What IAM permission is required to use Vertex AI's CachedContent resource?
I'm trying to restrict permission to only have access to use the context cache.
When I look at the API/code documentation I see perms for some calls like this:
That tells me UpdateCacheConfig calls requires the aiplatform.cacheConfigs.update permission.
But annoyingly everything under GenAiCacheService says nothing about what IAM perms are required to make the API requests:
What permissions are relevant here for GenAiCacheService access?
Edit
Have not confirmed it works yet, but I was able to create a custom role with the following, undocumented perms and bind to project: ["aiplatform.cachedContents.create", "aiplatform.cachedContents.update", "aiplatform.cachedContents.delete"]
If it works I'll update as answer.
Well despite it being undocumented these perms are valid and I was able to create a custom role.
Working terraform code for illustrative purposes:
resource "google_organization_iam_custom_role" "vertex_cache_access" {
org_id = "xxx"
role_id = "myrole"
title = "My Role"
description = "Context cache access. See: https://cloud.google.com/vertex-ai/generative-ai/docs/context-cache/context-cache-overview"
permissions = ["aiplatform.cachedContents.create", "aiplatform.cachedContents.update", "aiplatform.cachedContents.delete"]
}
I created this role, applied it to a project binding and confirmed it allowed a gsa to CRUD the cache.
- python 3: Using pisa for creating pdf with multiple image urls in html content, rendering images incorrectly
- schedule autoscaler in terraform for GCP?
- Multiple STRING_AGG in one query
- Why aren't nacked messages ending up in my dead letter topic?
- Handle 503 error when making jobs.insert call
- Use http Google Cloud Functions "Require Authentication" with Firebase
- Google App Engine slow cold boot time (Flask app)
- gcloud SSH in same terminal window
- Cannot enable API on GCP (User role=Owner && Billing account is linked)
- Select All Columns Except Some in Google BigQuery?
- Why does my flex env google app engine instance have a minimum of 2 instances running, even when there is no traffic?
- How Does GCP Global Application Load Balancer Select the Closest Backend?
- How to use Google Search Grounding with Dynamic Retrieval Configuration
- Google Stackdriver Logging add comments to advanced filter
- Exporting from Cloud SQL to CSV with column headers
- BigQuery Date-Partitioned Views
- Check TPU workload/utilization
- Google Forms API raises google.auth.exceptions.RefreshError: 'No access token in response.'
- How can I see request count (not rate) for a Google Cloud Run application?
- I can write to my Firebase Firestore database, but am unable to read from it (Android Studio using Java)
- How to get task count in GCP cloud task
- Programmatically get current Service Account on GCP
- How to Access GKE Private Master from VPN in Hub VPC with Peering
- My gcp service account with "artifact registry admin" account was not able to push the docker image to repo
- GCP API Gateway: Cannot use path params
- Flask api on gcloud's URL keeps on loading
- GCP CloudBuild substitution fails in pipeline
- Is it secure to use an .env file to store API keys in Firebase Cloud Functions instead of Google Secret Manager?
- How do I keep a long-running background task from stopping on Google Cloud Run?
- GCP Cloud SQL Proxy times out: connectex