Controllo dell'accesso con IAM

Questa pagina descrive come controllare l'accesso e le autorizzazioni dell'API Discovery Engine per le risorse Vertex AI Search utilizzando Identity and Access Management (IAM).

Panoramica

Google Cloud offre IAM, che ti consente di concedere un accesso più granulare a determinate risorse Google Cloud e impedisce l'accesso indesiderato ad altre risorse. Questa pagina descrive i ruoli e le autorizzazioni IAM di Vertex AI Search. Per una descrizione dettagliata di Google Cloud IAM, consulta la documentazione di IAM.

Vertex AI Search fornisce un insieme di ruoli predefiniti progettati per aiutarti a controllare l'accesso alle risorse di Vertex AI Search. Puoi anche creare ruoli personalizzati se i ruoli predefiniti non forniscono i set di autorizzazioni di cui hai bisogno. Inoltre, i ruoli di base precedenti (Editor, Visualizzatore e Proprietario) sono ancora disponibili, anche se non forniscono lo stesso controllo granulare dei ruoli di Vertex AI Search. In particolare, i ruoli di base forniscono l'accesso alle risorse in Google Cloud anziché solo per Vertex AI Search. Per ulteriori informazioni, consulta la documentazione relativa ai ruoli di base.

Ruoli predefiniti

Vertex AI Search fornisce alcuni ruoli predefiniti che puoi utilizzare per fornire autorizzazioni più granulari alle entità. Il ruolo che concedi a un'entità controlla le azioni che l'entità può eseguire. Le entità possono essere persone, gruppi o service account.

Puoi concedere più ruoli alla stessa entità e puoi modificare i ruoli concessi a un'entità in qualsiasi momento, a condizione che tu disponga delle autorizzazioni per farlo.

I ruoli più ampi includono quelli definiti in modo più specifico. Ad esempio, il ruolo Discovery Engine Editor include tutte le autorizzazioni del ruolo Discovery Engine Viewer, oltre alle autorizzazioni aggiuntive del ruolo Discovery Engine Editor. Allo stesso modo, il ruolo Discovery Engine Admin include tutte le autorizzazioni del ruolo Discovery Engine Editor, oltre alle autorizzazioni aggiuntive.

I ruoli di base (Proprietario, Editor, Visualizzatore) forniscono autorizzazioni per Google Cloud. I ruoli specifici di Vertex AI Search forniscono solo autorizzazioni Vertex AI Search, ad eccezione delle seguenti Google Cloud autorizzazioni, necessarie per l'utilizzo Google Cloud generale:

  • resourcemanager.projects.get
  • resourcemanager.projects.list
  • serviceusage.services.list
  • serviceusage.services.get

La tabella seguente elenca i ruoli IAM di Vertex AI Search con un elenco corrispondente di tutte le autorizzazioni per ogni ruolo.

Ruolo Autorizzazioni

(roles/discoveryengine.admin)

Concede l'accesso completo a tutte le risorse Discovery Engine.

cloudaicompanion.aiDevToolsSettings.*

  • cloudaicompanion.aiDevToolsSettings.create
  • cloudaicompanion.aiDevToolsSettings.delete
  • cloudaicompanion.aiDevToolsSettings.get
  • cloudaicompanion.aiDevToolsSettings.list
  • cloudaicompanion.aiDevToolsSettings.update

cloudaicompanion.codeRepositoryIndexes.*

  • cloudaicompanion.codeRepositoryIndexes.create
  • cloudaicompanion.codeRepositoryIndexes.delete
  • cloudaicompanion.codeRepositoryIndexes.get
  • cloudaicompanion.codeRepositoryIndexes.list
  • cloudaicompanion.codeRepositoryIndexes.update

cloudaicompanion.codeToolsSettings.*

  • cloudaicompanion.codeToolsSettings.create
  • cloudaicompanion.codeToolsSettings.delete
  • cloudaicompanion.codeToolsSettings.get
  • cloudaicompanion.codeToolsSettings.list
  • cloudaicompanion.codeToolsSettings.update

cloudaicompanion.dataSharingWithGoogleSettings.*

  • cloudaicompanion.dataSharingWithGoogleSettings.create
  • cloudaicompanion.dataSharingWithGoogleSettings.delete
  • cloudaicompanion.dataSharingWithGoogleSettings.get
  • cloudaicompanion.dataSharingWithGoogleSettings.list
  • cloudaicompanion.dataSharingWithGoogleSettings.update

cloudaicompanion.geminiGcpEnablementSettings.*

  • cloudaicompanion.geminiGcpEnablementSettings.create
  • cloudaicompanion.geminiGcpEnablementSettings.delete
  • cloudaicompanion.geminiGcpEnablementSettings.get
  • cloudaicompanion.geminiGcpEnablementSettings.list
  • cloudaicompanion.geminiGcpEnablementSettings.update

cloudaicompanion.instances.queryEffectiveSetting

cloudaicompanion.instances.queryEffectiveSettingBindings

cloudaicompanion.loggingSettings.*

  • cloudaicompanion.loggingSettings.create
  • cloudaicompanion.loggingSettings.delete
  • cloudaicompanion.loggingSettings.get
  • cloudaicompanion.loggingSettings.list
  • cloudaicompanion.loggingSettings.update

cloudaicompanion.operations.*

  • cloudaicompanion.operations.cancel
  • cloudaicompanion.operations.delete
  • cloudaicompanion.operations.get
  • cloudaicompanion.operations.list

cloudaicompanion.releaseChannelSettings.*

  • cloudaicompanion.releaseChannelSettings.create
  • cloudaicompanion.releaseChannelSettings.delete
  • cloudaicompanion.releaseChannelSettings.get
  • cloudaicompanion.releaseChannelSettings.list
  • cloudaicompanion.releaseChannelSettings.update

cloudaicompanion.repositoryGroups.create

cloudaicompanion.repositoryGroups.delete

cloudaicompanion.repositoryGroups.get

cloudaicompanion.repositoryGroups.getIamPolicy

cloudaicompanion.repositoryGroups.list

cloudaicompanion.repositoryGroups.setIamPolicy

cloudaicompanion.repositoryGroups.update

cloudaicompanion.settingBindings.*

  • cloudaicompanion.settingBindings.aiDevToolsSettingsCreate
  • cloudaicompanion.settingBindings.aiDevToolsSettingsDelete
  • cloudaicompanion.settingBindings.aiDevToolsSettingsGet
  • cloudaicompanion.settingBindings.aiDevToolsSettingsList
  • cloudaicompanion.settingBindings.aiDevToolsSettingsUpdate
  • cloudaicompanion.settingBindings.aiDevToolsSettingsUse
  • cloudaicompanion.settingBindings.codeToolsSettingsCreate
  • cloudaicompanion.settingBindings.codeToolsSettingsDelete
  • cloudaicompanion.settingBindings.codeToolsSettingsGet
  • cloudaicompanion.settingBindings.codeToolsSettingsList
  • cloudaicompanion.settingBindings.codeToolsSettingsUpdate
  • cloudaicompanion.settingBindings.codeToolsSettingsUse
  • cloudaicompanion.settingBindings.dataSharingWithGoogleSettingsCreate
  • cloudaicompanion.settingBindings.dataSharingWithGoogleSettingsDelete
  • cloudaicompanion.settingBindings.dataSharingWithGoogleSettingsGet
  • cloudaicompanion.settingBindings.dataSharingWithGoogleSettingsList
  • cloudaicompanion.settingBindings.dataSharingWithGoogleSettingsUpdate
  • cloudaicompanion.settingBindings.dataSharingWithGoogleSettingsUse
  • cloudaicompanion.settingBindings.geminiGcpEnablementSettingsCreate
  • cloudaicompanion.settingBindings.geminiGcpEnablementSettingsDelete
  • cloudaicompanion.settingBindings.geminiGcpEnablementSettingsGet
  • cloudaicompanion.settingBindings.geminiGcpEnablementSettingsList
  • cloudaicompanion.settingBindings.geminiGcpEnablementSettingsUpdate
  • cloudaicompanion.settingBindings.geminiGcpEnablementSettingsUse
  • cloudaicompanion.settingBindings.loggingSettingsCreate
  • cloudaicompanion.settingBindings.loggingSettingsDelete
  • cloudaicompanion.settingBindings.loggingSettingsGet
  • cloudaicompanion.settingBindings.loggingSettingsList
  • cloudaicompanion.settingBindings.loggingSettingsUpdate
  • cloudaicompanion.settingBindings.loggingSettingsUse
  • cloudaicompanion.settingBindings.releaseChannelSettingsCreate
  • cloudaicompanion.settingBindings.releaseChannelSettingsDelete
  • cloudaicompanion.settingBindings.releaseChannelSettingsGet
  • cloudaicompanion.settingBindings.releaseChannelSettingsList
  • cloudaicompanion.settingBindings.releaseChannelSettingsUpdate
  • cloudaicompanion.settingBindings.releaseChannelSettingsUse

cloudnotifications.activities.list

discoveryengine.aclConfigs.*

  • discoveryengine.aclConfigs.get
  • discoveryengine.aclConfigs.update

discoveryengine.agentFiles.*

  • discoveryengine.agentFiles.delete
  • discoveryengine.agentFiles.download
  • discoveryengine.agentFiles.import
  • discoveryengine.agentFiles.list
  • discoveryengine.agentFiles.upload

discoveryengine.agentIamProposals.get

discoveryengine.agentIamProposals.list

discoveryengine.agents.create

discoveryengine.agents.delete

discoveryengine.agents.get

discoveryengine.agents.getAgentView

discoveryengine.agents.getIamPolicy

discoveryengine.agents.list

discoveryengine.agents.listAvailableAgentViews

discoveryengine.agents.manage

discoveryengine.agents.setIamPolicy

discoveryengine.agents.update

discoveryengine.alertPolicies.*

  • discoveryengine.alertPolicies.create
  • discoveryengine.alertPolicies.get
  • discoveryengine.alertPolicies.update

discoveryengine.analytics.*

  • discoveryengine.analytics.acquireDashboardSession
  • discoveryengine.analytics.refreshDashboardSessionTokens

discoveryengine.answers.get

discoveryengine.assistAnswers.get

discoveryengine.assistants.*

  • discoveryengine.assistants.assist
  • discoveryengine.assistants.create
  • discoveryengine.assistants.delete
  • discoveryengine.assistants.get
  • discoveryengine.assistants.list
  • discoveryengine.assistants.update

discoveryengine.authorizations.storeUserAuthorization

discoveryengine.billingAccountLicenseConfigs.*

  • discoveryengine.billingAccountLicenseConfigs.distribute
  • discoveryengine.billingAccountLicenseConfigs.get
  • discoveryengine.billingAccountLicenseConfigs.list
  • discoveryengine.billingAccountLicenseConfigs.retract

discoveryengine.branches.*

  • discoveryengine.branches.get
  • discoveryengine.branches.list

discoveryengine.cannedQueries.*

  • discoveryengine.cannedQueries.create
  • discoveryengine.cannedQueries.delete
  • discoveryengine.cannedQueries.get
  • discoveryengine.cannedQueries.list
  • discoveryengine.cannedQueries.listActiveCannedQueryUserViews
  • discoveryengine.cannedQueries.update

discoveryengine.cmekConfigs.*

  • discoveryengine.cmekConfigs.get
  • discoveryengine.cmekConfigs.list
  • discoveryengine.cmekConfigs.update

discoveryengine.collections.*

  • discoveryengine.collections.delete
  • discoveryengine.collections.get
  • discoveryengine.collections.list

discoveryengine.completionConfigs.*

  • discoveryengine.completionConfigs.completeQuery
  • discoveryengine.completionConfigs.get
  • discoveryengine.completionConfigs.removeSuggestion
  • discoveryengine.completionConfigs.update

discoveryengine.completionSuggestions.*

  • discoveryengine.completionSuggestions.import
  • discoveryengine.completionSuggestions.purge

discoveryengine.connectorRuns.*

  • discoveryengine.connectorRuns.cancel
  • discoveryengine.connectorRuns.list

discoveryengine.controls.*

  • discoveryengine.controls.create
  • discoveryengine.controls.delete
  • discoveryengine.controls.get
  • discoveryengine.controls.list
  • discoveryengine.controls.update

discoveryengine.conversations.*

  • discoveryengine.conversations.converse
  • discoveryengine.conversations.create
  • discoveryengine.conversations.delete
  • discoveryengine.conversations.get
  • discoveryengine.conversations.list
  • discoveryengine.conversations.update

discoveryengine.dataConnectors.*

  • discoveryengine.dataConnectors.acquireAccessToken
  • discoveryengine.dataConnectors.acquireAndStoreRefreshToken
  • discoveryengine.dataConnectors.buildActionInvocation
  • discoveryengine.dataConnectors.checkRefreshToken
  • discoveryengine.dataConnectors.executeAction
  • discoveryengine.dataConnectors.get
  • discoveryengine.dataConnectors.queryAvailableActions
  • discoveryengine.dataConnectors.startConnectorRun
  • discoveryengine.dataConnectors.update

discoveryengine.dataStores.*

  • discoveryengine.dataStores.completeQuery
  • discoveryengine.dataStores.create
  • discoveryengine.dataStores.delete
  • discoveryengine.dataStores.enrollSolutions
  • discoveryengine.dataStores.get
  • discoveryengine.dataStores.list
  • discoveryengine.dataStores.listCustomModels
  • discoveryengine.dataStores.trainCustomModel
  • discoveryengine.dataStores.update

discoveryengine.documentProcessingConfigs.*

  • discoveryengine.documentProcessingConfigs.get
  • discoveryengine.documentProcessingConfigs.update

discoveryengine.documents.*

  • discoveryengine.documents.batchGetDocumentsMetadata
  • discoveryengine.documents.create
  • discoveryengine.documents.delete
  • discoveryengine.documents.get
  • discoveryengine.documents.import
  • discoveryengine.documents.list
  • discoveryengine.documents.purge
  • discoveryengine.documents.update

discoveryengine.engines.*

  • discoveryengine.engines.create
  • discoveryengine.engines.createEngineUserData
  • discoveryengine.engines.delete
  • discoveryengine.engines.generateMemories
  • discoveryengine.engines.generatePersonalContext
  • discoveryengine.engines.get
  • discoveryengine.engines.getEngineUserData
  • discoveryengine.engines.getIamPolicy
  • discoveryengine.engines.getPersonalContext
  • discoveryengine.engines.list
  • discoveryengine.engines.pause
  • discoveryengine.engines.resume
  • discoveryengine.engines.setIamPolicy
  • discoveryengine.engines.tune
  • discoveryengine.engines.update
  • discoveryengine.engines.updateEngineUserData

discoveryengine.evaluations.*

  • discoveryengine.evaluations.create
  • discoveryengine.evaluations.get
  • discoveryengine.evaluations.list

discoveryengine.groundingConfigs.check

discoveryengine.homepageDataConfigs.fetchDocuments

discoveryengine.ideaForgeIdeas.*

  • discoveryengine.ideaForgeIdeas.create
  • discoveryengine.ideaForgeIdeas.get

discoveryengine.ideaForgeInstances.*

  • discoveryengine.ideaForgeInstances.get
  • discoveryengine.ideaForgeInstances.start

discoveryengine.identityMappingStores.*

  • discoveryengine.identityMappingStores.create
  • discoveryengine.identityMappingStores.delete
  • discoveryengine.identityMappingStores.get
  • discoveryengine.identityMappingStores.importIdentityMappings
  • discoveryengine.identityMappingStores.list
  • discoveryengine.identityMappingStores.listIdentityMappings
  • discoveryengine.identityMappingStores.purgeIdentityMappings

discoveryengine.licenseConfigs.*

  • discoveryengine.licenseConfigs.create
  • discoveryengine.licenseConfigs.get
  • discoveryengine.licenseConfigs.list
  • discoveryengine.licenseConfigs.update

discoveryengine.locations.*

  • discoveryengine.locations.completeExternalIdentities
  • discoveryengine.locations.estimateDataSize
  • discoveryengine.locations.exchangeAuthCredentials
  • discoveryengine.locations.fetchAgentCards
  • discoveryengine.locations.getConnectorSource
  • discoveryengine.locations.listConnectorSources
  • discoveryengine.locations.setUpDataConnector

discoveryengine.memories.*

  • discoveryengine.memories.delete
  • discoveryengine.memories.list
  • discoveryengine.memories.retrieve
  • discoveryengine.memories.update

discoveryengine.models.*

  • discoveryengine.models.create
  • discoveryengine.models.delete
  • discoveryengine.models.get
  • discoveryengine.models.list
  • discoveryengine.models.pause
  • discoveryengine.models.resume
  • discoveryengine.models.tune
  • discoveryengine.models.update

discoveryengine.notificationMessages.*

  • discoveryengine.notificationMessages.ackAll
  • discoveryengine.notificationMessages.list
  • discoveryengine.notificationMessages.update

discoveryengine.operations.*

  • discoveryengine.operations.get
  • discoveryengine.operations.list

discoveryengine.projects.*

  • discoveryengine.projects.get
  • discoveryengine.projects.provision
  • discoveryengine.projects.reportConsentChange

discoveryengine.rankingConfigs.rank

discoveryengine.sampleQueries.*

  • discoveryengine.sampleQueries.create
  • discoveryengine.sampleQueries.delete
  • discoveryengine.sampleQueries.get
  • discoveryengine.sampleQueries.import
  • discoveryengine.sampleQueries.list
  • discoveryengine.sampleQueries.update

discoveryengine.sampleQuerySets.*

  • discoveryengine.sampleQuerySets.create
  • discoveryengine.sampleQuerySets.delete
  • discoveryengine.sampleQuerySets.get
  • discoveryengine.sampleQuerySets.list
  • discoveryengine.sampleQuerySets.update

discoveryengine.schemas.*

  • discoveryengine.schemas.create
  • discoveryengine.schemas.delete
  • discoveryengine.schemas.get
  • discoveryengine.schemas.list
  • discoveryengine.schemas.preview
  • discoveryengine.schemas.update
  • discoveryengine.schemas.validate

discoveryengine.servingConfigs.*

  • discoveryengine.servingConfigs.answer
  • discoveryengine.servingConfigs.create
  • discoveryengine.servingConfigs.delete
  • discoveryengine.servingConfigs.get
  • discoveryengine.servingConfigs.list
  • discoveryengine.servingConfigs.recommend
  • discoveryengine.servingConfigs.search
  • discoveryengine.servingConfigs.update

discoveryengine.sessions.*

  • discoveryengine.sessions.addContextFile
  • discoveryengine.sessions.create
  • discoveryengine.sessions.delete
  • discoveryengine.sessions.downloadFile
  • discoveryengine.sessions.generateSummary
  • discoveryengine.sessions.get
  • discoveryengine.sessions.list
  • discoveryengine.sessions.listSessionFileMetadata
  • discoveryengine.sessions.recommendQuestions
  • discoveryengine.sessions.removeContextFile
  • discoveryengine.sessions.search
  • discoveryengine.sessions.selectContextFiles
  • discoveryengine.sessions.update
  • discoveryengine.sessions.uploadFile

discoveryengine.sharedContents.*

  • discoveryengine.sharedContents.create
  • discoveryengine.sharedContents.delete
  • discoveryengine.sharedContents.get
  • discoveryengine.sharedContents.list

discoveryengine.siteSearchEngines.*

  • discoveryengine.siteSearchEngines.batchVerifyTargetSites
  • discoveryengine.siteSearchEngines.disableAdvancedSiteSearch
  • discoveryengine.siteSearchEngines.enableAdvancedSiteSearch
  • discoveryengine.siteSearchEngines.fetchDomainVerificationStatus
  • discoveryengine.siteSearchEngines.get
  • discoveryengine.siteSearchEngines.recrawlUris

discoveryengine.sitemaps.*

  • discoveryengine.sitemaps.create
  • discoveryengine.sitemaps.delete
  • discoveryengine.sitemaps.fetch

discoveryengine.suggestionDenyListEntries.*

  • discoveryengine.suggestionDenyListEntries.import
  • discoveryengine.suggestionDenyListEntries.purge

discoveryengine.targetSites.*

  • discoveryengine.targetSites.batchCreate
  • discoveryengine.targetSites.create
  • discoveryengine.targetSites.delete
  • discoveryengine.targetSites.get
  • discoveryengine.targetSites.list
  • discoveryengine.targetSites.update

discoveryengine.userEvents.*

  • discoveryengine.userEvents.create
  • discoveryengine.userEvents.fetchStats
  • discoveryengine.userEvents.import
  • discoveryengine.userEvents.purge

discoveryengine.userStores.*

  • discoveryengine.userStores.batchUpdateUserLicenses
  • discoveryengine.userStores.get
  • discoveryengine.userStores.listUserLicenses
  • discoveryengine.userStores.update

discoveryengine.users.*

  • discoveryengine.users.get
  • discoveryengine.users.update

discoveryengine.widgetConfigs.*

  • discoveryengine.widgetConfigs.get
  • discoveryengine.widgetConfigs.update

monitoring.alertPolicies.get

monitoring.alertPolicies.list

monitoring.alertPolicies.listEffectiveTags

monitoring.alertPolicies.listTagBindings

monitoring.alerts.*

  • monitoring.alerts.get
  • monitoring.alerts.list

monitoring.dashboards.get

monitoring.dashboards.list

monitoring.dashboards.listEffectiveTags

monitoring.dashboards.listTagBindings

monitoring.groups.get

monitoring.groups.list

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

  • monitoring.monitoredResourceDescriptors.get
  • monitoring.monitoredResourceDescriptors.list

monitoring.notificationChannelDescriptors.*

  • monitoring.notificationChannelDescriptors.get
  • monitoring.notificationChannelDescriptors.list

monitoring.notificationChannels.get

monitoring.notificationChannels.list

monitoring.services.get

monitoring.services.list

monitoring.slos.get

monitoring.slos.list

monitoring.snoozes.get

monitoring.snoozes.list

monitoring.timeSeries.list

monitoring.uptimeCheckConfigs.get

monitoring.uptimeCheckConfigs.list

opsconfigmonitoring.resourceMetadata.list

resourcemanager.projects.get

resourcemanager.projects.list

stackdriver.projects.get

stackdriver.resourceMetadata.list

(roles/discoveryengine.editor)

Concede l'accesso in lettura e scrittura a tutte le risorse Discovery Engine.

discoveryengine.aclConfigs.get

discoveryengine.agentFiles.*

  • discoveryengine.agentFiles.delete
  • discoveryengine.agentFiles.download
  • discoveryengine.agentFiles.import
  • discoveryengine.agentFiles.list
  • discoveryengine.agentFiles.upload

discoveryengine.agents.create

discoveryengine.agents.delete

discoveryengine.agents.get

discoveryengine.agents.getAgentView

discoveryengine.agents.getIamPolicy

discoveryengine.agents.list

discoveryengine.agents.listAvailableAgentViews

discoveryengine.agents.manage

discoveryengine.agents.update

discoveryengine.alertPolicies.get

discoveryengine.analytics.*

  • discoveryengine.analytics.acquireDashboardSession
  • discoveryengine.analytics.refreshDashboardSessionTokens

discoveryengine.answers.get

discoveryengine.assistAnswers.get

discoveryengine.assistants.assist

discoveryengine.assistants.get

discoveryengine.assistants.list

discoveryengine.authorizations.storeUserAuthorization

discoveryengine.branches.*

  • discoveryengine.branches.get
  • discoveryengine.branches.list

discoveryengine.cannedQueries.get

discoveryengine.cannedQueries.list

discoveryengine.cannedQueries.listActiveCannedQueryUserViews

discoveryengine.cmekConfigs.get

discoveryengine.cmekConfigs.list

discoveryengine.collections.get

discoveryengine.collections.list

discoveryengine.completionConfigs.completeQuery

discoveryengine.completionConfigs.get

discoveryengine.completionConfigs.removeSuggestion

discoveryengine.connectorRuns.list

discoveryengine.controls.get

discoveryengine.controls.list

discoveryengine.conversations.*

  • discoveryengine.conversations.converse
  • discoveryengine.conversations.create
  • discoveryengine.conversations.delete
  • discoveryengine.conversations.get
  • discoveryengine.conversations.list
  • discoveryengine.conversations.update

discoveryengine.dataConnectors.acquireAccessToken

discoveryengine.dataConnectors.acquireAndStoreRefreshToken

discoveryengine.dataConnectors.buildActionInvocation

discoveryengine.dataConnectors.checkRefreshToken

discoveryengine.dataConnectors.executeAction

discoveryengine.dataConnectors.get

discoveryengine.dataConnectors.queryAvailableActions

discoveryengine.dataStores.completeQuery

discoveryengine.dataStores.get

discoveryengine.dataStores.list

discoveryengine.dataStores.listCustomModels

discoveryengine.dataStores.trainCustomModel

discoveryengine.documentProcessingConfigs.get

discoveryengine.documents.batchGetDocumentsMetadata

discoveryengine.documents.create

discoveryengine.documents.delete

discoveryengine.documents.get

discoveryengine.documents.import

discoveryengine.documents.list

discoveryengine.documents.update

discoveryengine.engines.createEngineUserData

discoveryengine.engines.generateMemories

discoveryengine.engines.generatePersonalContext

discoveryengine.engines.get

discoveryengine.engines.getEngineUserData

discoveryengine.engines.getPersonalContext

discoveryengine.engines.list

discoveryengine.engines.pause

discoveryengine.engines.resume

discoveryengine.engines.tune

discoveryengine.engines.updateEngineUserData

discoveryengine.evaluations.get

discoveryengine.evaluations.list

discoveryengine.groundingConfigs.check

discoveryengine.homepageDataConfigs.fetchDocuments

discoveryengine.ideaForgeIdeas.*

  • discoveryengine.ideaForgeIdeas.create
  • discoveryengine.ideaForgeIdeas.get

discoveryengine.ideaForgeInstances.*

  • discoveryengine.ideaForgeInstances.get
  • discoveryengine.ideaForgeInstances.start

discoveryengine.identityMappingStores.*

  • discoveryengine.identityMappingStores.create
  • discoveryengine.identityMappingStores.delete
  • discoveryengine.identityMappingStores.get
  • discoveryengine.identityMappingStores.importIdentityMappings
  • discoveryengine.identityMappingStores.list
  • discoveryengine.identityMappingStores.listIdentityMappings
  • discoveryengine.identityMappingStores.purgeIdentityMappings

discoveryengine.licenseConfigs.get

discoveryengine.licenseConfigs.list

discoveryengine.locations.completeExternalIdentities

discoveryengine.locations.fetchAgentCards

discoveryengine.memories.*

  • discoveryengine.memories.delete
  • discoveryengine.memories.list
  • discoveryengine.memories.retrieve
  • discoveryengine.memories.update

discoveryengine.models.*

  • discoveryengine.models.create
  • discoveryengine.models.delete
  • discoveryengine.models.get
  • discoveryengine.models.list
  • discoveryengine.models.pause
  • discoveryengine.models.resume
  • discoveryengine.models.tune
  • discoveryengine.models.update

discoveryengine.notificationMessages.*

  • discoveryengine.notificationMessages.ackAll
  • discoveryengine.notificationMessages.list
  • discoveryengine.notificationMessages.update

discoveryengine.operations.*

  • discoveryengine.operations.get
  • discoveryengine.operations.list

discoveryengine.projects.get

discoveryengine.rankingConfigs.rank

discoveryengine.sampleQueries.*

  • discoveryengine.sampleQueries.create
  • discoveryengine.sampleQueries.delete
  • discoveryengine.sampleQueries.get
  • discoveryengine.sampleQueries.import
  • discoveryengine.sampleQueries.list
  • discoveryengine.sampleQueries.update

discoveryengine.sampleQuerySets.*

  • discoveryengine.sampleQuerySets.create
  • discoveryengine.sampleQuerySets.delete
  • discoveryengine.sampleQuerySets.get
  • discoveryengine.sampleQuerySets.list
  • discoveryengine.sampleQuerySets.update

discoveryengine.schemas.get

discoveryengine.schemas.list

discoveryengine.schemas.preview

discoveryengine.schemas.validate

discoveryengine.servingConfigs.answer

discoveryengine.servingConfigs.get

discoveryengine.servingConfigs.list

discoveryengine.servingConfigs.recommend

discoveryengine.servingConfigs.search

discoveryengine.sessions.*

  • discoveryengine.sessions.addContextFile
  • discoveryengine.sessions.create
  • discoveryengine.sessions.delete
  • discoveryengine.sessions.downloadFile
  • discoveryengine.sessions.generateSummary
  • discoveryengine.sessions.get
  • discoveryengine.sessions.list
  • discoveryengine.sessions.listSessionFileMetadata
  • discoveryengine.sessions.recommendQuestions
  • discoveryengine.sessions.removeContextFile
  • discoveryengine.sessions.search
  • discoveryengine.sessions.selectContextFiles
  • discoveryengine.sessions.update
  • discoveryengine.sessions.uploadFile

discoveryengine.sharedContents.*

  • discoveryengine.sharedContents.create
  • discoveryengine.sharedContents.delete
  • discoveryengine.sharedContents.get
  • discoveryengine.sharedContents.list

discoveryengine.siteSearchEngines.get

discoveryengine.targetSites.get

discoveryengine.targetSites.list

discoveryengine.userEvents.create

discoveryengine.userEvents.fetchStats

discoveryengine.userEvents.import

discoveryengine.userStores.get

discoveryengine.widgetConfigs.*

  • discoveryengine.widgetConfigs.get
  • discoveryengine.widgetConfigs.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/discoveryengine.user)

Concede l'accesso a livello di utente alle risorse Discovery Engine.

businessaicode.*

  • businessaicode.locations.generateContent
  • businessaicode.locations.queryConfiguration
  • businessaicode.locations.sendTelemetry

cloudaicompanion.companions.*

  • cloudaicompanion.companions.generateChat
  • cloudaicompanion.companions.generateCode

cloudaicompanion.entitlements.get

cloudaicompanion.instances.*

  • cloudaicompanion.instances.completeCode
  • cloudaicompanion.instances.completeTask
  • cloudaicompanion.instances.exportMetrics
  • cloudaicompanion.instances.generateCode
  • cloudaicompanion.instances.generateText
  • cloudaicompanion.instances.queryEffectiveSetting
  • cloudaicompanion.instances.queryEffectiveSettingBindings

cloudaicompanion.licenses.selfAssign

cloudaicompanion.operations.get

cloudaicompanion.topics.create

discoveryengine.accounts.create

discoveryengine.agentFiles.*

  • discoveryengine.agentFiles.delete
  • discoveryengine.agentFiles.download
  • discoveryengine.agentFiles.import
  • discoveryengine.agentFiles.list
  • discoveryengine.agentFiles.upload

discoveryengine.agentIamProposals.*

  • discoveryengine.agentIamProposals.create
  • discoveryengine.agentIamProposals.delete
  • discoveryengine.agentIamProposals.get
  • discoveryengine.agentIamProposals.list

discoveryengine.agents.create

discoveryengine.agents.delete

discoveryengine.agents.get

discoveryengine.agents.getAgentView

discoveryengine.agents.list

discoveryengine.agents.listAvailableAgentViews

discoveryengine.agents.requestReview

discoveryengine.agents.update

discoveryengine.answers.get

discoveryengine.assistAnswers.get

discoveryengine.assistants.assist

discoveryengine.authorizations.storeUserAuthorization

discoveryengine.cannedQueries.listActiveCannedQueryUserViews

discoveryengine.completionConfigs.completeQuery

discoveryengine.completionConfigs.removeSuggestion

discoveryengine.dataConnectors.acquireAccessToken

discoveryengine.dataConnectors.acquireAndStoreRefreshToken

discoveryengine.dataConnectors.buildActionInvocation

discoveryengine.dataConnectors.checkRefreshToken

discoveryengine.dataConnectors.executeAction

discoveryengine.dataConnectors.queryAvailableActions

discoveryengine.engines.createEngineUserData

discoveryengine.engines.generateMemories

discoveryengine.engines.generatePersonalContext

discoveryengine.engines.get

discoveryengine.engines.getEngineUserData

discoveryengine.engines.getPersonalContext

discoveryengine.engines.updateEngineUserData

discoveryengine.homepageDataConfigs.fetchDocuments

discoveryengine.ideaForgeIdeas.*

  • discoveryengine.ideaForgeIdeas.create
  • discoveryengine.ideaForgeIdeas.get

discoveryengine.ideaForgeInstances.*

  • discoveryengine.ideaForgeInstances.get
  • discoveryengine.ideaForgeInstances.start

discoveryengine.locations.completeExternalIdentities

discoveryengine.locations.fetchAgentCards

discoveryengine.memories.*

  • discoveryengine.memories.delete
  • discoveryengine.memories.list
  • discoveryengine.memories.retrieve
  • discoveryengine.memories.update

discoveryengine.notebooks.create

discoveryengine.notebooks.list

discoveryengine.notificationMessages.*

  • discoveryengine.notificationMessages.ackAll
  • discoveryengine.notificationMessages.list
  • discoveryengine.notificationMessages.update

discoveryengine.servingConfigs.answer

discoveryengine.servingConfigs.recommend

discoveryengine.servingConfigs.search

discoveryengine.sessions.*

  • discoveryengine.sessions.addContextFile
  • discoveryengine.sessions.create
  • discoveryengine.sessions.delete
  • discoveryengine.sessions.downloadFile
  • discoveryengine.sessions.generateSummary
  • discoveryengine.sessions.get
  • discoveryengine.sessions.list
  • discoveryengine.sessions.listSessionFileMetadata
  • discoveryengine.sessions.recommendQuestions
  • discoveryengine.sessions.removeContextFile
  • discoveryengine.sessions.search
  • discoveryengine.sessions.selectContextFiles
  • discoveryengine.sessions.update
  • discoveryengine.sessions.uploadFile

discoveryengine.sharedContents.*

  • discoveryengine.sharedContents.create
  • discoveryengine.sharedContents.delete
  • discoveryengine.sharedContents.get
  • discoveryengine.sharedContents.list

discoveryengine.userEvents.create

discoveryengine.users.*

  • discoveryengine.users.get
  • discoveryengine.users.update

discoveryengine.widgetConfigs.get

resourcemanager.projects.get

resourcemanager.projects.list

(roles/discoveryengine.viewer)

Concede l'accesso in lettura a tutte le risorse Discovery Engine.

discoveryengine.aclConfigs.get

discoveryengine.agentFiles.list

discoveryengine.agents.get

discoveryengine.agents.getAgentView

discoveryengine.agents.getIamPolicy

discoveryengine.agents.list

discoveryengine.agents.listAvailableAgentViews

discoveryengine.alertPolicies.get

discoveryengine.analytics.*

  • discoveryengine.analytics.acquireDashboardSession
  • discoveryengine.analytics.refreshDashboardSessionTokens

discoveryengine.answers.get

discoveryengine.assistAnswers.get

discoveryengine.assistants.get

discoveryengine.assistants.list

discoveryengine.branches.*

  • discoveryengine.branches.get
  • discoveryengine.branches.list

discoveryengine.cannedQueries.get

discoveryengine.cannedQueries.list

discoveryengine.cannedQueries.listActiveCannedQueryUserViews

discoveryengine.cmekConfigs.get

discoveryengine.cmekConfigs.list

discoveryengine.collections.get

discoveryengine.collections.list

discoveryengine.completionConfigs.completeQuery

discoveryengine.completionConfigs.get

discoveryengine.connectorRuns.list

discoveryengine.controls.get

discoveryengine.controls.list

discoveryengine.conversations.converse

discoveryengine.conversations.get

discoveryengine.conversations.list

discoveryengine.dataConnectors.buildActionInvocation

discoveryengine.dataConnectors.checkRefreshToken

discoveryengine.dataConnectors.get

discoveryengine.dataConnectors.queryAvailableActions

discoveryengine.dataStores.completeQuery

discoveryengine.dataStores.get

discoveryengine.dataStores.list

discoveryengine.dataStores.listCustomModels

discoveryengine.documentProcessingConfigs.get

discoveryengine.documents.batchGetDocumentsMetadata

discoveryengine.documents.get

discoveryengine.documents.list

discoveryengine.engines.get

discoveryengine.engines.getPersonalContext

discoveryengine.engines.list

discoveryengine.evaluations.get

discoveryengine.evaluations.list

discoveryengine.groundingConfigs.check

discoveryengine.homepageDataConfigs.fetchDocuments

discoveryengine.ideaForgeIdeas.get

discoveryengine.ideaForgeInstances.get

discoveryengine.identityMappingStores.get

discoveryengine.identityMappingStores.list

discoveryengine.identityMappingStores.listIdentityMappings

discoveryengine.locations.completeExternalIdentities

discoveryengine.locations.fetchAgentCards

discoveryengine.memories.list

discoveryengine.memories.retrieve

discoveryengine.models.get

discoveryengine.models.list

discoveryengine.notificationMessages.list

discoveryengine.operations.*

  • discoveryengine.operations.get
  • discoveryengine.operations.list

discoveryengine.projects.get

discoveryengine.rankingConfigs.rank

discoveryengine.sampleQueries.get

discoveryengine.sampleQueries.list

discoveryengine.sampleQuerySets.get

discoveryengine.sampleQuerySets.list

discoveryengine.schemas.get

discoveryengine.schemas.list

discoveryengine.schemas.preview

discoveryengine.schemas.validate

discoveryengine.servingConfigs.answer

discoveryengine.servingConfigs.get

discoveryengine.servingConfigs.list

discoveryengine.servingConfigs.recommend

discoveryengine.servingConfigs.search

discoveryengine.sessions.downloadFile

discoveryengine.sessions.generateSummary

discoveryengine.sessions.get

discoveryengine.sessions.list

discoveryengine.sessions.listSessionFileMetadata

discoveryengine.sessions.recommendQuestions

discoveryengine.sharedContents.get

discoveryengine.sharedContents.list

discoveryengine.siteSearchEngines.get

discoveryengine.targetSites.get

discoveryengine.targetSites.list

discoveryengine.userEvents.fetchStats

discoveryengine.userStores.get

discoveryengine.widgetConfigs.get

resourcemanager.projects.get

resourcemanager.projects.list

Gestisci IAM di Vertex AI Search

Puoi ottenere e impostare i ruoli IAM e i criteri di autorizzazione IAM utilizzando la console Google Cloud. Per saperne di più, consulta la pagina Gestire l'accesso a progetti, cartelle e organizzazioni.

Passaggi successivi