.dataStores.list
discoveryengine.dataStores.listCustomModels
discoveryengine.dataStores.trainCustomModel
discoveryengine.dataStores.update

discoveryengine.documentProcessingConfigs.*

discoveryengine.documentProcessingConfigs.get
discoveryengine.documentProcessingConfigs.update

discoveryengine.documents.*

discoveryengine.documents.batchGetDocumentsMetadata
discoveryengine.documents.create
discoveryengine.documents.delete
discoveryengine.documents.get
discoveryengine.documents.import
discoveryengine.documents.list
discoveryengine.documents.purge
discoveryengine.documents.update

discoveryengine.engines.*

discoveryengine.engines.create
discoveryengine.engines.createEngineUserData
discoveryengine.engines.delete
discoveryengine.engines.get
discoveryengine.engines.list
discoveryengine.engines.pause
discoveryengine.engines.resume
discoveryengine.engines.tune
discoveryengine.engines.update

discoveryengine.evaluations.*

discoveryengine.evaluations.create
discoveryengine.evaluations.get
discoveryengine.evaluations.list

discoveryengine.groundingConfigs.check

discoveryengine.identityMappingStores.*

discoveryengine.identityMappingStores.create
discoveryengine.identityMappingStores.delete
discoveryengine.identityMappingStores.get
discoveryengine.identityMappingStores.importIdentityMappings
discoveryengine.identityMappingStores.list
discoveryengine.identityMappingStores.listIdentityMappings
discoveryengine.identityMappingStores.purgeIdentityMappings

discoveryengine.licenseConfigs.*

discoveryengine.licenseConfigs.create
discoveryengine.licenseConfigs.get
discoveryengine.licenseConfigs.list
discoveryengine.licenseConfigs.update

discoveryengine.locations.*

discoveryengine.locations.estimateDataSize
discoveryengine.locations.exchangeAuthCredentials
discoveryengine.locations.getConnectorSource
discoveryengine.locations.listConnectorSources
discoveryengine.locations.setUpDataConnector

discoveryengine.models.*

discoveryengine.models.create
discoveryengine.models.delete
discoveryengine.models.get
discoveryengine.models.list
discoveryengine.models.pause
discoveryengine.models.resume
discoveryengine.models.tune
discoveryengine.models.update

discoveryengine.operations.*

discoveryengine.operations.get
discoveryengine.operations.list

discoveryengine.projects.*

discoveryengine.projects.get
discoveryengine.projects.provision
discoveryengine.projects.reportConsentChange

discoveryengine.rankingConfigs.rank

discoveryengine.sampleQueries.*

discoveryengine.sampleQueries.create
discoveryengine.sampleQueries.delete
discoveryengine.sampleQueries.get
discoveryengine.sampleQueries.import
discoveryengine.sampleQueries.list
discoveryengine.sampleQueries.update

discoveryengine.sampleQuerySets.*

discoveryengine.sampleQuerySets.create
discoveryengine.sampleQuerySets.delete
discoveryengine.sampleQuerySets.get
discoveryengine.sampleQuerySets.list
discoveryengine.sampleQuerySets.update

discoveryengine.schemas.*

discoveryengine.schemas.create
discoveryengine.schemas.delete
discoveryengine.schemas.get
discoveryengine.schemas.list
discoveryengine.schemas.preview
discoveryengine.schemas.update
discoveryengine.schemas.validate

discoveryengine.servingConfigs.*

discoveryengine.servingConfigs.answer
discoveryengine.servingConfigs.create
discoveryengine.servingConfigs.delete
discoveryengine.servingConfigs.get
discoveryengine.servingConfigs.list
discoveryengine.servingConfigs.recommend
discoveryengine.servingConfigs.search
discoveryengine.servingConfigs.update

discoveryengine.sessions.*

discoveryengine.sessions.addContextFile
discoveryengine.sessions.create
discoveryengine.sessions.delete
discoveryengine.sessions.downloadFile
discoveryengine.sessions.get
discoveryengine.sessions.list
discoveryengine.sessions.listSessionFileMetadata
discoveryengine.sessions.recommendQuestions
discoveryengine.sessions.removeContextFile
discoveryengine.sessions.search
discoveryengine.sessions.selectContextFiles
discoveryengine.sessions.update
discoveryengine.sessions.uploadFile

discoveryengine.siteSearchEngines.*

discoveryengine.siteSearchEngines.batchVerifyTargetSites
discoveryengine.siteSearchEngines.disableAdvancedSiteSearch
discoveryengine.siteSearchEngines.enableAdvancedSiteSearch
discoveryengine.siteSearchEngines.fetchDomainVerificationStatus
discoveryengine.siteSearchEngines.get
discoveryengine.siteSearchEngines.recrawlUris

discoveryengine.sitemaps.*

discoveryengine.sitemaps.create
discoveryengine.sitemaps.delete
discoveryengine.sitemaps.fetch

discoveryengine.suggestionDenyListEntries.*

discoveryengine.suggestionDenyListEntries.import
discoveryengine.suggestionDenyListEntries.purge

discoveryengine.targetSites.*

discoveryengine.targetSites.batchCreate
discoveryengine.targetSites.create
discoveryengine.targetSites.delete
discoveryengine.targetSites.get
discoveryengine.targetSites.list
discoveryengine.targetSites.update

discoveryengine.userEvents.*

discoveryengine.userEvents.create
discoveryengine.userEvents.fetchStats
discoveryengine.userEvents.import
discoveryengine.userEvents.purge

discoveryengine.userStores.*

discoveryengine.userStores.batchUpdateUserLicenses
discoveryengine.userStores.get
discoveryengine.userStores.listUserLicenses
discoveryengine.userStores.update

discoveryengine.users.*

discoveryengine.users.get
discoveryengine.users.update

discoveryengine.widgetConfigs.*

discoveryengine.widgetConfigs.get
discoveryengine.widgetConfigs.update

resourcemanager.projects.get

resourcemanager.projects.list

Editor de Discovery Engine

(roles/discoveryengine.editor)

Concede acceso de lectura y escritura a todos los recursos del motor de descubrimiento.

discoveryengine.aclConfigs.get

discoveryengine.agents.*

discoveryengine.agents.create
discoveryengine.agents.delete
discoveryengine.agents.get
discoveryengine.agents.list
discoveryengine.agents.update

discoveryengine.alertPolicies.get

discoveryengine.analytics.*

discoveryengine.analytics.acquireDashboardSession
discoveryengine.analytics.refreshDashboardSessionTokens

discoveryengine.answers.get

discoveryengine.assistAnswers.get

discoveryengine.assistants.assist

discoveryengine.assistants.get

discoveryengine.assistants.list

discoveryengine.branches.*

discoveryengine.branches.get
discoveryengine.branches.list

discoveryengine.cmekConfigs.get

discoveryengine.cmekConfigs.list

discoveryengine.collections.get

discoveryengine.collections.list

discoveryengine.completionConfigs.completeQuery

discoveryengine.completionConfigs.get

discoveryengine.connectorRuns.list

discoveryengine.controls.get

discoveryengine.controls.list

discoveryengine.conversations.*

discoveryengine.conversations.converse
discoveryengine.conversations.create
discoveryengine.conversations.delete
discoveryengine.conversations.get
discoveryengine.conversations.list
discoveryengine.conversations.update

discoveryengine.dataConnectors.acquireAccessToken

discoveryengine.dataConnectors.acquireAndStoreRefreshToken

discoveryengine.dataConnectors.buildActionInvocation

discoveryengine.dataConnectors.checkRefreshToken

discoveryengine.dataConnectors.executeAction

discoveryengine.dataConnectors.get

discoveryengine.dataConnectors.queryAvailableActions

discoveryengine.dataStores.completeQuery

discoveryengine.dataStores.get

discoveryengine.dataStores.list

discoveryengine.dataStores.listCustomModels

discoveryengine.dataStores.trainCustomModel

discoveryengine.documentProcessingConfigs.get

discoveryengine.documents.batchGetDocumentsMetadata

discoveryengine.documents.create

discoveryengine.documents.delete

discoveryengine.documents.get

discoveryengine.documents.import

discoveryengine.documents.list

discoveryengine.documents.update

discoveryengine.engines.createEngineUserData

discoveryengine.engines.get

discoveryengine.engines.list

discoveryengine.engines.pause

discoveryengine.engines.resume

discoveryengine.engines.tune

discoveryengine.evaluations.get

discoveryengine.evaluations.list

discoveryengine.groundingConfigs.check

discoveryengine.identityMappingStores.*

discoveryengine.identityMappingStores.create
discoveryengine.identityMappingStores.delete
discoveryengine.identityMappingStores.get
discoveryengine.identityMappingStores.importIdentityMappings
discoveryengine.identityMappingStores.list
discoveryengine.identityMappingStores.listIdentityMappings
discoveryengine.identityMappingStores.purgeIdentityMappings

discoveryengine.licenseConfigs.get

discoveryengine.licenseConfigs.list

discoveryengine.models.*

discoveryengine.models.create
discoveryengine.models.delete
discoveryengine.models.get
discoveryengine.models.list
discoveryengine.models.pause
discoveryengine.models.resume
discoveryengine.models.tune
discoveryengine.models.update

discoveryengine.operations.*

discoveryengine.operations.get
discoveryengine.operations.list

discoveryengine.projects.get

discoveryengine.rankingConfigs.rank

discoveryengine.sampleQueries.*

discoveryengine.sampleQueries.create
discoveryengine.sampleQueries.delete
discoveryengine.sampleQueries.get
discoveryengine.sampleQueries.import
discoveryengine.sampleQueries.list
discoveryengine.sampleQueries.update

discoveryengine.sampleQuerySets.*

discoveryengine.sampleQuerySets.create
discoveryengine.sampleQuerySets.delete
discoveryengine.sampleQuerySets.get
discoveryengine.sampleQuerySets.list
discoveryengine.sampleQuerySets.update

discoveryengine.schemas.get

discoveryengine.schemas.list

discoveryengine.schemas.preview

discoveryengine.schemas.validate

discoveryengine.servingConfigs.answer

discoveryengine.servingConfigs.get

discoveryengine.servingConfigs.list

discoveryengine.servingConfigs.recommend

discoveryengine.servingConfigs.search

discoveryengine.sessions.*

discoveryengine.sessions.addContextFile
discoveryengine.sessions.create
discoveryengine.sessions.delete
discoveryengine.sessions.downloadFile
discoveryengine.sessions.get
discoveryengine.sessions.list
discoveryengine.sessions.listSessionFileMetadata
discoveryengine.sessions.recommendQuestions
discoveryengine.sessions.removeContextFile
discoveryengine.sessions.search
discoveryengine.sessions.selectContextFiles
discoveryengine.sessions.update
discoveryengine.sessions.uploadFile

discoveryengine.siteSearchEngines.get

discoveryengine.targetSites.get

discoveryengine.targetSites.list

discoveryengine.userEvents.create

discoveryengine.userEvents.fetchStats

discoveryengine.userEvents.import

discoveryengine.userStores.get

discoveryengine.widgetConfigs.*

discoveryengine.widgetConfigs.get
discoveryengine.widgetConfigs.update

resourcemanager.projects.get

resourcemanager.projects.list

Usuario de Discovery Engine

(roles/discoveryengine.user)

Concede acceso a nivel de usuario a los recursos de Discovery Engine.

discoveryengine.accounts.create

discoveryengine.agents.*

discoveryengine.agents.create
discoveryengine.agents.delete
discoveryengine.agents.get
discoveryengine.agents.list
discoveryengine.agents.update

discoveryengine.answers.get

discoveryengine.assistAnswers.get

discoveryengine.assistants.assist

discoveryengine.completionConfigs.completeQuery

discoveryengine.dataConnectors.acquireAccessToken

discoveryengine.dataConnectors.acquireAndStoreRefreshToken

discoveryengine.dataConnectors.buildActionInvocation

discoveryengine.dataConnectors.checkRefreshToken

discoveryengine.dataConnectors.executeAction

discoveryengine.dataConnectors.queryAvailableActions

discoveryengine.engines.createEngineUserData

discoveryengine.engines.get

discoveryengine.notebooks.create

discoveryengine.notebooks.list

discoveryengine.servingConfigs.answer

discoveryengine.servingConfigs.recommend

discoveryengine.servingConfigs.search

discoveryengine.sessions.*

discoveryengine.sessions.addContextFile
discoveryengine.sessions.create
discoveryengine.sessions.delete
discoveryengine.sessions.downloadFile
discoveryengine.sessions.get
discoveryengine.sessions.list
discoveryengine.sessions.listSessionFileMetadata
discoveryengine.sessions.recommendQuestions
discoveryengine.sessions.removeContextFile
discoveryengine.sessions.search
discoveryengine.sessions.selectContextFiles
discoveryengine.sessions.update
discoveryengine.sessions.uploadFile

discoveryengine.userEvents.create

discoveryengine.widgetConfigs.get

resourcemanager.projects.get

resourcemanager.projects.list

Lector de Discovery Engine

(roles/discoveryengine.viewer)

Concede acceso de lectura a todos los recursos de Discovery Engine.

discoveryengine.aclConfigs.get

discoveryengine.agents.get

discoveryengine.agents.list

discoveryengine.alertPolicies.get

discoveryengine.analytics.*

discoveryengine.analytics.acquireDashboardSession
discoveryengine.analytics.refreshDashboardSessionTokens

discoveryengine.answers.get

discoveryengine.assistAnswers.get

discoveryengine.assistants.get

discoveryengine.assistants.list

discoveryengine.branches.*

discoveryengine.branches.get
discoveryengine.branches.list

discoveryengine.cmekConfigs.get

discoveryengine.cmekConfigs.list

discoveryengine.collections.get

discoveryengine.collections.list

discoveryengine.completionConfigs.completeQuery

discoveryengine.completionConfigs.get

discoveryengine.connectorRuns.list

discoveryengine.controls.get

discoveryengine.controls.list

discoveryengine.conversations.converse

discoveryengine.conversations.get

discoveryengine.conversations.list

discoveryengine.dataConnectors.buildActionInvocation

discoveryengine.dataConnectors.checkRefreshToken

discoveryengine.dataConnectors.get

discoveryengine.dataConnectors.queryAvailableActions

discoveryengine.dataStores.completeQuery

discoveryengine.dataStores.get

discoveryengine.dataStores.list

discoveryengine.dataStores.listCustomModels

discoveryengine.documentProcessingConfigs.get

discoveryengine.documents.batchGetDocumentsMetadata

discoveryengine.documents.get

discoveryengine.documents.list

discoveryengine.engines.get

discoveryengine.engines.list

discoveryengine.evaluations.get

discoveryengine.evaluations.list

discoveryengine.groundingConfigs.check

discoveryengine.identityMappingStores.get

discoveryengine.identityMappingStores.list

discoveryengine.identityMappingStores.listIdentityMappings

discoveryengine.models.get

discoveryengine.models.list

discoveryengine.operations.*

discoveryengine.operations.get
discoveryengine.operations.list

discoveryengine.projects.get

discoveryengine.rankingConfigs.rank

discoveryengine.sampleQueries.get

discoveryengine.sampleQueries.list

discoveryengine.sampleQuerySets.get

discoveryengine.sampleQuerySets.list

discoveryengine.schemas.get

discoveryengine.schemas.list

discoveryengine.schemas.preview

discoveryengine.schemas.validate

discoveryengine.servingConfigs.answer

discoveryengine.servingConfigs.get

discoveryengine.servingConfigs.list

discoveryengine.servingConfigs.recommend

discoveryengine.servingConfigs.search

discoveryengine.sessions.downloadFile

discoveryengine.sessions.get

discoveryengine.sessions.list

discoveryengine.sessions.listSessionFileMetadata

discoveryengine.sessions.recommendQuestions

discoveryengine.siteSearchEngines.get

discoveryengine.targetSites.get

discoveryengine.targetSites.list

discoveryengine.userEvents.fetchStats

discoveryengine.userStores.get

discoveryengine.widgetConfigs.get

resourcemanager.projects.get

resourcemanager.projects.list

Gestionar la gestión de identidades y accesos de Gemini Enterprise

Puedes obtener y definir políticas de permisos de IAM y roles de IAM mediante la consola de Google Cloud . Para obtener más información, consulta Gestionar el acceso a proyectos, carpetas y organizaciones.

Conceder permisos a administradores

Como propietario de un proyecto, puedes asignar los roles Discovery Engine Admin, Service Usage Consumer y Logs Viewer a los usuarios que quieras que sean administradores.

Sigue estos pasos para añadir los roles:

En la consola de Google Cloud , ve a la página Gestión de identidades y accesos.
Ir a IAM
Selecciona el proyecto.
Haz clic en Conceder acceso.
En el campo Nuevos principales, introduce el identificador de usuario. Normalmente, se trata de la dirección de correo de una cuenta de Google o de un grupo de usuarios.
Añade los roles:

Haz clic en Añadir otro rol.
En la lista Selecciona un rol, elige Administrador de Discovery Engine.
Repite los pasos a y b para añadir los roles Consumidor de uso de servicios y Lector de registros.

Haz clic en Guardar.

Conceder permisos a los usuarios

En esta sección se describe cómo asignar a los usuarios el rol Discovery Engine user que necesitan para acceder a las aplicaciones.

En la consola de Google Cloud , ve a la página Gestión de identidades y accesos.
Ir a IAM
Selecciona el proyecto.
Haz clic en Conceder acceso.
En el campo Nuevos principales, introduce el identificador de usuario. Normalmente, se trata de la dirección de correo de una cuenta de Google, un grupo de usuarios o el identificador de un usuario en un grupo de identidades de la plantilla. Para obtener más información, consulta Identificadores principales de las políticas de permiso.
Añade el rol:

Haz clic en Añadir otro rol.
En la lista Seleccionar un rol, elige Usuario de Discovery Engine.

Haz clic en Guardar.

Para permitir que los usuarios gestionen y compartan aplicaciones, concédeles el rol Discovery Engine viewer.

Siguientes pasos

Consulta cómo gestionar el acceso a proyectos, carpetas y organizaciones.
Obtén más información sobre la gestión de identidades y accesos.
Más información sobre los roles básicos
Obtén más información sobre las funciones personalizadas.

Funciones y permisos de IAM Organízate con las colecciones Guarda y clasifica el contenido según tus preferencias.

Información general

Funciones predefinidas

Administrador de Discovery Engine

Editor de Discovery Engine

Usuario de Discovery Engine

Lector de Discovery Engine

Gestionar la gestión de identidades y accesos de Gemini Enterprise

Conceder permisos a administradores

Conceder permisos a los usuarios

Siguientes pasos

Funciones y permisos de IAM