To create a Vertex AI Workbench environment for your team and limit access to other employees in your project, you should follow these steps:
Create a new service account and grant it the Vertex AI User role. This role grants full access to all resources in Vertex AI, including creating and managing notebook instances 1 .
Grant the Service Account User role to each team member on the service account. This role allow s the team members to impersonate the service account and use its permissions 2 .
Grant the Notebook Viewer role to each team member. This role allows the team members to view and connect to the notebook instance, but not to modify or delete it 3 .
Provision a Vertex AI Workbench user-managed notebook instance that uses the new service account. This way, the notebook instance will run as the service account and only the team members who have the Service Account User and Notebook Viewer roles will be able to access it.
[:, 1: Vertex AI access control with IAM | Google Cloud, 2: Understanding service accounts | Cloud IAM Documentation, 3: Manage access to a Vertex AI Workbench instance | Google Cloud, [4]: Create and manage Vertex AI Workbench instances | Google Cloud, ]
Submit