roles/ml.serviceAgent
Title: AI Platform Service Agent
Description: AI Platform service agent can act as log writer, Cloud Storage admin, Artifact Registry Reader, BigQuery writer, and service account access token creator.
Stage: GA
120 Assigned Permissions:
- artifactregistry.attachments.get
- artifactregistry.attachments.list
- artifactregistry.dockerimages.get
- artifactregistry.dockerimages.list
- artifactregistry.files.download
- artifactregistry.files.get
- artifactregistry.files.list
- artifactregistry.locations.get
- artifactregistry.locations.list
- artifactregistry.mavenartifacts.get
- artifactregistry.mavenartifacts.list
- artifactregistry.npmpackages.get
- artifactregistry.npmpackages.list
- artifactregistry.packages.get
- artifactregistry.packages.list
- artifactregistry.projectsettings.get
- artifactregistry.pythonpackages.get
- artifactregistry.pythonpackages.list
- artifactregistry.repositories.downloadArtifacts
- artifactregistry.repositories.get
- artifactregistry.repositories.list
- artifactregistry.repositories.listEffectiveTags
- artifactregistry.repositories.listTagBindings
- artifactregistry.repositories.readViaVirtualRepository
- artifactregistry.rules.get
- artifactregistry.rules.list
- artifactregistry.tags.get
- artifactregistry.tags.list
- artifactregistry.versions.get
- artifactregistry.versions.list
- bigquery.datasets.create
- bigquery.datasets.get
- bigquery.jobs.create
- bigquery.jobs.get
- bigquery.jobs.list
- bigquery.jobs.update
- bigquery.tables.create
- bigquery.tables.get
- bigquery.tables.getData
- bigquery.tables.list
- bigquery.tables.updateData
- firebase.projects.get
- iam.serviceAccounts.get
- iam.serviceAccounts.getAccessToken
- iam.serviceAccounts.getOpenIdToken
- iam.serviceAccounts.implicitDelegation
- iam.serviceAccounts.list
- iam.serviceAccounts.signBlob
- iam.serviceAccounts.signJwt
- logging.logEntries.create
- logging.logEntries.route
- orgpolicy.policy.get
- recommender.iamPolicyInsights.get
- recommender.iamPolicyInsights.list
- recommender.iamPolicyInsights.update
- recommender.iamPolicyRecommendations.get
- recommender.iamPolicyRecommendations.list
- recommender.iamPolicyRecommendations.update
- recommender.storageBucketSoftDeleteInsights.get
- recommender.storageBucketSoftDeleteInsights.list
- recommender.storageBucketSoftDeleteInsights.update
- recommender.storageBucketSoftDeleteRecommendations.get
- recommender.storageBucketSoftDeleteRecommendations.list
- recommender.storageBucketSoftDeleteRecommendations.update
- resourcemanager.hierarchyNodes.listEffectiveTags
- resourcemanager.projects.get
- resourcemanager.projects.list
- storage.anywhereCaches.create
- storage.anywhereCaches.disable
- storage.anywhereCaches.get
- storage.anywhereCaches.list
- storage.anywhereCaches.pause
- storage.anywhereCaches.resume
- storage.anywhereCaches.update
- storage.bucketOperations.cancel
- storage.bucketOperations.get
- storage.bucketOperations.list
- storage.buckets.create
- storage.buckets.createTagBinding
- storage.buckets.delete
- storage.buckets.deleteTagBinding
- storage.buckets.enableObjectRetention
- storage.buckets.get
- storage.buckets.getIamPolicy
- storage.buckets.getIpFilter
- storage.buckets.getObjectInsights
- storage.buckets.list
- storage.buckets.listEffectiveTags
- storage.buckets.listTagBindings
- storage.buckets.restore
- storage.buckets.setIamPolicy
- storage.buckets.setIpFilter
- storage.buckets.update
- storage.folders.create
- storage.folders.delete
- storage.folders.get
- storage.folders.list
- storage.folders.rename
- storage.managedFolders.create
- storage.managedFolders.delete
- storage.managedFolders.get
- storage.managedFolders.getIamPolicy
- storage.managedFolders.list
- storage.managedFolders.setIamPolicy
- storage.managementHubs.get
- storage.managementHubs.update
- storage.multipartUploads.abort
- storage.multipartUploads.create
- storage.multipartUploads.list
- storage.multipartUploads.listParts
- storage.objects.create
- storage.objects.delete
- storage.objects.get
- storage.objects.getIamPolicy
- storage.objects.list
- storage.objects.overrideUnlockedRetention
- storage.objects.restore
- storage.objects.setIamPolicy
- storage.objects.setRetention
- storage.objects.update