Permissões e papéis do IAM

Nesta página, descrevemos como controlar o acesso e as permissões da API para recursos do Gemini Enterprise usando o Identity and Access Management (IAM).

Visão geral

OGoogle Cloud oferece o IAM, que permite conceder acesso mais granular a recursos específicos do Google Cloud e impede o acesso indesejado a outros recursos. Nesta página, descrevemos os papéis e as permissões do IAM do Gemini Enterprise. Para uma descrição detalhada do Google Cloud IAM, consulte a documentação do IAM.

O Gemini Enterprise oferece um conjunto de papéis predefinidos, projetados para ajudar você a controlar o acesso aos recursos do Gemini Enterprise. Também é possível criar seus próprios papéis personalizados caso aqueles predefinidos não forneçam os conjuntos de permissões necessárias. Além disso, os papéis primários legados (Editor, Leitor e Proprietário) também estão disponíveis, mas não fornecem o mesmo controle granular que os papéis do Gemini Enterprise. Em particular, os papéis básicos fornecem acesso a recursos no Google Cloud e não apenas para o Gemini Enterprise. Consulte a documentação sobre papéis básicos para mais informações.

Papéis predefinidos

O Gemini Enterprise oferece alguns papéis predefinidos que podem ser usados para fornecer permissões mais refinadas aos principais. O papel concedido a um principal controla quais ações ele pode realizar. Os principais podem ser indivíduos, grupos ou contas de serviço.

Conceda diversos papéis ao mesmo principal. Também é possível alterar os papéis concedidos a um principal a qualquer momento, desde que você tenha permissões para isso.

Os papéis mais amplos incluem os definidos de maneira mais restrita. Por exemplo, o papel de editor do Discovery Engine inclui todas as permissões do papel de leitor do Discovery Engine, além das permissões de adição do papel de editor do Discovery Engine. Da mesma forma, o papel de administrador do Gemini Enterprise inclui todas as permissões do papel de editor do Discovery Engine, além das permissões adicionais.

Os papéis básicos (proprietário, editor, leitor) fornecem permissões no Google Cloud. Os papéis específicos do Gemini Enterprise fornecem apenas permissões do Gemini Enterprise, exceto as seguintes permissões do Google Cloud, que são necessárias para uso geral do Google Cloud :

  • resourcemanager.projects.get
  • resourcemanager.projects.list
  • serviceusage.services.list
  • serviceusage.services.get

A tabela abaixo mostra os papéis do IAM do Gemini Enterprise com uma lista correspondente de todas as permissões de cada papel.

Papel Permissões

(roles/discoveryengine.agentspaceAdmin)

Concede acesso de administrador aos recursos do Gemini Enterprise.

cloudaicompanion.aiDevToolsSettings.*

  • cloudaicompanion.aiDevToolsSettings.create
  • cloudaicompanion.aiDevToolsSettings.delete
  • cloudaicompanion.aiDevToolsSettings.get
  • cloudaicompanion.aiDevToolsSettings.list
  • cloudaicompanion.aiDevToolsSettings.update

cloudaicompanion.codeRepositoryIndexes.*

  • cloudaicompanion.codeRepositoryIndexes.create
  • cloudaicompanion.codeRepositoryIndexes.delete
  • cloudaicompanion.codeRepositoryIndexes.get
  • cloudaicompanion.codeRepositoryIndexes.list
  • cloudaicompanion.codeRepositoryIndexes.update

cloudaicompanion.codeToolsSettings.*

  • cloudaicompanion.codeToolsSettings.create
  • cloudaicompanion.codeToolsSettings.delete
  • cloudaicompanion.codeToolsSettings.get
  • cloudaicompanion.codeToolsSettings.list
  • cloudaicompanion.codeToolsSettings.update

cloudaicompanion.dataSharingWithGoogleSettings.*

  • cloudaicompanion.dataSharingWithGoogleSettings.create
  • cloudaicompanion.dataSharingWithGoogleSettings.delete
  • cloudaicompanion.dataSharingWithGoogleSettings.get
  • cloudaicompanion.dataSharingWithGoogleSettings.list
  • cloudaicompanion.dataSharingWithGoogleSettings.update

cloudaicompanion.geminiGcpEnablementSettings.*

  • cloudaicompanion.geminiGcpEnablementSettings.create
  • cloudaicompanion.geminiGcpEnablementSettings.delete
  • cloudaicompanion.geminiGcpEnablementSettings.get
  • cloudaicompanion.geminiGcpEnablementSettings.list
  • cloudaicompanion.geminiGcpEnablementSettings.update

cloudaicompanion.instances.queryEffectiveSetting

cloudaicompanion.instances.queryEffectiveSettingBindings

cloudaicompanion.loggingSettings.*

  • cloudaicompanion.loggingSettings.create
  • cloudaicompanion.loggingSettings.delete
  • cloudaicompanion.loggingSettings.get
  • cloudaicompanion.loggingSettings.list
  • cloudaicompanion.loggingSettings.update

cloudaicompanion.operations.*

  • cloudaicompanion.operations.cancel
  • cloudaicompanion.operations.delete
  • cloudaicompanion.operations.get
  • cloudaicompanion.operations.list

cloudaicompanion.releaseChannelSettings.*

  • cloudaicompanion.releaseChannelSettings.create
  • cloudaicompanion.releaseChannelSettings.delete
  • cloudaicompanion.releaseChannelSettings.get
  • cloudaicompanion.releaseChannelSettings.list
  • cloudaicompanion.releaseChannelSettings.update

cloudaicompanion.repositoryGroups.create

cloudaicompanion.repositoryGroups.delete

cloudaicompanion.repositoryGroups.get

cloudaicompanion.repositoryGroups.getIamPolicy

cloudaicompanion.repositoryGroups.list

cloudaicompanion.repositoryGroups.setIamPolicy

cloudaicompanion.repositoryGroups.update

cloudaicompanion.settingBindings.*

  • cloudaicompanion.settingBindings.aiDevToolsSettingsCreate
  • cloudaicompanion.settingBindings.aiDevToolsSettingsDelete
  • cloudaicompanion.settingBindings.aiDevToolsSettingsGet
  • cloudaicompanion.settingBindings.aiDevToolsSettingsList
  • cloudaicompanion.settingBindings.aiDevToolsSettingsUpdate
  • cloudaicompanion.settingBindings.aiDevToolsSettingsUse
  • cloudaicompanion.settingBindings.codeToolsSettingsCreate
  • cloudaicompanion.settingBindings.codeToolsSettingsDelete
  • cloudaicompanion.settingBindings.codeToolsSettingsGet
  • cloudaicompanion.settingBindings.codeToolsSettingsList
  • cloudaicompanion.settingBindings.codeToolsSettingsUpdate
  • cloudaicompanion.settingBindings.codeToolsSettingsUse
  • cloudaicompanion.settingBindings.dataSharingWithGoogleSettingsCreate
  • cloudaicompanion.settingBindings.dataSharingWithGoogleSettingsDelete
  • cloudaicompanion.settingBindings.dataSharingWithGoogleSettingsGet
  • cloudaicompanion.settingBindings.dataSharingWithGoogleSettingsList
  • cloudaicompanion.settingBindings.dataSharingWithGoogleSettingsUpdate
  • cloudaicompanion.settingBindings.dataSharingWithGoogleSettingsUse
  • cloudaicompanion.settingBindings.geminiGcpEnablementSettingsCreate
  • cloudaicompanion.settingBindings.geminiGcpEnablementSettingsDelete
  • cloudaicompanion.settingBindings.geminiGcpEnablementSettingsGet
  • cloudaicompanion.settingBindings.geminiGcpEnablementSettingsList
  • cloudaicompanion.settingBindings.geminiGcpEnablementSettingsUpdate
  • cloudaicompanion.settingBindings.geminiGcpEnablementSettingsUse
  • cloudaicompanion.settingBindings.loggingSettingsCreate
  • cloudaicompanion.settingBindings.loggingSettingsDelete
  • cloudaicompanion.settingBindings.loggingSettingsGet
  • cloudaicompanion.settingBindings.loggingSettingsList
  • cloudaicompanion.settingBindings.loggingSettingsUpdate
  • cloudaicompanion.settingBindings.loggingSettingsUse
  • cloudaicompanion.settingBindings.releaseChannelSettingsCreate
  • cloudaicompanion.settingBindings.releaseChannelSettingsDelete
  • cloudaicompanion.settingBindings.releaseChannelSettingsGet
  • cloudaicompanion.settingBindings.releaseChannelSettingsList
  • cloudaicompanion.settingBindings.releaseChannelSettingsUpdate
  • cloudaicompanion.settingBindings.releaseChannelSettingsUse

cloudnotifications.activities.list

discoveryengine.aclConfigs.*

  • discoveryengine.aclConfigs.get
  • discoveryengine.aclConfigs.update

discoveryengine.agentFiles.*

  • discoveryengine.agentFiles.delete
  • discoveryengine.agentFiles.download
  • discoveryengine.agentFiles.import
  • discoveryengine.agentFiles.list
  • discoveryengine.agentFiles.upload

discoveryengine.agentIamProposals.*

  • discoveryengine.agentIamProposals.create
  • discoveryengine.agentIamProposals.delete
  • discoveryengine.agentIamProposals.get
  • discoveryengine.agentIamProposals.list

discoveryengine.agents.create

discoveryengine.agents.delete

discoveryengine.agents.get

discoveryengine.agents.getAgentView

discoveryengine.agents.getIamPolicy

discoveryengine.agents.list

discoveryengine.agents.listAvailableAgentViews

discoveryengine.agents.manage

discoveryengine.agents.setIamPolicy

discoveryengine.agents.update

discoveryengine.alertPolicies.*

  • discoveryengine.alertPolicies.create
  • discoveryengine.alertPolicies.get
  • discoveryengine.alertPolicies.update

discoveryengine.analytics.*

  • discoveryengine.analytics.acquireDashboardSession
  • discoveryengine.analytics.refreshDashboardSessionTokens

discoveryengine.answers.get

discoveryengine.assistAnswers.get

discoveryengine.assistants.*

  • discoveryengine.assistants.assist
  • discoveryengine.assistants.create
  • discoveryengine.assistants.delete
  • discoveryengine.assistants.get
  • discoveryengine.assistants.list
  • discoveryengine.assistants.update

discoveryengine.authorizations.*

  • discoveryengine.authorizations.create
  • discoveryengine.authorizations.delete
  • discoveryengine.authorizations.get
  • discoveryengine.authorizations.list
  • discoveryengine.authorizations.storeUserAuthorization
  • discoveryengine.authorizations.update

discoveryengine.billingAccountLicenseConfigs.*

  • discoveryengine.billingAccountLicenseConfigs.distribute
  • discoveryengine.billingAccountLicenseConfigs.get
  • discoveryengine.billingAccountLicenseConfigs.list
  • discoveryengine.billingAccountLicenseConfigs.retract

discoveryengine.branches.*

  • discoveryengine.branches.get
  • discoveryengine.branches.list

discoveryengine.cannedQueries.*

  • discoveryengine.cannedQueries.create
  • discoveryengine.cannedQueries.delete
  • discoveryengine.cannedQueries.get
  • discoveryengine.cannedQueries.list
  • discoveryengine.cannedQueries.listActiveCannedQueryUserViews
  • discoveryengine.cannedQueries.update

discoveryengine.cmekConfigs.*

  • discoveryengine.cmekConfigs.get
  • discoveryengine.cmekConfigs.list
  • discoveryengine.cmekConfigs.update

discoveryengine.collections.*

  • discoveryengine.collections.delete
  • discoveryengine.collections.get
  • discoveryengine.collections.list

discoveryengine.completionConfigs.*

  • discoveryengine.completionConfigs.completeQuery
  • discoveryengine.completionConfigs.get
  • discoveryengine.completionConfigs.removeSuggestion
  • discoveryengine.completionConfigs.update

discoveryengine.completionSuggestions.*

  • discoveryengine.completionSuggestions.import
  • discoveryengine.completionSuggestions.purge

discoveryengine.connectorRuns.*

  • discoveryengine.connectorRuns.cancel
  • discoveryengine.connectorRuns.list

discoveryengine.controls.*

  • discoveryengine.controls.create
  • discoveryengine.controls.delete
  • discoveryengine.controls.get
  • discoveryengine.controls.list
  • discoveryengine.controls.update

discoveryengine.conversations.*

  • discoveryengine.conversations.converse
  • discoveryengine.conversations.create
  • discoveryengine.conversations.delete
  • discoveryengine.conversations.get
  • discoveryengine.conversations.list
  • discoveryengine.conversations.update

discoveryengine.dataConnectors.*

  • discoveryengine.dataConnectors.acquireAccessToken
  • discoveryengine.dataConnectors.acquireAndStoreRefreshToken
  • discoveryengine.dataConnectors.buildActionInvocation
  • discoveryengine.dataConnectors.checkRefreshToken
  • discoveryengine.dataConnectors.executeAction
  • discoveryengine.dataConnectors.get
  • discoveryengine.dataConnectors.queryAvailableActions
  • discoveryengine.dataConnectors.startConnectorRun
  • discoveryengine.dataConnectors.update

discoveryengine.dataStores.*

  • discoveryengine.dataStores.completeQuery
  • discoveryengine.dataStores.create
  • discoveryengine.dataStores.delete
  • discoveryengine.dataStores.enrollSolutions
  • discoveryengine.dataStores.get
  • discoveryengine.dataStores.list
  • discoveryengine.dataStores.listCustomModels
  • discoveryengine.dataStores.trainCustomModel
  • discoveryengine.dataStores.update

discoveryengine.documentProcessingConfigs.*

  • discoveryengine.documentProcessingConfigs.get
  • discoveryengine.documentProcessingConfigs.update

discoveryengine.documents.*

  • discoveryengine.documents.batchGetDocumentsMetadata
  • discoveryengine.documents.create
  • discoveryengine.documents.delete
  • discoveryengine.documents.get
  • discoveryengine.documents.import
  • discoveryengine.documents.list
  • discoveryengine.documents.purge
  • discoveryengine.documents.update

discoveryengine.engines.*

  • discoveryengine.engines.create
  • discoveryengine.engines.createEngineUserData
  • discoveryengine.engines.delete
  • discoveryengine.engines.generateMemories
  • discoveryengine.engines.generatePersonalContext
  • discoveryengine.engines.get
  • discoveryengine.engines.getEngineUserData
  • discoveryengine.engines.getIamPolicy
  • discoveryengine.engines.getPersonalContext
  • discoveryengine.engines.list
  • discoveryengine.engines.pause
  • discoveryengine.engines.resume
  • discoveryengine.engines.setIamPolicy
  • discoveryengine.engines.tune
  • discoveryengine.engines.update
  • discoveryengine.engines.updateEngineUserData

discoveryengine.evaluations.*

  • discoveryengine.evaluations.create
  • discoveryengine.evaluations.get
  • discoveryengine.evaluations.list

discoveryengine.groundingConfigs.check

discoveryengine.homepageDataConfigs.fetchDocuments

discoveryengine.ideaForgeIdeas.*

  • discoveryengine.ideaForgeIdeas.create
  • discoveryengine.ideaForgeIdeas.get

discoveryengine.ideaForgeInstances.*

  • discoveryengine.ideaForgeInstances.get
  • discoveryengine.ideaForgeInstances.start

discoveryengine.identityMappingStores.*

  • discoveryengine.identityMappingStores.create
  • discoveryengine.identityMappingStores.delete
  • discoveryengine.identityMappingStores.get
  • discoveryengine.identityMappingStores.importIdentityMappings
  • discoveryengine.identityMappingStores.list
  • discoveryengine.identityMappingStores.listIdentityMappings
  • discoveryengine.identityMappingStores.purgeIdentityMappings

discoveryengine.licenseConfigs.*

  • discoveryengine.licenseConfigs.create
  • discoveryengine.licenseConfigs.get
  • discoveryengine.licenseConfigs.list
  • discoveryengine.licenseConfigs.update

discoveryengine.locations.*

  • discoveryengine.locations.completeExternalIdentities
  • discoveryengine.locations.estimateDataSize
  • discoveryengine.locations.exchangeAuthCredentials
  • discoveryengine.locations.fetchAgentCards
  • discoveryengine.locations.getConnectorSource
  • discoveryengine.locations.listConnectorSources
  • discoveryengine.locations.setUpDataConnector

discoveryengine.memories.*

  • discoveryengine.memories.delete
  • discoveryengine.memories.list
  • discoveryengine.memories.retrieve
  • discoveryengine.memories.update

discoveryengine.models.*

  • discoveryengine.models.create
  • discoveryengine.models.delete
  • discoveryengine.models.get
  • discoveryengine.models.list
  • discoveryengine.models.pause
  • discoveryengine.models.resume
  • discoveryengine.models.tune
  • discoveryengine.models.update

discoveryengine.notificationMessages.*

  • discoveryengine.notificationMessages.ackAll
  • discoveryengine.notificationMessages.list
  • discoveryengine.notificationMessages.update

discoveryengine.operations.*

  • discoveryengine.operations.get
  • discoveryengine.operations.list

discoveryengine.projects.*

  • discoveryengine.projects.get
  • discoveryengine.projects.provision
  • discoveryengine.projects.reportConsentChange

discoveryengine.rankingConfigs.rank

discoveryengine.sampleQueries.*

  • discoveryengine.sampleQueries.create
  • discoveryengine.sampleQueries.delete
  • discoveryengine.sampleQueries.get
  • discoveryengine.sampleQueries.import
  • discoveryengine.sampleQueries.list
  • discoveryengine.sampleQueries.update

discoveryengine.sampleQuerySets.*

  • discoveryengine.sampleQuerySets.create
  • discoveryengine.sampleQuerySets.delete
  • discoveryengine.sampleQuerySets.get
  • discoveryengine.sampleQuerySets.list
  • discoveryengine.sampleQuerySets.update

discoveryengine.schemas.*

  • discoveryengine.schemas.create
  • discoveryengine.schemas.delete
  • discoveryengine.schemas.get
  • discoveryengine.schemas.list
  • discoveryengine.schemas.preview
  • discoveryengine.schemas.update
  • discoveryengine.schemas.validate

discoveryengine.servingConfigs.*

  • discoveryengine.servingConfigs.answer
  • discoveryengine.servingConfigs.create
  • discoveryengine.servingConfigs.delete
  • discoveryengine.servingConfigs.get
  • discoveryengine.servingConfigs.list
  • discoveryengine.servingConfigs.recommend
  • discoveryengine.servingConfigs.search
  • discoveryengine.servingConfigs.update

discoveryengine.sessions.*

  • discoveryengine.sessions.addContextFile
  • discoveryengine.sessions.create
  • discoveryengine.sessions.delete
  • discoveryengine.sessions.downloadFile
  • discoveryengine.sessions.generateSummary
  • discoveryengine.sessions.get
  • discoveryengine.sessions.list
  • discoveryengine.sessions.listSessionFileMetadata
  • discoveryengine.sessions.recommendQuestions
  • discoveryengine.sessions.removeContextFile
  • discoveryengine.sessions.search
  • discoveryengine.sessions.selectContextFiles
  • discoveryengine.sessions.update
  • discoveryengine.sessions.uploadFile

discoveryengine.sharedContents.*

  • discoveryengine.sharedContents.create
  • discoveryengine.sharedContents.delete
  • discoveryengine.sharedContents.get
  • discoveryengine.sharedContents.list

discoveryengine.siteSearchEngines.*

  • discoveryengine.siteSearchEngines.batchVerifyTargetSites
  • discoveryengine.siteSearchEngines.disableAdvancedSiteSearch
  • discoveryengine.siteSearchEngines.enableAdvancedSiteSearch
  • discoveryengine.siteSearchEngines.fetchDomainVerificationStatus
  • discoveryengine.siteSearchEngines.get
  • discoveryengine.siteSearchEngines.recrawlUris

discoveryengine.sitemaps.*

  • discoveryengine.sitemaps.create
  • discoveryengine.sitemaps.delete
  • discoveryengine.sitemaps.fetch

discoveryengine.suggestionDenyListEntries.*

  • discoveryengine.suggestionDenyListEntries.import
  • discoveryengine.suggestionDenyListEntries.purge

discoveryengine.targetSites.*

  • discoveryengine.targetSites.batchCreate
  • discoveryengine.targetSites.create
  • discoveryengine.targetSites.delete
  • discoveryengine.targetSites.get
  • discoveryengine.targetSites.list
  • discoveryengine.targetSites.update

discoveryengine.userEvents.*

  • discoveryengine.userEvents.create
  • discoveryengine.userEvents.fetchStats
  • discoveryengine.userEvents.import
  • discoveryengine.userEvents.purge

discoveryengine.userStores.*

  • discoveryengine.userStores.batchUpdateUserLicenses
  • discoveryengine.userStores.get
  • discoveryengine.userStores.listUserLicenses
  • discoveryengine.userStores.update

discoveryengine.users.*

  • discoveryengine.users.get
  • discoveryengine.users.update

discoveryengine.widgetConfigs.*

  • discoveryengine.widgetConfigs.get
  • discoveryengine.widgetConfigs.update

monitoring.alertPolicies.get

monitoring.alertPolicies.list

monitoring.alertPolicies.listEffectiveTags

monitoring.alertPolicies.listTagBindings

monitoring.alerts.*

  • monitoring.alerts.get
  • monitoring.alerts.list

monitoring.dashboards.get

monitoring.dashboards.list

monitoring.dashboards.listEffectiveTags

monitoring.dashboards.listTagBindings

monitoring.groups.get

monitoring.groups.list

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

  • monitoring.monitoredResourceDescriptors.get
  • monitoring.monitoredResourceDescriptors.list

monitoring.notificationChannelDescriptors.*

  • monitoring.notificationChannelDescriptors.get
  • monitoring.notificationChannelDescriptors.list

monitoring.notificationChannels.get

monitoring.notificationChannels.list

monitoring.services.get

monitoring.services.list

monitoring.slos.get

monitoring.slos.list

monitoring.snoozes.get

monitoring.snoozes.list

monitoring.timeSeries.list

monitoring.uptimeCheckConfigs.get

monitoring.uptimeCheckConfigs.list

opsconfigmonitoring.resourceMetadata.list

resourcemanager.projects.get

resourcemanager.projects.list

stackdriver.projects.get

stackdriver.resourceMetadata.list

(roles/discoveryengine.editor)

Concede acesso de leitura e gravação a todos os recursos do Discovery Engine.

discoveryengine.aclConfigs.get

discoveryengine.agentFiles.*

  • discoveryengine.agentFiles.delete
  • discoveryengine.agentFiles.download
  • discoveryengine.agentFiles.import
  • discoveryengine.agentFiles.list
  • discoveryengine.agentFiles.upload

discoveryengine.agents.create

discoveryengine.agents.delete

discoveryengine.agents.get

discoveryengine.agents.getAgentView

discoveryengine.agents.getIamPolicy

discoveryengine.agents.list

discoveryengine.agents.listAvailableAgentViews

discoveryengine.agents.manage

discoveryengine.agents.update

discoveryengine.alertPolicies.get

discoveryengine.analytics.*

  • discoveryengine.analytics.acquireDashboardSession
  • discoveryengine.analytics.refreshDashboardSessionTokens

discoveryengine.answers.get

discoveryengine.assistAnswers.get

discoveryengine.assistants.assist

discoveryengine.assistants.get

discoveryengine.assistants.list

discoveryengine.authorizations.storeUserAuthorization

discoveryengine.branches.*

  • discoveryengine.branches.get
  • discoveryengine.branches.list

discoveryengine.cannedQueries.get

discoveryengine.cannedQueries.list

discoveryengine.cannedQueries.listActiveCannedQueryUserViews

discoveryengine.cmekConfigs.get

discoveryengine.cmekConfigs.list

discoveryengine.collections.get

discoveryengine.collections.list

discoveryengine.completionConfigs.completeQuery

discoveryengine.completionConfigs.get

discoveryengine.completionConfigs.removeSuggestion

discoveryengine.connectorRuns.list

discoveryengine.controls.get

discoveryengine.controls.list

discoveryengine.conversations.*

  • discoveryengine.conversations.converse
  • discoveryengine.conversations.create
  • discoveryengine.conversations.delete
  • discoveryengine.conversations.get
  • discoveryengine.conversations.list
  • discoveryengine.conversations.update

discoveryengine.dataConnectors.acquireAccessToken

discoveryengine.dataConnectors.acquireAndStoreRefreshToken

discoveryengine.dataConnectors.buildActionInvocation

discoveryengine.dataConnectors.checkRefreshToken

discoveryengine.dataConnectors.executeAction

discoveryengine.dataConnectors.get

discoveryengine.dataConnectors.queryAvailableActions

discoveryengine.dataStores.completeQuery

discoveryengine.dataStores.get

discoveryengine.dataStores.list

discoveryengine.dataStores.listCustomModels

discoveryengine.dataStores.trainCustomModel

discoveryengine.documentProcessingConfigs.get

discoveryengine.documents.batchGetDocumentsMetadata

discoveryengine.documents.create

discoveryengine.documents.delete

discoveryengine.documents.get

discoveryengine.documents.import

discoveryengine.documents.list

discoveryengine.documents.update

discoveryengine.engines.createEngineUserData

discoveryengine.engines.generateMemories

discoveryengine.engines.generatePersonalContext

discoveryengine.engines.get

discoveryengine.engines.getEngineUserData

discoveryengine.engines.getPersonalContext

discoveryengine.engines.list

discoveryengine.engines.pause

discoveryengine.engines.resume

discoveryengine.engines.tune

discoveryengine.engines.updateEngineUserData

discoveryengine.evaluations.get

discoveryengine.evaluations.list

discoveryengine.groundingConfigs.check

discoveryengine.homepageDataConfigs.fetchDocuments

discoveryengine.ideaForgeIdeas.*

  • discoveryengine.ideaForgeIdeas.create
  • discoveryengine.ideaForgeIdeas.get

discoveryengine.ideaForgeInstances.*

  • discoveryengine.ideaForgeInstances.get
  • discoveryengine.ideaForgeInstances.start

discoveryengine.identityMappingStores.*

  • discoveryengine.identityMappingStores.create
  • discoveryengine.identityMappingStores.delete
  • discoveryengine.identityMappingStores.get
  • discoveryengine.identityMappingStores.importIdentityMappings
  • discoveryengine.identityMappingStores.list
  • discoveryengine.identityMappingStores.listIdentityMappings
  • discoveryengine.identityMappingStores.purgeIdentityMappings

discoveryengine.licenseConfigs.get

discoveryengine.licenseConfigs.list

discoveryengine.locations.completeExternalIdentities

discoveryengine.locations.fetchAgentCards

discoveryengine.memories.*

  • discoveryengine.memories.delete
  • discoveryengine.memories.list
  • discoveryengine.memories.retrieve
  • discoveryengine.memories.update

discoveryengine.models.*

  • discoveryengine.models.create
  • discoveryengine.models.delete
  • discoveryengine.models.get
  • discoveryengine.models.list
  • discoveryengine.models.pause
  • discoveryengine.models.resume
  • discoveryengine.models.tune
  • discoveryengine.models.update

discoveryengine.notificationMessages.*

  • discoveryengine.notificationMessages.ackAll
  • discoveryengine.notificationMessages.list
  • discoveryengine.notificationMessages.update

discoveryengine.operations.*

  • discoveryengine.operations.get
  • discoveryengine.operations.list

discoveryengine.projects.get

discoveryengine.rankingConfigs.rank

discoveryengine.sampleQueries.*

  • discoveryengine.sampleQueries.create
  • discoveryengine.sampleQueries.delete
  • discoveryengine.sampleQueries.get
  • discoveryengine.sampleQueries.import
  • discoveryengine.sampleQueries.list
  • discoveryengine.sampleQueries.update

discoveryengine.sampleQuerySets.*

  • discoveryengine.sampleQuerySets.create
  • discoveryengine.sampleQuerySets.delete
  • discoveryengine.sampleQuerySets.get
  • discoveryengine.sampleQuerySets.list
  • discoveryengine.sampleQuerySets.update

discoveryengine.schemas.get

discoveryengine.schemas.list

discoveryengine.schemas.preview

discoveryengine.schemas.validate

discoveryengine.servingConfigs.answer

discoveryengine.servingConfigs.get

discoveryengine.servingConfigs.list

discoveryengine.servingConfigs.recommend

discoveryengine.servingConfigs.search

discoveryengine.sessions.*

  • discoveryengine.sessions.addContextFile
  • discoveryengine.sessions.create
  • discoveryengine.sessions.delete
  • discoveryengine.sessions.downloadFile
  • discoveryengine.sessions.generateSummary
  • discoveryengine.sessions.get
  • discoveryengine.sessions.list
  • discoveryengine.sessions.listSessionFileMetadata
  • discoveryengine.sessions.recommendQuestions
  • discoveryengine.sessions.removeContextFile
  • discoveryengine.sessions.search
  • discoveryengine.sessions.selectContextFiles
  • discoveryengine.sessions.update
  • discoveryengine.sessions.uploadFile

discoveryengine.sharedContents.*

  • discoveryengine.sharedContents.create
  • discoveryengine.sharedContents.delete
  • discoveryengine.sharedContents.get
  • discoveryengine.sharedContents.list

discoveryengine.siteSearchEngines.get

discoveryengine.targetSites.get

discoveryengine.targetSites.list

discoveryengine.userEvents.create

discoveryengine.userEvents.fetchStats

discoveryengine.userEvents.import

discoveryengine.userStores.get

discoveryengine.widgetConfigs.*

  • discoveryengine.widgetConfigs.get
  • discoveryengine.widgetConfigs.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/discoveryengine.agentspaceUser)

Concede acesso de usuário aos recursos do Gemini Enterprise.

businessaicode.*

  • businessaicode.locations.generateContent
  • businessaicode.locations.queryConfiguration
  • businessaicode.locations.sendTelemetry

cloudaicompanion.companions.*

  • cloudaicompanion.companions.generateChat
  • cloudaicompanion.companions.generateCode

cloudaicompanion.entitlements.get

cloudaicompanion.instances.*

  • cloudaicompanion.instances.completeCode
  • cloudaicompanion.instances.completeTask
  • cloudaicompanion.instances.exportMetrics
  • cloudaicompanion.instances.generateCode
  • cloudaicompanion.instances.generateText
  • cloudaicompanion.instances.queryEffectiveSetting
  • cloudaicompanion.instances.queryEffectiveSettingBindings

cloudaicompanion.licenses.selfAssign

cloudaicompanion.operations.get

cloudaicompanion.topics.create

discoveryengine.accounts.create

discoveryengine.agentFiles.*

  • discoveryengine.agentFiles.delete
  • discoveryengine.agentFiles.download
  • discoveryengine.agentFiles.import
  • discoveryengine.agentFiles.list
  • discoveryengine.agentFiles.upload

discoveryengine.agentIamProposals.*

  • discoveryengine.agentIamProposals.create
  • discoveryengine.agentIamProposals.delete
  • discoveryengine.agentIamProposals.get
  • discoveryengine.agentIamProposals.list

discoveryengine.agents.create

discoveryengine.agents.delete

discoveryengine.agents.get

discoveryengine.agents.getAgentView

discoveryengine.agents.list

discoveryengine.agents.listAvailableAgentViews

discoveryengine.agents.requestReview

discoveryengine.agents.update

discoveryengine.answers.get

discoveryengine.assistAnswers.get

discoveryengine.assistants.assist

discoveryengine.authorizations.storeUserAuthorization

discoveryengine.cannedQueries.listActiveCannedQueryUserViews

discoveryengine.completionConfigs.completeQuery

discoveryengine.completionConfigs.removeSuggestion

discoveryengine.dataConnectors.acquireAccessToken

discoveryengine.dataConnectors.acquireAndStoreRefreshToken

discoveryengine.dataConnectors.buildActionInvocation

discoveryengine.dataConnectors.checkRefreshToken

discoveryengine.dataConnectors.executeAction

discoveryengine.dataConnectors.queryAvailableActions

discoveryengine.engines.createEngineUserData

discoveryengine.engines.generateMemories

discoveryengine.engines.generatePersonalContext

discoveryengine.engines.get

discoveryengine.engines.getEngineUserData

discoveryengine.engines.getPersonalContext

discoveryengine.engines.updateEngineUserData

discoveryengine.homepageDataConfigs.fetchDocuments

discoveryengine.ideaForgeIdeas.*

  • discoveryengine.ideaForgeIdeas.create
  • discoveryengine.ideaForgeIdeas.get

discoveryengine.ideaForgeInstances.*

  • discoveryengine.ideaForgeInstances.get
  • discoveryengine.ideaForgeInstances.start

discoveryengine.locations.completeExternalIdentities

discoveryengine.locations.fetchAgentCards

discoveryengine.memories.*

  • discoveryengine.memories.delete
  • discoveryengine.memories.list
  • discoveryengine.memories.retrieve
  • discoveryengine.memories.update

discoveryengine.notebooks.create

discoveryengine.notebooks.list

discoveryengine.notificationMessages.*

  • discoveryengine.notificationMessages.ackAll
  • discoveryengine.notificationMessages.list
  • discoveryengine.notificationMessages.update

discoveryengine.servingConfigs.answer

discoveryengine.servingConfigs.recommend

discoveryengine.servingConfigs.search

discoveryengine.sessions.*

  • discoveryengine.sessions.addContextFile
  • discoveryengine.sessions.create
  • discoveryengine.sessions.delete
  • discoveryengine.sessions.downloadFile
  • discoveryengine.sessions.generateSummary
  • discoveryengine.sessions.get
  • discoveryengine.sessions.list
  • discoveryengine.sessions.listSessionFileMetadata
  • discoveryengine.sessions.recommendQuestions
  • discoveryengine.sessions.removeContextFile
  • discoveryengine.sessions.search
  • discoveryengine.sessions.selectContextFiles
  • discoveryengine.sessions.update
  • discoveryengine.sessions.uploadFile

discoveryengine.sharedContents.*

  • discoveryengine.sharedContents.create
  • discoveryengine.sharedContents.delete
  • discoveryengine.sharedContents.get
  • discoveryengine.sharedContents.list

discoveryengine.userEvents.create

discoveryengine.users.*

  • discoveryengine.users.get
  • discoveryengine.users.update

discoveryengine.widgetConfigs.get

resourcemanager.projects.get

resourcemanager.projects.list

(roles/discoveryengine.viewer)

Concede acesso de leitura a todos os recursos do Discovery Engine.

discoveryengine.aclConfigs.get

discoveryengine.agentFiles.list

discoveryengine.agents.get

discoveryengine.agents.getAgentView

discoveryengine.agents.getIamPolicy

discoveryengine.agents.list

discoveryengine.agents.listAvailableAgentViews

discoveryengine.alertPolicies.get

discoveryengine.analytics.*

  • discoveryengine.analytics.acquireDashboardSession
  • discoveryengine.analytics.refreshDashboardSessionTokens

discoveryengine.answers.get

discoveryengine.assistAnswers.get

discoveryengine.assistants.get

discoveryengine.assistants.list

discoveryengine.branches.*

  • discoveryengine.branches.get
  • discoveryengine.branches.list

discoveryengine.cannedQueries.get

discoveryengine.cannedQueries.list

discoveryengine.cannedQueries.listActiveCannedQueryUserViews

discoveryengine.cmekConfigs.get

discoveryengine.cmekConfigs.list

discoveryengine.collections.get

discoveryengine.collections.list

discoveryengine.completionConfigs.completeQuery

discoveryengine.completionConfigs.get

discoveryengine.connectorRuns.list

discoveryengine.controls.get

discoveryengine.controls.list

discoveryengine.conversations.converse

discoveryengine.conversations.get

discoveryengine.conversations.list

discoveryengine.dataConnectors.buildActionInvocation

discoveryengine.dataConnectors.checkRefreshToken

discoveryengine.dataConnectors.get

discoveryengine.dataConnectors.queryAvailableActions

discoveryengine.dataStores.completeQuery

discoveryengine.dataStores.get

discoveryengine.dataStores.list

discoveryengine.dataStores.listCustomModels

discoveryengine.documentProcessingConfigs.get

discoveryengine.documents.batchGetDocumentsMetadata

discoveryengine.documents.get

discoveryengine.documents.list

discoveryengine.engines.get

discoveryengine.engines.getPersonalContext

discoveryengine.engines.list

discoveryengine.evaluations.get

discoveryengine.evaluations.list

discoveryengine.groundingConfigs.check

discoveryengine.homepageDataConfigs.fetchDocuments

discoveryengine.ideaForgeIdeas.get

discoveryengine.ideaForgeInstances.get

discoveryengine.identityMappingStores.get

discoveryengine.identityMappingStores.list

discoveryengine.identityMappingStores.listIdentityMappings

discoveryengine.locations.completeExternalIdentities

discoveryengine.locations.fetchAgentCards

discoveryengine.memories.list

discoveryengine.memories.retrieve

discoveryengine.models.get

discoveryengine.models.list

discoveryengine.notificationMessages.list

discoveryengine.operations.*

  • discoveryengine.operations.get
  • discoveryengine.operations.list

discoveryengine.projects.get

discoveryengine.rankingConfigs.rank

discoveryengine.sampleQueries.get

discoveryengine.sampleQueries.list

discoveryengine.sampleQuerySets.get

discoveryengine.sampleQuerySets.list

discoveryengine.schemas.get

discoveryengine.schemas.list

discoveryengine.schemas.preview

discoveryengine.schemas.validate

discoveryengine.servingConfigs.answer

discoveryengine.servingConfigs.get

discoveryengine.servingConfigs.list

discoveryengine.servingConfigs.recommend

discoveryengine.servingConfigs.search

discoveryengine.sessions.downloadFile

discoveryengine.sessions.generateSummary

discoveryengine.sessions.get

discoveryengine.sessions.list

discoveryengine.sessions.listSessionFileMetadata

discoveryengine.sessions.recommendQuestions

discoveryengine.sharedContents.get

discoveryengine.sharedContents.list

discoveryengine.siteSearchEngines.get

discoveryengine.targetSites.get

discoveryengine.targetSites.list

discoveryengine.userEvents.fetchStats

discoveryengine.userStores.get

discoveryengine.widgetConfigs.get

resourcemanager.projects.get

resourcemanager.projects.list

Gerenciar o IAM do Gemini Enterprise

É possível receber e definir políticas de permissão e papéis do IAM usando o console do Google Cloud . Para mais informações, consulte Gerenciar o acesso a projetos, pastas e organizações.

Conceder permissões aos administradores

Como proprietário do projeto, você pode conceder os papéis Gemini Enterprise Admin, Service Usage Consumer e Logs Viewer aos usuários que querem ser administradores.

Siga estas etapas para adicionar os papéis:

  1. No console do Google Cloud , acesse a página IAM.

    Acessar IAM
  2. Selecione o projeto.
  3. Clique em Conceder acesso.

  4. No campo Novos principais, insira o identificador do usuário. Normalmente, é o endereço de e-mail de uma Conta do Google ou de um grupo de usuários.

  5. Adicione os papéis:
    1. Clique em Adicionar outro papel.
    2. Na lista Selecionar um papel, escolha Administrador do Gemini Enterprise.
    3. Repita as etapas a e b para adicionar os papéis Consumidor do Service Usage e Visualizador de registros.
  6. Clique em Salvar.

Conceder permissões aos usuários

Nesta seção, descrevemos como conceder aos usuários a função Gemini Enterprise User necessária para acessar apps.

  1. No console do Google Cloud , acesse a página IAM.

    Acessar IAM
  2. Selecione o projeto.
  3. Clique em Conceder acesso.

  4. No campo Novos principais, insira o identificador do usuário. Normalmente, é o endereço de e-mail de uma Conta do Google, um grupo de usuários ou o identificador de um usuário em um pool de identidades de força de trabalho. Para detalhes, consulte Identificadores principais para políticas de permissão.

  5. Adicione o papel:
    1. Clique em Adicionar outro papel.
    2. Na lista Selecionar um papel, escolha Usuário do Gemini Enterprise.
  6. Clique em Salvar.

Para permitir que os usuários gerenciem e compartilhem apps, conceda a eles a função Discovery Engine viewer.

A seguir