Halaman ini diterjemahkan oleh Cloud Translation API.

Kontrol akses dengan IAM

Halaman ini menjelaskan cara mengontrol akses dan izin Discovery Engine API untuk resource Vertex AI Search menggunakan Identity and Access Management (IAM).

Ringkasan

Google Cloud menawarkan IAM, yang memungkinkan Anda memberikan akses yang lebih terperinci ke resource Google Cloud tertentu dan mencegah akses yang tidak diinginkan ke resource lain. Halaman ini menjelaskan peran dan izin IAM Vertex AI Search. Untuk mengetahui deskripsi mendetail tentang IAM Google Cloud, lihat dokumentasi IAM.

Vertex AI Search menyediakan serangkaian peran standar yang dirancang untuk membantu Anda mengontrol akses ke resource Vertex AI Search. Anda juga dapat membuat peran khusus sendiri jika peran yang telah ditetapkan tidak menyediakan kumpulan izin yang Anda perlukan. Selain itu, peran dasar lama (Editor, Viewer, dan Pemilik) juga masih tersedia untuk Anda, meskipun tidak memberikan kontrol terperinci yang sama dengan peran Vertex AI Search. Secara khusus, peran dasar memberikan akses ke resource di seluruh Google Cloud , bukan hanya untuk Vertex AI Search. Lihat dokumentasi peran dasar untuk mengetahui informasi selengkapnya.

Peran yang telah ditetapkan

Vertex AI Search menyediakan beberapa peran standar yang dapat Anda gunakan untuk memberikan izin yang lebih terperinci kepada entity utama. Peran yang Anda berikan kepada akun utama mengontrol tindakan yang dapat dilakukan akun utama. Akun utama dapat berupa individu, grup, atau akun layanan.

Anda dapat memberikan beberapa peran ke akun utama yang sama, dan dapat mengubah peran yang diberikan ke akun utama kapan saja, asalkan Anda memiliki izin untuk melakukannya.

Peran yang lebih luas mencakup peran yang lebih spesifik. Misalnya, peran Editor Discovery Engine mencakup semua izin peran Viewer Discovery Engine, beserta izin tambahan peran Editor Discovery Engine. Demikian juga, peran Admin Discovery Engine mencakup semua izin peran Editor Discovery Engine, beserta izin tambahannya.

Peran dasar (Pemilik, Editor, Viewer) memberikan izin di seluruh Google Cloud. Peran khusus untuk Vertex AI Search hanya memberikan izin Vertex AI Search, kecuali izin Google Cloudberikut, yang diperlukan untuk penggunaan Google Cloud umum:

resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.services.list
serviceusage.services.get

Tabel berikut mencantumkan peran IAM Vertex AI Search beserta daftar terkait semua izin untuk setiap peran.

Peran Izin

Peran	Izin
Admin Discovery Engine (`roles/discoveryengine.admin`) Memberikan akses penuh ke semua resource discoveryengine.	`discoveryengine.aclConfigs.` `discoveryengine.aclConfigs.get` `discoveryengine.aclConfigs.update` `discoveryengine.agents.` `discoveryengine.agents.create` `discoveryengine.agents.delete` `discoveryengine.agents.get` `discoveryengine.agents.list` `discoveryengine.agents.update` `discoveryengine.alertPolicies.` `discoveryengine.alertPolicies.create` `discoveryengine.alertPolicies.get` `discoveryengine.alertPolicies.update` `discoveryengine.analytics.` `discoveryengine.analytics.acquireDashboardSession` `discoveryengine.analytics.refreshDashboardSessionTokens` `discoveryengine.answers.get` `discoveryengine.assistAnswers.get` `discoveryengine.assistants.` `discoveryengine.assistants.assist` `discoveryengine.assistants.create` `discoveryengine.assistants.delete` `discoveryengine.assistants.get` `discoveryengine.assistants.list` `discoveryengine.assistants.update` `discoveryengine.branches.` `discoveryengine.branches.get` `discoveryengine.branches.list` `discoveryengine.cmekConfigs.` `discoveryengine.cmekConfigs.get` `discoveryengine.cmekConfigs.list` `discoveryengine.cmekConfigs.update` `discoveryengine.collections.` `discoveryengine.collections.delete` `discoveryengine.collections.get` `discoveryengine.collections.list` `discoveryengine.completionConfigs.` `discoveryengine.completionConfigs.completeQuery` `discoveryengine.completionConfigs.get` `discoveryengine.completionConfigs.update` `discoveryengine.connectorRuns.` `discoveryengine.connectorRuns.cancel` `discoveryengine.connectorRuns.list` `discoveryengine.controls.` `discoveryengine.controls.create` `discoveryengine.controls.delete` `discoveryengine.controls.get` `discoveryengine.controls.list` `discoveryengine.controls.update` `discoveryengine.conversations.` `discoveryengine.conversations.converse` `discoveryengine.conversations.create` `discoveryengine.conversations.delete` `discoveryengine.conversations.get` `discoveryengine.conversations.list` `discoveryengine.conversations.update` `discoveryengine.dataConnectors.` `discoveryengine.dataConnectors.acquireAccessToken` `discoveryengine.dataConnectors.acquireAndStoreRefreshToken` `discoveryengine.dataConnectors.buildActionInvocation` `discoveryengine.dataConnectors.checkRefreshToken` `discoveryengine.dataConnectors.executeAction` `discoveryengine.dataConnectors.get` `discoveryengine.dataConnectors.queryAvailableActions` `discoveryengine.dataConnectors.startConnectorRun` `discoveryengine.dataConnectors.update` `discoveryengine.dataStores.` `discoveryengine.dataStores.completeQuery` `discoveryengine.dataStores.create` `discoveryengine.dataStores.delete` `discoveryengine.dataStores.enrollSolutions` `discoveryengine.dataStores.get` `discoveryengine.dataStores.list` `discoveryengine.dataStores.listCustomModels` `discoveryengine.dataStores.trainCustomModel` `discoveryengine.dataStores.update` `discoveryengine.documentProcessingConfigs.` `discoveryengine.documentProcessingConfigs.get` `discoveryengine.documentProcessingConfigs.update` `discoveryengine.documents.` `discoveryengine.documents.batchGetDocumentsMetadata` `discoveryengine.documents.create` `discoveryengine.documents.delete` `discoveryengine.documents.get` `discoveryengine.documents.import` `discoveryengine.documents.list` `discoveryengine.documents.purge` `discoveryengine.documents.update` `discoveryengine.engines.` `discoveryengine.engines.create` `discoveryengine.engines.createEngineUserData` `discoveryengine.engines.delete` `discoveryengine.engines.get` `discoveryengine.engines.list` `discoveryengine.engines.pause` `discoveryengine.engines.resume` `discoveryengine.engines.tune` `discoveryengine.engines.update` `discoveryengine.evaluations.` `discoveryengine.evaluations.create` `discoveryengine.evaluations.get` `discoveryengine.evaluations.list` `discoveryengine.groundingConfigs.check` `discoveryengine.identityMappingStores.` `discoveryengine.identityMappingStores.create` `discoveryengine.identityMappingStores.delete` `discoveryengine.identityMappingStores.get` `discoveryengine.identityMappingStores.importIdentityMappings` `discoveryengine.identityMappingStores.list` `discoveryengine.identityMappingStores.listIdentityMappings` `discoveryengine.identityMappingStores.purgeIdentityMappings` `discoveryengine.licenseConfigs.` `discoveryengine.licenseConfigs.create` `discoveryengine.licenseConfigs.get` `discoveryengine.licenseConfigs.list` `discoveryengine.licenseConfigs.update` `discoveryengine.locations.` `discoveryengine.locations.estimateDataSize` `discoveryengine.locations.exchangeAuthCredentials` `discoveryengine.locations.getConnectorSource` `discoveryengine.locations.listConnectorSources` `discoveryengine.locations.setUpDataConnector` `discoveryengine.models.` `discoveryengine.models.create` `discoveryengine.models.delete` `discoveryengine.models.get` `discoveryengine.models.list` `discoveryengine.models.pause` `discoveryengine.models.resume` `discoveryengine.models.tune` `discoveryengine.models.update` `discoveryengine.operations.` `discoveryengine.operations.get` `discoveryengine.operations.list` `discoveryengine.projects.` `discoveryengine.projects.get` `discoveryengine.projects.provision` `discoveryengine.projects.reportConsentChange` `discoveryengine.rankingConfigs.rank` `discoveryengine.sampleQueries.` `discoveryengine.sampleQueries.create` `discoveryengine.sampleQueries.delete` `discoveryengine.sampleQueries.get` `discoveryengine.sampleQueries.import` `discoveryengine.sampleQueries.list` `discoveryengine.sampleQueries.update` `discoveryengine.sampleQuerySets.` `discoveryengine.sampleQuerySets.create` `discoveryengine.sampleQuerySets.delete` `discoveryengine.sampleQuerySets.get` `discoveryengine.sampleQuerySets.list` `discoveryengine.sampleQuerySets.update` `discoveryengine.schemas.` `discoveryengine.schemas.create` `discoveryengine.schemas.delete` `discoveryengine.schemas.get` `discoveryengine.schemas.list` `discoveryengine.schemas.preview` `discoveryengine.schemas.update` `discoveryengine.schemas.validate` `discoveryengine.servingConfigs.` `discoveryengine.servingConfigs.answer` `discoveryengine.servingConfigs.create` `discoveryengine.servingConfigs.delete` `discoveryengine.servingConfigs.get` `discoveryengine.servingConfigs.list` `discoveryengine.servingConfigs.recommend` `discoveryengine.servingConfigs.search` `discoveryengine.servingConfigs.update` `discoveryengine.sessions.` `discoveryengine.sessions.addContextFile` `discoveryengine.sessions.create` `discoveryengine.sessions.delete` `discoveryengine.sessions.downloadFile` `discoveryengine.sessions.get` `discoveryengine.sessions.list` `discoveryengine.sessions.listSessionFileMetadata` `discoveryengine.sessions.recommendQuestions` `discoveryengine.sessions.removeContextFile` `discoveryengine.sessions.search` `discoveryengine.sessions.selectContextFiles` `discoveryengine.sessions.update` `discoveryengine.sessions.uploadFile` `discoveryengine.siteSearchEngines.` `discoveryengine.siteSearchEngines.batchVerifyTargetSites` `discoveryengine.siteSearchEngines.disableAdvancedSiteSearch` `discoveryengine.siteSearchEngines.enableAdvancedSiteSearch` `discoveryengine.siteSearchEngines.fetchDomainVerificationStatus` `discoveryengine.siteSearchEngines.get` `discoveryengine.siteSearchEngines.recrawlUris` `discoveryengine.sitemaps.` `discoveryengine.sitemaps.create` `discoveryengine.sitemaps.delete` `discoveryengine.sitemaps.fetch` `discoveryengine.suggestionDenyListEntries.` `discoveryengine.suggestionDenyListEntries.import` `discoveryengine.suggestionDenyListEntries.purge` `discoveryengine.targetSites.` `discoveryengine.targetSites.batchCreate` `discoveryengine.targetSites.create` `discoveryengine.targetSites.delete` `discoveryengine.targetSites.get` `discoveryengine.targetSites.list` `discoveryengine.targetSites.update` `discoveryengine.userEvents.` `discoveryengine.userEvents.create` `discoveryengine.userEvents.fetchStats` `discoveryengine.userEvents.import` `discoveryengine.userEvents.purge` `discoveryengine.userStores.` `discoveryengine.userStores.batchUpdateUserLicenses` `discoveryengine.userStores.get` `discoveryengine.userStores.listUserLicenses` `discoveryengine.userStores.update` `discoveryengine.users.` `discoveryengine.users.get` `discoveryengine.users.update` `discoveryengine.widgetConfigs.*` `discoveryengine.widgetConfigs.get` `discoveryengine.widgetConfigs.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Editor Discovery Engine (`roles/discoveryengine.editor`) Memberikan akses baca dan tulis ke semua resource mesin penemuan.	`discoveryengine.aclConfigs.get` `discoveryengine.agents.` `discoveryengine.agents.create` `discoveryengine.agents.delete` `discoveryengine.agents.get` `discoveryengine.agents.list` `discoveryengine.agents.update` `discoveryengine.alertPolicies.get` `discoveryengine.analytics.` `discoveryengine.analytics.acquireDashboardSession` `discoveryengine.analytics.refreshDashboardSessionTokens` `discoveryengine.answers.get` `discoveryengine.assistAnswers.get` `discoveryengine.assistants.assist` `discoveryengine.assistants.get` `discoveryengine.assistants.list` `discoveryengine.branches.` `discoveryengine.branches.get` `discoveryengine.branches.list` `discoveryengine.cmekConfigs.get` `discoveryengine.cmekConfigs.list` `discoveryengine.collections.get` `discoveryengine.collections.list` `discoveryengine.completionConfigs.completeQuery` `discoveryengine.completionConfigs.get` `discoveryengine.connectorRuns.list` `discoveryengine.controls.get` `discoveryengine.controls.list` `discoveryengine.conversations.` `discoveryengine.conversations.converse` `discoveryengine.conversations.create` `discoveryengine.conversations.delete` `discoveryengine.conversations.get` `discoveryengine.conversations.list` `discoveryengine.conversations.update` `discoveryengine.dataConnectors.acquireAccessToken` `discoveryengine.dataConnectors.acquireAndStoreRefreshToken` `discoveryengine.dataConnectors.buildActionInvocation` `discoveryengine.dataConnectors.checkRefreshToken` `discoveryengine.dataConnectors.executeAction` `discoveryengine.dataConnectors.get` `discoveryengine.dataConnectors.queryAvailableActions` `discoveryengine.dataStores.completeQuery` `discoveryengine.dataStores.get` `discoveryengine.dataStores.list` `discoveryengine.dataStores.listCustomModels` `discoveryengine.dataStores.trainCustomModel` `discoveryengine.documentProcessingConfigs.get` `discoveryengine.documents.batchGetDocumentsMetadata` `discoveryengine.documents.create` `discoveryengine.documents.delete` `discoveryengine.documents.get` `discoveryengine.documents.import` `discoveryengine.documents.list` `discoveryengine.documents.update` `discoveryengine.engines.createEngineUserData` `discoveryengine.engines.get` `discoveryengine.engines.list` `discoveryengine.engines.pause` `discoveryengine.engines.resume` `discoveryengine.engines.tune` `discoveryengine.evaluations.get` `discoveryengine.evaluations.list` `discoveryengine.groundingConfigs.check` `discoveryengine.identityMappingStores.` `discoveryengine.identityMappingStores.create` `discoveryengine.identityMappingStores.delete` `discoveryengine.identityMappingStores.get` `discoveryengine.identityMappingStores.importIdentityMappings` `discoveryengine.identityMappingStores.list` `discoveryengine.identityMappingStores.listIdentityMappings` `discoveryengine.identityMappingStores.purgeIdentityMappings` `discoveryengine.licenseConfigs.get` `discoveryengine.licenseConfigs.list` `discoveryengine.models.` `discoveryengine.models.create` `discoveryengine.models.delete` `discoveryengine.models.get` `discoveryengine.models.list` `discoveryengine.models.pause` `discoveryengine.models.resume` `discoveryengine.models.tune` `discoveryengine.models.update` `discoveryengine.operations.` `discoveryengine.operations.get` `discoveryengine.operations.list` `discoveryengine.projects.get` `discoveryengine.rankingConfigs.rank` `discoveryengine.sampleQueries.` `discoveryengine.sampleQueries.create` `discoveryengine.sampleQueries.delete` `discoveryengine.sampleQueries.get` `discoveryengine.sampleQueries.import` `discoveryengine.sampleQueries.list` `discoveryengine.sampleQueries.update` `discoveryengine.sampleQuerySets.` `discoveryengine.sampleQuerySets.create` `discoveryengine.sampleQuerySets.delete` `discoveryengine.sampleQuerySets.get` `discoveryengine.sampleQuerySets.list` `discoveryengine.sampleQuerySets.update` `discoveryengine.schemas.get` `discoveryengine.schemas.list` `discoveryengine.schemas.preview` `discoveryengine.schemas.validate` `discoveryengine.servingConfigs.answer` `discoveryengine.servingConfigs.get` `discoveryengine.servingConfigs.list` `discoveryengine.servingConfigs.recommend` `discoveryengine.servingConfigs.search` `discoveryengine.sessions.` `discoveryengine.sessions.addContextFile` `discoveryengine.sessions.create` `discoveryengine.sessions.delete` `discoveryengine.sessions.downloadFile` `discoveryengine.sessions.get` `discoveryengine.sessions.list` `discoveryengine.sessions.listSessionFileMetadata` `discoveryengine.sessions.recommendQuestions` `discoveryengine.sessions.removeContextFile` `discoveryengine.sessions.search` `discoveryengine.sessions.selectContextFiles` `discoveryengine.sessions.update` `discoveryengine.sessions.uploadFile` `discoveryengine.siteSearchEngines.get` `discoveryengine.targetSites.get` `discoveryengine.targetSites.list` `discoveryengine.userEvents.create` `discoveryengine.userEvents.fetchStats` `discoveryengine.userEvents.import` `discoveryengine.userStores.get` `discoveryengine.widgetConfigs.*` `discoveryengine.widgetConfigs.get` `discoveryengine.widgetConfigs.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Pengguna Discovery Engine (`roles/discoveryengine.user`) Memberikan akses tingkat pengguna ke resource Discovery Engine.	`discoveryengine.accounts.create` `discoveryengine.agents.` `discoveryengine.agents.create` `discoveryengine.agents.delete` `discoveryengine.agents.get` `discoveryengine.agents.list` `discoveryengine.agents.update` `discoveryengine.answers.get` `discoveryengine.assistAnswers.get` `discoveryengine.assistants.assist` `discoveryengine.completionConfigs.completeQuery` `discoveryengine.dataConnectors.acquireAccessToken` `discoveryengine.dataConnectors.acquireAndStoreRefreshToken` `discoveryengine.dataConnectors.buildActionInvocation` `discoveryengine.dataConnectors.checkRefreshToken` `discoveryengine.dataConnectors.executeAction` `discoveryengine.dataConnectors.queryAvailableActions` `discoveryengine.engines.createEngineUserData` `discoveryengine.engines.get` `discoveryengine.notebooks.create` `discoveryengine.notebooks.list` `discoveryengine.servingConfigs.answer` `discoveryengine.servingConfigs.recommend` `discoveryengine.servingConfigs.search` `discoveryengine.sessions.` `discoveryengine.sessions.addContextFile` `discoveryengine.sessions.create` `discoveryengine.sessions.delete` `discoveryengine.sessions.downloadFile` `discoveryengine.sessions.get` `discoveryengine.sessions.list` `discoveryengine.sessions.listSessionFileMetadata` `discoveryengine.sessions.recommendQuestions` `discoveryengine.sessions.removeContextFile` `discoveryengine.sessions.search` `discoveryengine.sessions.selectContextFiles` `discoveryengine.sessions.update` `discoveryengine.sessions.uploadFile` `discoveryengine.userEvents.create` `discoveryengine.widgetConfigs.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Pelihat Discovery Engine (`roles/discoveryengine.viewer`) Memberikan akses baca ke semua resource mesin penemuan.	`discoveryengine.aclConfigs.get` `discoveryengine.agents.get` `discoveryengine.agents.list` `discoveryengine.alertPolicies.get` `discoveryengine.analytics.` `discoveryengine.analytics.acquireDashboardSession` `discoveryengine.analytics.refreshDashboardSessionTokens` `discoveryengine.answers.get` `discoveryengine.assistAnswers.get` `discoveryengine.assistants.get` `discoveryengine.assistants.list` `discoveryengine.branches.` `discoveryengine.branches.get` `discoveryengine.branches.list` `discoveryengine.cmekConfigs.get` `discoveryengine.cmekConfigs.list` `discoveryengine.collections.get` `discoveryengine.collections.list` `discoveryengine.completionConfigs.completeQuery` `discoveryengine.completionConfigs.get` `discoveryengine.connectorRuns.list` `discoveryengine.controls.get` `discoveryengine.controls.list` `discoveryengine.conversations.converse` `discoveryengine.conversations.get` `discoveryengine.conversations.list` `discoveryengine.dataConnectors.buildActionInvocation` `discoveryengine.dataConnectors.checkRefreshToken` `discoveryengine.dataConnectors.get` `discoveryengine.dataConnectors.queryAvailableActions` `discoveryengine.dataStores.completeQuery` `discoveryengine.dataStores.get` `discoveryengine.dataStores.list` `discoveryengine.dataStores.listCustomModels` `discoveryengine.documentProcessingConfigs.get` `discoveryengine.documents.batchGetDocumentsMetadata` `discoveryengine.documents.get` `discoveryengine.documents.list` `discoveryengine.engines.get` `discoveryengine.engines.list` `discoveryengine.evaluations.get` `discoveryengine.evaluations.list` `discoveryengine.groundingConfigs.check` `discoveryengine.identityMappingStores.get` `discoveryengine.identityMappingStores.list` `discoveryengine.identityMappingStores.listIdentityMappings` `discoveryengine.models.get` `discoveryengine.models.list` `discoveryengine.operations.*` `discoveryengine.operations.get` `discoveryengine.operations.list` `discoveryengine.projects.get` `discoveryengine.rankingConfigs.rank` `discoveryengine.sampleQueries.get` `discoveryengine.sampleQueries.list` `discoveryengine.sampleQuerySets.get` `discoveryengine.sampleQuerySets.list` `discoveryengine.schemas.get` `discoveryengine.schemas.list` `discoveryengine.schemas.preview` `discoveryengine.schemas.validate` `discoveryengine.servingConfigs.answer` `discoveryengine.servingConfigs.get` `discoveryengine.servingConfigs.list` `discoveryengine.servingConfigs.recommend` `discoveryengine.servingConfigs.search` `discoveryengine.sessions.downloadFile` `discoveryengine.sessions.get` `discoveryengine.sessions.list` `discoveryengine.sessions.listSessionFileMetadata` `discoveryengine.sessions.recommendQuestions` `discoveryengine.siteSearchEngines.get` `discoveryengine.targetSites.get` `discoveryengine.targetSites.list` `discoveryengine.userEvents.fetchStats` `discoveryengine.userStores.get` `discoveryengine.widgetConfigs.get` `resourcemanager.projects.get` `resourcemanager.projects.list`

Admin Discovery Engine

(roles/discoveryengine.admin)

Memberikan akses penuh ke semua resource discoveryengine.

discoveryengine.aclConfigs.*

discoveryengine.aclConfigs.get
discoveryengine.aclConfigs.update

discoveryengine.agents.*

discoveryengine.agents.create
discoveryengine.agents.delete
discoveryengine.agents.get
discoveryengine.agents.list
discoveryengine.agents.update

discoveryengine.alertPolicies.*

discoveryengine.alertPolicies.create
discoveryengine.alertPolicies.get
discoveryengine.alertPolicies.update

discoveryengine.analytics.*

discoveryengine.analytics.acquireDashboardSession
discoveryengine.analytics.refreshDashboardSessionTokens

discoveryengine.answers.get

discoveryengine.assistAnswers.get

discoveryengine.assistants.*

discoveryengine.assistants.assist
discoveryengine.assistants.create
discoveryengine.assistants.delete
discoveryengine.assistants.get
discoveryengine.assistants.list
discoveryengine.assistants.update

discoveryengine.branches.*

discoveryengine.branches.get
discoveryengine.branches.list

discoveryengine.cmekConfigs.*

discoveryengine.cmekConfigs.get
discoveryengine.cmekConfigs.list
discoveryengine.cmekConfigs.update

discoveryengine.collections.*

discoveryengine.collections.delete
discoveryengine.collections.get
discoveryengine.collections.list

discoveryengine.completionConfigs.*

discoveryengine.completionConfigs.completeQuery
discoveryengine.completionConfigs.get
discoveryengine.completionConfigs.update

discoveryengine.connectorRuns.*

discoveryengine.connectorRuns.cancel
discoveryengine.connectorRuns.list

discoveryengine.controls.*

discoveryengine.controls.create
discoveryengine.controls.delete
discoveryengine.controls.get
discoveryengine.controls.list
discoveryengine.controls.update

discoveryengine.conversations.*

discoveryengine.conversations.converse
discoveryengine.conversations.create
discoveryengine.conversations.delete
discoveryengine.conversations.get
discoveryengine.conversations.list
discoveryengine.conversations.update

discoveryengine.dataConnectors.*

discoveryengine.dataConnectors.acquireAccessToken
discoveryengine.dataConnectors.acquireAndStoreRefreshToken
discoveryengine.dataConnectors.buildActionInvocation
discoveryengine.dataConnectors.checkRefreshToken
discoveryengine.dataConnectors.executeAction
discoveryengine.dataConnectors.get
discoveryengine.dataConnectors.queryAvailableActions
discoveryengine.dataConnectors.startConnectorRun
discoveryengine.dataConnectors.update

discoveryengine.dataStores.*

discoveryengine.dataStores.completeQuery
discoveryengine.dataStores.create
discoveryengine.dataStores.delete
discoveryengine.dataStores.enrollSolutions
discoveryengine.dataStores.get
discoveryengine.dataStores.list
discoveryengine.dataStores.listCustomModels
discoveryengine.dataStores.trainCustomModel
discoveryengine.dataStores.update

discoveryengine.documentProcessingConfigs.*

discoveryengine.documentProcessingConfigs.get
discoveryengine.documentProcessingConfigs.update

discoveryengine.documents.*

discoveryengine.documents.batchGetDocumentsMetadata
discoveryengine.documents.create
discoveryengine.documents.delete
discoveryengine.documents.get
discoveryengine.documents.import
discoveryengine.documents.list
discoveryengine.documents.purge
discoveryengine.documents.update

discoveryengine.engines.*

discoveryengine.engines.create
discoveryengine.engines.createEngineUserData
discoveryengine.engines.delete
discoveryengine.engines.get
discoveryengine.engines.list
discoveryengine.engines.pause
discoveryengine.engines.resume
discoveryengine.engines.tune
discoveryengine.engines.update

discoveryengine.evaluations.*

discoveryengine.evaluations.create
discoveryengine.evaluations.get
discoveryengine.evaluations.list

discoveryengine.groundingConfigs.check

discoveryengine.identityMappingStores.*

discoveryengine.identityMappingStores.create
discoveryengine.identityMappingStores.delete
discoveryengine.identityMappingStores.get
discoveryengine.identityMappingStores.importIdentityMappings
discoveryengine.identityMappingStores.list
discoveryengine.identityMappingStores.listIdentityMappings
discoveryengine.identityMappingStores.purgeIdentityMappings

discoveryengine.licenseConfigs.*

discoveryengine.licenseConfigs.create
discoveryengine.licenseConfigs.get
discoveryengine.licenseConfigs.list
discoveryengine.licenseConfigs.update

discoveryengine.locations.*

discoveryengine.locations.estimateDataSize
discoveryengine.locations.exchangeAuthCredentials
discoveryengine.locations.getConnectorSource
discoveryengine.locations.listConnectorSources
discoveryengine.locations.setUpDataConnector

discoveryengine.models.*

discoveryengine.models.create
discoveryengine.models.delete
discoveryengine.models.get
discoveryengine.models.list
discoveryengine.models.pause
discoveryengine.models.resume
discoveryengine.models.tune
discoveryengine.models.update

discoveryengine.operations.*

discoveryengine.operations.get
discoveryengine.operations.list

discoveryengine.projects.*

discoveryengine.projects.get
discoveryengine.projects.provision
discoveryengine.projects.reportConsentChange

discoveryengine.rankingConfigs.rank

discoveryengine.sampleQueries.*

discoveryengine.sampleQueries.create
discoveryengine.sampleQueries.delete
discoveryengine.sampleQueries.get
discoveryengine.sampleQueries.import
discoveryengine.sampleQueries.list
discoveryengine.sampleQueries.update

discoveryengine.sampleQuerySets.*

discoveryengine.sampleQuerySets.create
discoveryengine.sampleQuerySets.delete
discoveryengine.sampleQuerySets.get
discoveryengine.sampleQuerySets.list
discoveryengine.sampleQuerySets.update

discoveryengine.schemas.*

discoveryengine.schemas.create
discoveryengine.schemas.delete
discoveryengine.schemas.get
discoveryengine.schemas.list
discoveryengine.schemas.preview
discoveryengine.schemas.update
discoveryengine.schemas.validate

discoveryengine.servingConfigs.*

discoveryengine.servingConfigs.answer
discoveryengine.servingConfigs.create
discoveryengine.servingConfigs.delete
discoveryengine.servingConfigs.get
discoveryengine.servingConfigs.list
discoveryengine.servingConfigs.recommend
discoveryengine.servingConfigs.search
discoveryengine.servingConfigs.update

discoveryengine.sessions.*

discoveryengine.sessions.addContextFile
discoveryengine.sessions.create
discoveryengine.sessions.delete
discoveryengine.sessions.downloadFile
discoveryengine.sessions.get
discoveryengine.sessions.list
discoveryengine.sessions.listSessionFileMetadata
discoveryengine.sessions.recommendQuestions
discoveryengine.sessions.removeContextFile
discoveryengine.sessions.search
discoveryengine.sessions.selectContextFiles
discoveryengine.sessions.update
discoveryengine.sessions.uploadFile

discoveryengine.siteSearchEngines.*

discoveryengine.siteSearchEngines.batchVerifyTargetSites
discoveryengine.siteSearchEngines.disableAdvancedSiteSearch
discoveryengine.siteSearchEngines.enableAdvancedSiteSearch
discoveryengine.siteSearchEngines.fetchDomainVerificationStatus
discoveryengine.siteSearchEngines.get
discoveryengine.siteSearchEngines.recrawlUris

discoveryengine.sitemaps.*

discoveryengine.sitemaps.create
discoveryengine.sitemaps.delete
discoveryengine.sitemaps.fetch

discoveryengine.suggestionDenyListEntries.*

discoveryengine.suggestionDenyListEntries.import
discoveryengine.suggestionDenyListEntries.purge

discoveryengine.targetSites.*

discoveryengine.targetSites.batchCreate
discoveryengine.targetSites.create
discoveryengine.targetSites.delete
discoveryengine.targetSites.get
discoveryengine.targetSites.list
discoveryengine.targetSites.update

discoveryengine.userEvents.*

discoveryengine.userEvents.create
discoveryengine.userEvents.fetchStats
discoveryengine.userEvents.import
discoveryengine.userEvents.purge

discoveryengine.userStores.*

discoveryengine.userStores.batchUpdateUserLicenses
discoveryengine.userStores.get
discoveryengine.userStores.listUserLicenses
discoveryengine.userStores.update

discoveryengine.users.*

discoveryengine.users.get
discoveryengine.users.update

discoveryengine.widgetConfigs.*

discoveryengine.widgetConfigs.get
discoveryengine.widgetConfigs.update

resourcemanager.projects.get

resourcemanager.projects.list

Editor Discovery Engine

(roles/discoveryengine.editor)

Memberikan akses baca dan tulis ke semua resource mesin penemuan.

discoveryengine.aclConfigs.get

discoveryengine.agents.*

discoveryengine.agents.create
discoveryengine.agents.delete
discoveryengine.agents.get
discoveryengine.agents.list
discoveryengine.agents.update

discoveryengine.alertPolicies.get

discoveryengine.analytics.*

discoveryengine.analytics.acquireDashboardSession
discoveryengine.analytics.refreshDashboardSessionTokens

discoveryengine.answers.get

discoveryengine.assistAnswers.get

discoveryengine.assistants.assist

discoveryengine.assistants.get

discoveryengine.assistants.list

discoveryengine.branches.*

discoveryengine.branches.get
discoveryengine.branches.list

discoveryengine.cmekConfigs.get

discoveryengine.cmekConfigs.list

discoveryengine.collections.get

discoveryengine.collections.list

discoveryengine.completionConfigs.completeQuery

discoveryengine.completionConfigs.get

discoveryengine.connectorRuns.list

discoveryengine.controls.get

discoveryengine.controls.list

discoveryengine.conversations.*

discoveryengine.conversations.converse
discoveryengine.conversations.create
discoveryengine.conversations.delete
discoveryengine.conversations.get
discoveryengine.conversations.list
discoveryengine.conversations.update

discoveryengine.dataConnectors.acquireAccessToken

discoveryengine.dataConnectors.acquireAndStoreRefreshToken

discoveryengine.dataConnectors.buildActionInvocation

discoveryengine.dataConnectors.checkRefreshToken

discoveryengine.dataConnectors.executeAction

discoveryengine.dataConnectors.get

discoveryengine.dataConnectors.queryAvailableActions

discoveryengine.dataStores.completeQuery

discoveryengine.dataStores.get

discoveryengine.dataStores.list

discoveryengine.dataStores.listCustomModels

discoveryengine.dataStores.trainCustomModel

discoveryengine.documentProcessingConfigs.get

discoveryengine.documents.batchGetDocumentsMetadata

discoveryengine.documents.create

discoveryengine.documents.delete

discoveryengine.documents.get

discoveryengine.documents.import

discoveryengine.documents.list

discoveryengine.documents.update

discoveryengine.engines.createEngineUserData

discoveryengine.engines.get

discoveryengine.engines.list

discoveryengine.engines.pause

discoveryengine.engines.resume

discoveryengine.engines.tune

discoveryengine.evaluations.get

discoveryengine.evaluations.list

discoveryengine.groundingConfigs.check

discoveryengine.identityMappingStores.*

discoveryengine.identityMappingStores.create
discoveryengine.identityMappingStores.delete
discoveryengine.identityMappingStores.get
discoveryengine.identityMappingStores.importIdentityMappings
discoveryengine.identityMappingStores.list
discoveryengine.identityMappingStores.listIdentityMappings
discoveryengine.identityMappingStores.purgeIdentityMappings

discoveryengine.licenseConfigs.get

discoveryengine.licenseConfigs.list

discoveryengine.models.*

discoveryengine.models.create
discoveryengine.models.delete
discoveryengine.models.get
discoveryengine.models.list
discoveryengine.models.pause
discoveryengine.models.resume
discoveryengine.models.tune
discoveryengine.models.update

discoveryengine.operations.*

discoveryengine.operations.get
discoveryengine.operations.list

discoveryengine.projects.get

discoveryengine.rankingConfigs.rank

discoveryengine.sampleQueries.*

discoveryengine.sampleQueries.create
discoveryengine.sampleQueries.delete
discoveryengine.sampleQueries.get
discoveryengine.sampleQueries.import
discoveryengine.sampleQueries.list
discoveryengine.sampleQueries.update

discoveryengine.sampleQuerySets.*

discoveryengine.sampleQuerySets.create
discoveryengine.sampleQuerySets.delete
discoveryengine.sampleQuerySets.get
discoveryengine.sampleQuerySets.list
discoveryengine.sampleQuerySets.update

discoveryengine.schemas.get

discoveryengine.schemas.list

discoveryengine.schemas.preview

discoveryengine.schemas.validate

discoveryengine.servingConfigs.answer

discoveryengine.servingConfigs.get

discoveryengine.servingConfigs.list

discoveryengine.servingConfigs.recommend

discoveryengine.servingConfigs.search

discoveryengine.sessions.*

discoveryengine.sessions.addContextFile
discoveryengine.sessions.create
discoveryengine.sessions.delete
discoveryengine.sessions.downloadFile
discoveryengine.sessions.get
discoveryengine.sessions.list
discoveryengine.sessions.listSessionFileMetadata
discoveryengine.sessions.recommendQuestions
discoveryengine.sessions.removeContextFile
discoveryengine.sessions.search
discoveryengine.sessions.selectContextFiles
discoveryengine.sessions.update
discoveryengine.sessions.uploadFile

discoveryengine.siteSearchEngines.get

discoveryengine.targetSites.get

discoveryengine.targetSites.list

discoveryengine.userEvents.create

discoveryengine.userEvents.fetchStats

discoveryengine.userEvents.import

discoveryengine.userStores.get

discoveryengine.widgetConfigs.*

discoveryengine.widgetConfigs.get
discoveryengine.widgetConfigs.update

resourcemanager.projects.get

resourcemanager.projects.list

Pengguna Discovery Engine

(roles/discoveryengine.user)

Memberikan akses tingkat pengguna ke resource Discovery Engine.

discoveryengine.accounts.create

discoveryengine.agents.*

discoveryengine.agents.create
discoveryengine.agents.delete
discoveryengine.agents.get
discoveryengine.agents.list
discoveryengine.agents.update

discoveryengine.answers.get

discoveryengine.assistAnswers.get

discoveryengine.assistants.assist

discoveryengine.completionConfigs.completeQuery

discoveryengine.dataConnectors.acquireAccessToken

discoveryengine.dataConnectors.acquireAndStoreRefreshToken

discoveryengine.dataConnectors.buildActionInvocation

discoveryengine.dataConnectors.checkRefreshToken

discoveryengine.dataConnectors.executeAction

discoveryengine.dataConnectors.queryAvailableActions

discoveryengine.engines.createEngineUserData

discoveryengine.engines.get

discoveryengine.notebooks.create

discoveryengine.notebooks.list

discoveryengine.servingConfigs.answer

discoveryengine.servingConfigs.recommend

discoveryengine.servingConfigs.search

discoveryengine.sessions.*

discoveryengine.sessions.addContextFile
discoveryengine.sessions.create
discoveryengine.sessions.delete
discoveryengine.sessions.downloadFile
discoveryengine.sessions.get
discoveryengine.sessions.list
discoveryengine.sessions.listSessionFileMetadata
discoveryengine.sessions.recommendQuestions
discoveryengine.sessions.removeContextFile
discoveryengine.sessions.search
discoveryengine.sessions.selectContextFiles
discoveryengine.sessions.update
discoveryengine.sessions.uploadFile

discoveryengine.userEvents.create

discoveryengine.widgetConfigs.get

resourcemanager.projects.get

resourcemanager.projects.list

Pelihat Discovery Engine

(roles/discoveryengine.viewer)

Memberikan akses baca ke semua resource mesin penemuan.

discoveryengine.aclConfigs.get

discoveryengine.agents.get

discoveryengine.agents.list

discoveryengine.alertPolicies.get

discoveryengine.analytics.*

discoveryengine.analytics.acquireDashboardSession
discoveryengine.analytics.refreshDashboardSessionTokens

discoveryengine.answers.get

discoveryengine.assistAnswers.get

discoveryengine.assistants.get

discoveryengine.assistants.list

discoveryengine.branches.*

discoveryengine.branches.get
discoveryengine.branches.list

discoveryengine.cmekConfigs.get

discoveryengine.cmekConfigs.list

discoveryengine.collections.get

discoveryengine.collections.list

discoveryengine.completionConfigs.completeQuery

discoveryengine.completionConfigs.get

discoveryengine.connectorRuns.list

discoveryengine.controls.get

discoveryengine.controls.list

discoveryengine.conversations.converse

discoveryengine.conversations.get

discoveryengine.conversations.list

discoveryengine.dataConnectors.buildActionInvocation

discoveryengine.dataConnectors.checkRefreshToken

discoveryengine.dataConnectors.get

discoveryengine.dataConnectors.queryAvailableActions

discoveryengine.dataStores.completeQuery

discoveryengine.dataStores.get

discoveryengine.dataStores.list

discoveryengine.dataStores.listCustomModels

discoveryengine.documentProcessingConfigs.get

discoveryengine.documents.batchGetDocumentsMetadata

discoveryengine.documents.get

discoveryengine.documents.list

discoveryengine.engines.get

discoveryengine.engines.list

discoveryengine.evaluations.get

discoveryengine.evaluations.list

discoveryengine.groundingConfigs.check

discoveryengine.identityMappingStores.get

discoveryengine.identityMappingStores.list

discoveryengine.identityMappingStores.listIdentityMappings

discoveryengine.models.get

discoveryengine.models.list

discoveryengine.operations.*

discoveryengine.operations.get
discoveryengine.operations.list

discoveryengine.projects.get

discoveryengine.rankingConfigs.rank

discoveryengine.sampleQueries.get

discoveryengine.sampleQueries.list

discoveryengine.sampleQuerySets.get

discoveryengine.sampleQuerySets.list

discoveryengine.schemas.get

discoveryengine.schemas.list

discoveryengine.schemas.preview

discoveryengine.schemas.validate

discoveryengine.servingConfigs.answer

discoveryengine.servingConfigs.get

discoveryengine.servingConfigs.list

discoveryengine.servingConfigs.recommend

discoveryengine.servingConfigs.search

discoveryengine.sessions.downloadFile

discoveryengine.sessions.get

discoveryengine.sessions.list

discoveryengine.sessions.listSessionFileMetadata

discoveryengine.sessions.recommendQuestions

discoveryengine.siteSearchEngines.get

discoveryengine.targetSites.get

discoveryengine.targetSites.list

discoveryengine.userEvents.fetchStats

discoveryengine.userStores.get

discoveryengine.widgetConfigs.get

resourcemanager.projects.get

resourcemanager.projects.list

Mengelola IAM Vertex AI Search

Anda dapat memperoleh dan menetapkan kebijakan izinkan IAM dan peran IAM menggunakan Konsol Google Cloud. Untuk mengetahui informasi selengkapnya, lihat Mengelola akses ke project, folder, dan organisasi.

Langkah berikutnya

Pelajari cara mengelola akses ke project, folder, dan organisasi.
Pelajari IAM lebih lanjut.
Pelajari peran dasar lebih lanjut.
Pelajari peran khusus.

Kontrol akses dengan IAM Tetap teratur dengan koleksi Simpan dan kategorikan konten berdasarkan preferensi Anda.

Ringkasan

Peran yang telah ditetapkan

Admin Discovery Engine

Editor Discovery Engine

Pengguna Discovery Engine

Pelihat Discovery Engine

Mengelola IAM Vertex AI Search

Langkah berikutnya

Kontrol akses dengan IAM