Discovery Engine roles and permissions

This page lists the IAM roles and permissions for Discovery Engine. Tosearch through all roles and permissions, see therole andpermission index.

Discovery Engine roles

Role Permissions

Role	Permissions
Discovery Engine Admin (`roles/discoveryengine.admin`) Grants full access to all discoveryengine resources.	`discoveryengine.aclConfigs.` `discoveryengine.aclConfigs.get` `discoveryengine.aclConfigs.update` `discoveryengine.agents.` `discoveryengine.agents.create` `discoveryengine.agents.delete` `discoveryengine.agents.get` `discoveryengine.agents.list` `discoveryengine.agents.update` `discoveryengine.alertPolicies.` `discoveryengine.alertPolicies.create` `discoveryengine.alertPolicies.get` `discoveryengine.alertPolicies.update` `discoveryengine.analytics.` `discoveryengine.analytics.acquireDashboardSession` `discoveryengine.analytics.refreshDashboardSessionTokens` `discoveryengine.answers.get` `discoveryengine.assistAnswers.get` `discoveryengine.assistants.` `discoveryengine.assistants.assist` `discoveryengine.assistants.create` `discoveryengine.assistants.delete` `discoveryengine.assistants.get` `discoveryengine.assistants.list` `discoveryengine.assistants.update` `discoveryengine.billingAccountLicenseConfigs.` `discoveryengine.billingAccountLicenseConfigs.distribute` `discoveryengine.billingAccountLicenseConfigs.get` `discoveryengine.billingAccountLicenseConfigs.list` `discoveryengine.billingAccountLicenseConfigs.retract` `discoveryengine.branches.` `discoveryengine.branches.get` `discoveryengine.branches.list` `discoveryengine.cmekConfigs.` `discoveryengine.cmekConfigs.get` `discoveryengine.cmekConfigs.list` `discoveryengine.cmekConfigs.update` `discoveryengine.collections.` `discoveryengine.collections.delete` `discoveryengine.collections.get` `discoveryengine.collections.list` `discoveryengine.completionConfigs.` `discoveryengine.completionConfigs.completeQuery` `discoveryengine.completionConfigs.get` `discoveryengine.completionConfigs.update` `discoveryengine.connectorRuns.` `discoveryengine.connectorRuns.cancel` `discoveryengine.connectorRuns.list` `discoveryengine.controls.` `discoveryengine.controls.create` `discoveryengine.controls.delete` `discoveryengine.controls.get` `discoveryengine.controls.list` `discoveryengine.controls.update` `discoveryengine.conversations.` `discoveryengine.conversations.converse` `discoveryengine.conversations.create` `discoveryengine.conversations.delete` `discoveryengine.conversations.get` `discoveryengine.conversations.list` `discoveryengine.conversations.update` `discoveryengine.dataConnectors.` `discoveryengine.dataConnectors.acquireAccessToken` `discoveryengine.dataConnectors.acquireAndStoreRefreshToken` `discoveryengine.dataConnectors.buildActionInvocation` `discoveryengine.dataConnectors.checkRefreshToken` `discoveryengine.dataConnectors.executeAction` `discoveryengine.dataConnectors.get` `discoveryengine.dataConnectors.queryAvailableActions` `discoveryengine.dataConnectors.startConnectorRun` `discoveryengine.dataConnectors.update` `discoveryengine.dataStores.` `discoveryengine.dataStores.completeQuery` `discoveryengine.dataStores.create` `discoveryengine.dataStores.delete` `discoveryengine.dataStores.enrollSolutions` `discoveryengine.dataStores.get` `discoveryengine.dataStores.list` `discoveryengine.dataStores.listCustomModels` `discoveryengine.dataStores.trainCustomModel` `discoveryengine.dataStores.update` `discoveryengine.documentProcessingConfigs.` `discoveryengine.documentProcessingConfigs.get` `discoveryengine.documentProcessingConfigs.update` `discoveryengine.documents.` `discoveryengine.documents.batchGetDocumentsMetadata` `discoveryengine.documents.create` `discoveryengine.documents.delete` `discoveryengine.documents.get` `discoveryengine.documents.import` `discoveryengine.documents.list` `discoveryengine.documents.purge` `discoveryengine.documents.update` `discoveryengine.engines.` `discoveryengine.engines.create` `discoveryengine.engines.createEngineUserData` `discoveryengine.engines.delete` `discoveryengine.engines.get` `discoveryengine.engines.getIamPolicy` `discoveryengine.engines.list` `discoveryengine.engines.pause` `discoveryengine.engines.resume` `discoveryengine.engines.setIamPolicy` `discoveryengine.engines.tune` `discoveryengine.engines.update` `discoveryengine.evaluations.` `discoveryengine.evaluations.create` `discoveryengine.evaluations.get` `discoveryengine.evaluations.list` `discoveryengine.groundingConfigs.check` `discoveryengine.identityMappingStores.` `discoveryengine.identityMappingStores.create` `discoveryengine.identityMappingStores.delete` `discoveryengine.identityMappingStores.get` `discoveryengine.identityMappingStores.importIdentityMappings` `discoveryengine.identityMappingStores.list` `discoveryengine.identityMappingStores.listIdentityMappings` `discoveryengine.identityMappingStores.purgeIdentityMappings` `discoveryengine.licenseConfigs.` `discoveryengine.licenseConfigs.create` `discoveryengine.licenseConfigs.get` `discoveryengine.licenseConfigs.list` `discoveryengine.licenseConfigs.update` `discoveryengine.locations.` `discoveryengine.locations.estimateDataSize` `discoveryengine.locations.exchangeAuthCredentials` `discoveryengine.locations.getConnectorSource` `discoveryengine.locations.listConnectorSources` `discoveryengine.locations.setUpDataConnector` `discoveryengine.models.` `discoveryengine.models.create` `discoveryengine.models.delete` `discoveryengine.models.get` `discoveryengine.models.list` `discoveryengine.models.pause` `discoveryengine.models.resume` `discoveryengine.models.tune` `discoveryengine.models.update` `discoveryengine.operations.` `discoveryengine.operations.get` `discoveryengine.operations.list` `discoveryengine.projects.` `discoveryengine.projects.get` `discoveryengine.projects.provision` `discoveryengine.projects.reportConsentChange` `discoveryengine.rankingConfigs.rank` `discoveryengine.sampleQueries.` `discoveryengine.sampleQueries.create` `discoveryengine.sampleQueries.delete` `discoveryengine.sampleQueries.get` `discoveryengine.sampleQueries.import` `discoveryengine.sampleQueries.list` `discoveryengine.sampleQueries.update` `discoveryengine.sampleQuerySets.` `discoveryengine.sampleQuerySets.create` `discoveryengine.sampleQuerySets.delete` `discoveryengine.sampleQuerySets.get` `discoveryengine.sampleQuerySets.list` `discoveryengine.sampleQuerySets.update` `discoveryengine.schemas.` `discoveryengine.schemas.create` `discoveryengine.schemas.delete` `discoveryengine.schemas.get` `discoveryengine.schemas.list` `discoveryengine.schemas.preview` `discoveryengine.schemas.update` `discoveryengine.schemas.validate` `discoveryengine.servingConfigs.` `discoveryengine.servingConfigs.answer` `discoveryengine.servingConfigs.create` `discoveryengine.servingConfigs.delete` `discoveryengine.servingConfigs.get` `discoveryengine.servingConfigs.list` `discoveryengine.servingConfigs.recommend` `discoveryengine.servingConfigs.search` `discoveryengine.servingConfigs.update` `discoveryengine.sessions.` `discoveryengine.sessions.addContextFile` `discoveryengine.sessions.create` `discoveryengine.sessions.delete` `discoveryengine.sessions.downloadFile` `discoveryengine.sessions.get` `discoveryengine.sessions.list` `discoveryengine.sessions.listSessionFileMetadata` `discoveryengine.sessions.recommendQuestions` `discoveryengine.sessions.removeContextFile` `discoveryengine.sessions.search` `discoveryengine.sessions.selectContextFiles` `discoveryengine.sessions.update` `discoveryengine.sessions.uploadFile` `discoveryengine.siteSearchEngines.` `discoveryengine.siteSearchEngines.batchVerifyTargetSites` `discoveryengine.siteSearchEngines.disableAdvancedSiteSearch` `discoveryengine.siteSearchEngines.enableAdvancedSiteSearch` `discoveryengine.siteSearchEngines.fetchDomainVerificationStatus` `discoveryengine.siteSearchEngines.get` `discoveryengine.siteSearchEngines.recrawlUris` `discoveryengine.sitemaps.` `discoveryengine.sitemaps.create` `discoveryengine.sitemaps.delete` `discoveryengine.sitemaps.fetch` `discoveryengine.suggestionDenyListEntries.` `discoveryengine.suggestionDenyListEntries.import` `discoveryengine.suggestionDenyListEntries.purge` `discoveryengine.targetSites.` `discoveryengine.targetSites.batchCreate` `discoveryengine.targetSites.create` `discoveryengine.targetSites.delete` `discoveryengine.targetSites.get` `discoveryengine.targetSites.list` `discoveryengine.targetSites.update` `discoveryengine.userEvents.` `discoveryengine.userEvents.create` `discoveryengine.userEvents.fetchStats` `discoveryengine.userEvents.import` `discoveryengine.userEvents.purge` `discoveryengine.userStores.` `discoveryengine.userStores.batchUpdateUserLicenses` `discoveryengine.userStores.get` `discoveryengine.userStores.listUserLicenses` `discoveryengine.userStores.update` `discoveryengine.users.` `discoveryengine.users.get` `discoveryengine.users.update` `discoveryengine.widgetConfigs.` `discoveryengine.widgetConfigs.get` `discoveryengine.widgetConfigs.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Agent Admin^Beta (`roles/discoveryengine.agentAdmin`) Grants admin-level access to Agent resources.	`discoveryengine.agents.*` `discoveryengine.agents.create` `discoveryengine.agents.delete` `discoveryengine.agents.get` `discoveryengine.agents.list` `discoveryengine.agents.update`
Gemini Enterprise Admin^Beta (`roles/discoveryengine.agentspaceAdmin`) Grants admin-level access to Gemini Enterprise resources.	`discoveryengine.aclConfigs.` `discoveryengine.aclConfigs.get` `discoveryengine.aclConfigs.update` `discoveryengine.agents.` `discoveryengine.agents.create` `discoveryengine.agents.delete` `discoveryengine.agents.get` `discoveryengine.agents.list` `discoveryengine.agents.update` `discoveryengine.alertPolicies.` `discoveryengine.alertPolicies.create` `discoveryengine.alertPolicies.get` `discoveryengine.alertPolicies.update` `discoveryengine.analytics.` `discoveryengine.analytics.acquireDashboardSession` `discoveryengine.analytics.refreshDashboardSessionTokens` `discoveryengine.answers.get` `discoveryengine.assistAnswers.get` `discoveryengine.assistants.` `discoveryengine.assistants.assist` `discoveryengine.assistants.create` `discoveryengine.assistants.delete` `discoveryengine.assistants.get` `discoveryengine.assistants.list` `discoveryengine.assistants.update` `discoveryengine.billingAccountLicenseConfigs.` `discoveryengine.billingAccountLicenseConfigs.distribute` `discoveryengine.billingAccountLicenseConfigs.get` `discoveryengine.billingAccountLicenseConfigs.list` `discoveryengine.billingAccountLicenseConfigs.retract` `discoveryengine.branches.` `discoveryengine.branches.get` `discoveryengine.branches.list` `discoveryengine.cmekConfigs.` `discoveryengine.cmekConfigs.get` `discoveryengine.cmekConfigs.list` `discoveryengine.cmekConfigs.update` `discoveryengine.collections.` `discoveryengine.collections.delete` `discoveryengine.collections.get` `discoveryengine.collections.list` `discoveryengine.completionConfigs.` `discoveryengine.completionConfigs.completeQuery` `discoveryengine.completionConfigs.get` `discoveryengine.completionConfigs.update` `discoveryengine.connectorRuns.` `discoveryengine.connectorRuns.cancel` `discoveryengine.connectorRuns.list` `discoveryengine.controls.` `discoveryengine.controls.create` `discoveryengine.controls.delete` `discoveryengine.controls.get` `discoveryengine.controls.list` `discoveryengine.controls.update` `discoveryengine.conversations.` `discoveryengine.conversations.converse` `discoveryengine.conversations.create` `discoveryengine.conversations.delete` `discoveryengine.conversations.get` `discoveryengine.conversations.list` `discoveryengine.conversations.update` `discoveryengine.dataConnectors.` `discoveryengine.dataConnectors.acquireAccessToken` `discoveryengine.dataConnectors.acquireAndStoreRefreshToken` `discoveryengine.dataConnectors.buildActionInvocation` `discoveryengine.dataConnectors.checkRefreshToken` `discoveryengine.dataConnectors.executeAction` `discoveryengine.dataConnectors.get` `discoveryengine.dataConnectors.queryAvailableActions` `discoveryengine.dataConnectors.startConnectorRun` `discoveryengine.dataConnectors.update` `discoveryengine.dataStores.` `discoveryengine.dataStores.completeQuery` `discoveryengine.dataStores.create` `discoveryengine.dataStores.delete` `discoveryengine.dataStores.enrollSolutions` `discoveryengine.dataStores.get` `discoveryengine.dataStores.list` `discoveryengine.dataStores.listCustomModels` `discoveryengine.dataStores.trainCustomModel` `discoveryengine.dataStores.update` `discoveryengine.documentProcessingConfigs.` `discoveryengine.documentProcessingConfigs.get` `discoveryengine.documentProcessingConfigs.update` `discoveryengine.documents.` `discoveryengine.documents.batchGetDocumentsMetadata` `discoveryengine.documents.create` `discoveryengine.documents.delete` `discoveryengine.documents.get` `discoveryengine.documents.import` `discoveryengine.documents.list` `discoveryengine.documents.purge` `discoveryengine.documents.update` `discoveryengine.engines.` `discoveryengine.engines.create` `discoveryengine.engines.createEngineUserData` `discoveryengine.engines.delete` `discoveryengine.engines.get` `discoveryengine.engines.getIamPolicy` `discoveryengine.engines.list` `discoveryengine.engines.pause` `discoveryengine.engines.resume` `discoveryengine.engines.setIamPolicy` `discoveryengine.engines.tune` `discoveryengine.engines.update` `discoveryengine.evaluations.` `discoveryengine.evaluations.create` `discoveryengine.evaluations.get` `discoveryengine.evaluations.list` `discoveryengine.groundingConfigs.check` `discoveryengine.identityMappingStores.` `discoveryengine.identityMappingStores.create` `discoveryengine.identityMappingStores.delete` `discoveryengine.identityMappingStores.get` `discoveryengine.identityMappingStores.importIdentityMappings` `discoveryengine.identityMappingStores.list` `discoveryengine.identityMappingStores.listIdentityMappings` `discoveryengine.identityMappingStores.purgeIdentityMappings` `discoveryengine.licenseConfigs.` `discoveryengine.licenseConfigs.create` `discoveryengine.licenseConfigs.get` `discoveryengine.licenseConfigs.list` `discoveryengine.licenseConfigs.update` `discoveryengine.locations.` `discoveryengine.locations.estimateDataSize` `discoveryengine.locations.exchangeAuthCredentials` `discoveryengine.locations.getConnectorSource` `discoveryengine.locations.listConnectorSources` `discoveryengine.locations.setUpDataConnector` `discoveryengine.models.` `discoveryengine.models.create` `discoveryengine.models.delete` `discoveryengine.models.get` `discoveryengine.models.list` `discoveryengine.models.pause` `discoveryengine.models.resume` `discoveryengine.models.tune` `discoveryengine.models.update` `discoveryengine.operations.` `discoveryengine.operations.get` `discoveryengine.operations.list` `discoveryengine.projects.` `discoveryengine.projects.get` `discoveryengine.projects.provision` `discoveryengine.projects.reportConsentChange` `discoveryengine.rankingConfigs.rank` `discoveryengine.sampleQueries.` `discoveryengine.sampleQueries.create` `discoveryengine.sampleQueries.delete` `discoveryengine.sampleQueries.get` `discoveryengine.sampleQueries.import` `discoveryengine.sampleQueries.list` `discoveryengine.sampleQueries.update` `discoveryengine.sampleQuerySets.` `discoveryengine.sampleQuerySets.create` `discoveryengine.sampleQuerySets.delete` `discoveryengine.sampleQuerySets.get` `discoveryengine.sampleQuerySets.list` `discoveryengine.sampleQuerySets.update` `discoveryengine.schemas.` `discoveryengine.schemas.create` `discoveryengine.schemas.delete` `discoveryengine.schemas.get` `discoveryengine.schemas.list` `discoveryengine.schemas.preview` `discoveryengine.schemas.update` `discoveryengine.schemas.validate` `discoveryengine.servingConfigs.` `discoveryengine.servingConfigs.answer` `discoveryengine.servingConfigs.create` `discoveryengine.servingConfigs.delete` `discoveryengine.servingConfigs.get` `discoveryengine.servingConfigs.list` `discoveryengine.servingConfigs.recommend` `discoveryengine.servingConfigs.search` `discoveryengine.servingConfigs.update` `discoveryengine.sessions.` `discoveryengine.sessions.addContextFile` `discoveryengine.sessions.create` `discoveryengine.sessions.delete` `discoveryengine.sessions.downloadFile` `discoveryengine.sessions.get` `discoveryengine.sessions.list` `discoveryengine.sessions.listSessionFileMetadata` `discoveryengine.sessions.recommendQuestions` `discoveryengine.sessions.removeContextFile` `discoveryengine.sessions.search` `discoveryengine.sessions.selectContextFiles` `discoveryengine.sessions.update` `discoveryengine.sessions.uploadFile` `discoveryengine.siteSearchEngines.` `discoveryengine.siteSearchEngines.batchVerifyTargetSites` `discoveryengine.siteSearchEngines.disableAdvancedSiteSearch` `discoveryengine.siteSearchEngines.enableAdvancedSiteSearch` `discoveryengine.siteSearchEngines.fetchDomainVerificationStatus` `discoveryengine.siteSearchEngines.get` `discoveryengine.siteSearchEngines.recrawlUris` `discoveryengine.sitemaps.` `discoveryengine.sitemaps.create` `discoveryengine.sitemaps.delete` `discoveryengine.sitemaps.fetch` `discoveryengine.suggestionDenyListEntries.` `discoveryengine.suggestionDenyListEntries.import` `discoveryengine.suggestionDenyListEntries.purge` `discoveryengine.targetSites.` `discoveryengine.targetSites.batchCreate` `discoveryengine.targetSites.create` `discoveryengine.targetSites.delete` `discoveryengine.targetSites.get` `discoveryengine.targetSites.list` `discoveryengine.targetSites.update` `discoveryengine.userEvents.` `discoveryengine.userEvents.create` `discoveryengine.userEvents.fetchStats` `discoveryengine.userEvents.import` `discoveryengine.userEvents.purge` `discoveryengine.userStores.` `discoveryengine.userStores.batchUpdateUserLicenses` `discoveryengine.userStores.get` `discoveryengine.userStores.listUserLicenses` `discoveryengine.userStores.update` `discoveryengine.users.` `discoveryengine.users.get` `discoveryengine.users.update` `discoveryengine.widgetConfigs.` `discoveryengine.widgetConfigs.get` `discoveryengine.widgetConfigs.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Gemini Enterprise Editor^Beta (`roles/discoveryengine.agentspaceEditor`) Grants access to edit Gemini Enterprise resources.	`discoveryengine.aclConfigs.get` `discoveryengine.agents.` `discoveryengine.agents.create` `discoveryengine.agents.delete` `discoveryengine.agents.get` `discoveryengine.agents.list` `discoveryengine.agents.update` `discoveryengine.alertPolicies.get` `discoveryengine.analytics.` `discoveryengine.analytics.acquireDashboardSession` `discoveryengine.analytics.refreshDashboardSessionTokens` `discoveryengine.answers.get` `discoveryengine.assistAnswers.get` `discoveryengine.assistants.assist` `discoveryengine.assistants.get` `discoveryengine.assistants.list` `discoveryengine.branches.` `discoveryengine.branches.get` `discoveryengine.branches.list` `discoveryengine.cmekConfigs.get` `discoveryengine.cmekConfigs.list` `discoveryengine.collections.get` `discoveryengine.collections.list` `discoveryengine.completionConfigs.completeQuery` `discoveryengine.completionConfigs.get` `discoveryengine.connectorRuns.list` `discoveryengine.controls.get` `discoveryengine.controls.list` `discoveryengine.conversations.` `discoveryengine.conversations.converse` `discoveryengine.conversations.create` `discoveryengine.conversations.delete` `discoveryengine.conversations.get` `discoveryengine.conversations.list` `discoveryengine.conversations.update` `discoveryengine.dataConnectors.acquireAccessToken` `discoveryengine.dataConnectors.acquireAndStoreRefreshToken` `discoveryengine.dataConnectors.buildActionInvocation` `discoveryengine.dataConnectors.checkRefreshToken` `discoveryengine.dataConnectors.executeAction` `discoveryengine.dataConnectors.get` `discoveryengine.dataConnectors.queryAvailableActions` `discoveryengine.dataStores.completeQuery` `discoveryengine.dataStores.get` `discoveryengine.dataStores.list` `discoveryengine.dataStores.listCustomModels` `discoveryengine.dataStores.trainCustomModel` `discoveryengine.documentProcessingConfigs.get` `discoveryengine.documents.batchGetDocumentsMetadata` `discoveryengine.documents.create` `discoveryengine.documents.delete` `discoveryengine.documents.get` `discoveryengine.documents.import` `discoveryengine.documents.list` `discoveryengine.documents.update` `discoveryengine.engines.createEngineUserData` `discoveryengine.engines.get` `discoveryengine.engines.list` `discoveryengine.engines.pause` `discoveryengine.engines.resume` `discoveryengine.engines.tune` `discoveryengine.evaluations.get` `discoveryengine.evaluations.list` `discoveryengine.groundingConfigs.check` `discoveryengine.identityMappingStores.` `discoveryengine.identityMappingStores.create` `discoveryengine.identityMappingStores.delete` `discoveryengine.identityMappingStores.get` `discoveryengine.identityMappingStores.importIdentityMappings` `discoveryengine.identityMappingStores.list` `discoveryengine.identityMappingStores.listIdentityMappings` `discoveryengine.identityMappingStores.purgeIdentityMappings` `discoveryengine.licenseConfigs.get` `discoveryengine.licenseConfigs.list` `discoveryengine.models.` `discoveryengine.models.create` `discoveryengine.models.delete` `discoveryengine.models.get` `discoveryengine.models.list` `discoveryengine.models.pause` `discoveryengine.models.resume` `discoveryengine.models.tune` `discoveryengine.models.update` `discoveryengine.operations.` `discoveryengine.operations.get` `discoveryengine.operations.list` `discoveryengine.projects.get` `discoveryengine.rankingConfigs.rank` `discoveryengine.sampleQueries.` `discoveryengine.sampleQueries.create` `discoveryengine.sampleQueries.delete` `discoveryengine.sampleQueries.get` `discoveryengine.sampleQueries.import` `discoveryengine.sampleQueries.list` `discoveryengine.sampleQueries.update` `discoveryengine.sampleQuerySets.` `discoveryengine.sampleQuerySets.create` `discoveryengine.sampleQuerySets.delete` `discoveryengine.sampleQuerySets.get` `discoveryengine.sampleQuerySets.list` `discoveryengine.sampleQuerySets.update` `discoveryengine.schemas.get` `discoveryengine.schemas.list` `discoveryengine.schemas.preview` `discoveryengine.schemas.validate` `discoveryengine.servingConfigs.answer` `discoveryengine.servingConfigs.get` `discoveryengine.servingConfigs.list` `discoveryengine.servingConfigs.recommend` `discoveryengine.servingConfigs.search` `discoveryengine.sessions.` `discoveryengine.sessions.addContextFile` `discoveryengine.sessions.create` `discoveryengine.sessions.delete` `discoveryengine.sessions.downloadFile` `discoveryengine.sessions.get` `discoveryengine.sessions.list` `discoveryengine.sessions.listSessionFileMetadata` `discoveryengine.sessions.recommendQuestions` `discoveryengine.sessions.removeContextFile` `discoveryengine.sessions.search` `discoveryengine.sessions.selectContextFiles` `discoveryengine.sessions.update` `discoveryengine.sessions.uploadFile` `discoveryengine.siteSearchEngines.get` `discoveryengine.targetSites.get` `discoveryengine.targetSites.list` `discoveryengine.userEvents.create` `discoveryengine.userEvents.fetchStats` `discoveryengine.userEvents.import` `discoveryengine.userStores.get` `discoveryengine.widgetConfigs.*` `discoveryengine.widgetConfigs.get` `discoveryengine.widgetConfigs.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Gemini Enterprise Restricted User^Beta (`roles/discoveryengine.agentspaceRestrictedUser`) Grants restricted user-level access to Gemini Enterprise resources, for fine-grained control over multiple Gemini Enterprise instances in the same project. Principals with this role will need to be granted an unrestricted user-level role (e.g. /agentspaceUser) on an Engine policy in order to use Gemini Enterprise.	`discoveryengine.dataConnectors.acquireAccessToken` `discoveryengine.dataConnectors.acquireAndStoreRefreshToken` `discoveryengine.dataConnectors.buildActionInvocation` `discoveryengine.dataConnectors.checkRefreshToken` `discoveryengine.dataConnectors.executeAction` `discoveryengine.dataConnectors.queryAvailableActions` `discoveryengine.userEvents.create` `discoveryengine.users.*` `discoveryengine.users.get` `discoveryengine.users.update`
Gemini Enterprise User^Beta (`roles/discoveryengine.agentspaceUser`) Grants user-level access to Gemini Enterprise resources.	`discoveryengine.accounts.create` `discoveryengine.agents.` `discoveryengine.agents.create` `discoveryengine.agents.delete` `discoveryengine.agents.get` `discoveryengine.agents.list` `discoveryengine.agents.update` `discoveryengine.answers.get` `discoveryengine.assistAnswers.get` `discoveryengine.assistants.assist` `discoveryengine.completionConfigs.completeQuery` `discoveryengine.dataConnectors.acquireAccessToken` `discoveryengine.dataConnectors.acquireAndStoreRefreshToken` `discoveryengine.dataConnectors.buildActionInvocation` `discoveryengine.dataConnectors.checkRefreshToken` `discoveryengine.dataConnectors.executeAction` `discoveryengine.dataConnectors.queryAvailableActions` `discoveryengine.engines.createEngineUserData` `discoveryengine.engines.get` `discoveryengine.notebooks.create` `discoveryengine.notebooks.list` `discoveryengine.servingConfigs.answer` `discoveryengine.servingConfigs.recommend` `discoveryengine.servingConfigs.search` `discoveryengine.sessions.` `discoveryengine.sessions.addContextFile` `discoveryengine.sessions.create` `discoveryengine.sessions.delete` `discoveryengine.sessions.downloadFile` `discoveryengine.sessions.get` `discoveryengine.sessions.list` `discoveryengine.sessions.listSessionFileMetadata` `discoveryengine.sessions.recommendQuestions` `discoveryengine.sessions.removeContextFile` `discoveryengine.sessions.search` `discoveryengine.sessions.selectContextFiles` `discoveryengine.sessions.update` `discoveryengine.sessions.uploadFile` `discoveryengine.userEvents.create` `discoveryengine.users.*` `discoveryengine.users.get` `discoveryengine.users.update` `discoveryengine.widgetConfigs.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Gemini Enterprise Viewer^Beta (`roles/discoveryengine.agentspaceViewer`) Grants access to view the details of Gemini Enterprise resources.	`discoveryengine.aclConfigs.get` `discoveryengine.agents.get` `discoveryengine.agents.list` `discoveryengine.alertPolicies.get` `discoveryengine.analytics.` `discoveryengine.analytics.acquireDashboardSession` `discoveryengine.analytics.refreshDashboardSessionTokens` `discoveryengine.answers.get` `discoveryengine.assistAnswers.get` `discoveryengine.assistants.get` `discoveryengine.assistants.list` `discoveryengine.branches.` `discoveryengine.branches.get` `discoveryengine.branches.list` `discoveryengine.cmekConfigs.get` `discoveryengine.cmekConfigs.list` `discoveryengine.collections.get` `discoveryengine.collections.list` `discoveryengine.completionConfigs.completeQuery` `discoveryengine.completionConfigs.get` `discoveryengine.connectorRuns.list` `discoveryengine.controls.get` `discoveryengine.controls.list` `discoveryengine.conversations.converse` `discoveryengine.conversations.get` `discoveryengine.conversations.list` `discoveryengine.dataConnectors.buildActionInvocation` `discoveryengine.dataConnectors.checkRefreshToken` `discoveryengine.dataConnectors.get` `discoveryengine.dataConnectors.queryAvailableActions` `discoveryengine.dataStores.completeQuery` `discoveryengine.dataStores.get` `discoveryengine.dataStores.list` `discoveryengine.dataStores.listCustomModels` `discoveryengine.documentProcessingConfigs.get` `discoveryengine.documents.batchGetDocumentsMetadata` `discoveryengine.documents.get` `discoveryengine.documents.list` `discoveryengine.engines.get` `discoveryengine.engines.list` `discoveryengine.evaluations.get` `discoveryengine.evaluations.list` `discoveryengine.groundingConfigs.check` `discoveryengine.identityMappingStores.get` `discoveryengine.identityMappingStores.list` `discoveryengine.identityMappingStores.listIdentityMappings` `discoveryengine.models.get` `discoveryengine.models.list` `discoveryengine.operations.*` `discoveryengine.operations.get` `discoveryengine.operations.list` `discoveryengine.projects.get` `discoveryengine.rankingConfigs.rank` `discoveryengine.sampleQueries.get` `discoveryengine.sampleQueries.list` `discoveryengine.sampleQuerySets.get` `discoveryengine.sampleQuerySets.list` `discoveryengine.schemas.get` `discoveryengine.schemas.list` `discoveryengine.schemas.preview` `discoveryengine.schemas.validate` `discoveryengine.servingConfigs.answer` `discoveryengine.servingConfigs.get` `discoveryengine.servingConfigs.list` `discoveryengine.servingConfigs.recommend` `discoveryengine.servingConfigs.search` `discoveryengine.sessions.downloadFile` `discoveryengine.sessions.get` `discoveryengine.sessions.list` `discoveryengine.sessions.listSessionFileMetadata` `discoveryengine.sessions.recommendQuestions` `discoveryengine.siteSearchEngines.get` `discoveryengine.targetSites.get` `discoveryengine.targetSites.list` `discoveryengine.userEvents.fetchStats` `discoveryengine.userStores.get` `discoveryengine.widgetConfigs.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Discovery Engine Editor (`roles/discoveryengine.editor`) Grants read and write access to all discovery engine resources.	`discoveryengine.aclConfigs.get` `discoveryengine.agents.` `discoveryengine.agents.create` `discoveryengine.agents.delete` `discoveryengine.agents.get` `discoveryengine.agents.list` `discoveryengine.agents.update` `discoveryengine.alertPolicies.get` `discoveryengine.analytics.` `discoveryengine.analytics.acquireDashboardSession` `discoveryengine.analytics.refreshDashboardSessionTokens` `discoveryengine.answers.get` `discoveryengine.assistAnswers.get` `discoveryengine.assistants.assist` `discoveryengine.assistants.get` `discoveryengine.assistants.list` `discoveryengine.branches.` `discoveryengine.branches.get` `discoveryengine.branches.list` `discoveryengine.cmekConfigs.get` `discoveryengine.cmekConfigs.list` `discoveryengine.collections.get` `discoveryengine.collections.list` `discoveryengine.completionConfigs.completeQuery` `discoveryengine.completionConfigs.get` `discoveryengine.connectorRuns.list` `discoveryengine.controls.get` `discoveryengine.controls.list` `discoveryengine.conversations.` `discoveryengine.conversations.converse` `discoveryengine.conversations.create` `discoveryengine.conversations.delete` `discoveryengine.conversations.get` `discoveryengine.conversations.list` `discoveryengine.conversations.update` `discoveryengine.dataConnectors.acquireAccessToken` `discoveryengine.dataConnectors.acquireAndStoreRefreshToken` `discoveryengine.dataConnectors.buildActionInvocation` `discoveryengine.dataConnectors.checkRefreshToken` `discoveryengine.dataConnectors.executeAction` `discoveryengine.dataConnectors.get` `discoveryengine.dataConnectors.queryAvailableActions` `discoveryengine.dataStores.completeQuery` `discoveryengine.dataStores.get` `discoveryengine.dataStores.list` `discoveryengine.dataStores.listCustomModels` `discoveryengine.dataStores.trainCustomModel` `discoveryengine.documentProcessingConfigs.get` `discoveryengine.documents.batchGetDocumentsMetadata` `discoveryengine.documents.create` `discoveryengine.documents.delete` `discoveryengine.documents.get` `discoveryengine.documents.import` `discoveryengine.documents.list` `discoveryengine.documents.update` `discoveryengine.engines.createEngineUserData` `discoveryengine.engines.get` `discoveryengine.engines.list` `discoveryengine.engines.pause` `discoveryengine.engines.resume` `discoveryengine.engines.tune` `discoveryengine.evaluations.get` `discoveryengine.evaluations.list` `discoveryengine.groundingConfigs.check` `discoveryengine.identityMappingStores.` `discoveryengine.identityMappingStores.create` `discoveryengine.identityMappingStores.delete` `discoveryengine.identityMappingStores.get` `discoveryengine.identityMappingStores.importIdentityMappings` `discoveryengine.identityMappingStores.list` `discoveryengine.identityMappingStores.listIdentityMappings` `discoveryengine.identityMappingStores.purgeIdentityMappings` `discoveryengine.licenseConfigs.get` `discoveryengine.licenseConfigs.list` `discoveryengine.models.` `discoveryengine.models.create` `discoveryengine.models.delete` `discoveryengine.models.get` `discoveryengine.models.list` `discoveryengine.models.pause` `discoveryengine.models.resume` `discoveryengine.models.tune` `discoveryengine.models.update` `discoveryengine.operations.` `discoveryengine.operations.get` `discoveryengine.operations.list` `discoveryengine.projects.get` `discoveryengine.rankingConfigs.rank` `discoveryengine.sampleQueries.` `discoveryengine.sampleQueries.create` `discoveryengine.sampleQueries.delete` `discoveryengine.sampleQueries.get` `discoveryengine.sampleQueries.import` `discoveryengine.sampleQueries.list` `discoveryengine.sampleQueries.update` `discoveryengine.sampleQuerySets.` `discoveryengine.sampleQuerySets.create` `discoveryengine.sampleQuerySets.delete` `discoveryengine.sampleQuerySets.get` `discoveryengine.sampleQuerySets.list` `discoveryengine.sampleQuerySets.update` `discoveryengine.schemas.get` `discoveryengine.schemas.list` `discoveryengine.schemas.preview` `discoveryengine.schemas.validate` `discoveryengine.servingConfigs.answer` `discoveryengine.servingConfigs.get` `discoveryengine.servingConfigs.list` `discoveryengine.servingConfigs.recommend` `discoveryengine.servingConfigs.search` `discoveryengine.sessions.` `discoveryengine.sessions.addContextFile` `discoveryengine.sessions.create` `discoveryengine.sessions.delete` `discoveryengine.sessions.downloadFile` `discoveryengine.sessions.get` `discoveryengine.sessions.list` `discoveryengine.sessions.listSessionFileMetadata` `discoveryengine.sessions.recommendQuestions` `discoveryengine.sessions.removeContextFile` `discoveryengine.sessions.search` `discoveryengine.sessions.selectContextFiles` `discoveryengine.sessions.update` `discoveryengine.sessions.uploadFile` `discoveryengine.siteSearchEngines.get` `discoveryengine.targetSites.get` `discoveryengine.targetSites.list` `discoveryengine.userEvents.create` `discoveryengine.userEvents.fetchStats` `discoveryengine.userEvents.import` `discoveryengine.userStores.get` `discoveryengine.widgetConfigs.*` `discoveryengine.widgetConfigs.get` `discoveryengine.widgetConfigs.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Cloud NotebookLM Notebook Editor^Beta (`roles/discoveryengine.notebookEditor`) Grants read and write access to a Cloud NotebookLM Notebook.	`discoveryengine.audioOverviews.` `discoveryengine.audioOverviews.create` `discoveryengine.audioOverviews.delete` `discoveryengine.audioOverviews.get` `discoveryengine.audioOverviews.getIceConfig` `discoveryengine.audioOverviews.sendSdpOffer` `discoveryengine.notebooks.generateGuide` `discoveryengine.notebooks.get` `discoveryengine.notebooks.getIamPolicy` `discoveryengine.notebooks.interactSources` `discoveryengine.notebooks.list` `discoveryengine.notebooks.removeSelf` `discoveryengine.notebooks.update` `discoveryengine.notes.` `discoveryengine.notes.create` `discoveryengine.notes.delete` `discoveryengine.notes.get` `discoveryengine.notes.update` `discoveryengine.sources.*` `discoveryengine.sources.checkFreshness` `discoveryengine.sources.create` `discoveryengine.sources.delete` `discoveryengine.sources.generateDocumentGuide` `discoveryengine.sources.get` `discoveryengine.sources.refresh` `discoveryengine.sources.update`
Cloud NotebookLM Admin^Beta (`roles/discoveryengine.notebookLmOwner`) Grants full access to Cloud NotebookLM resources.	`discoveryengine.accounts.create` `discoveryengine.aclConfigs.` `discoveryengine.aclConfigs.get` `discoveryengine.aclConfigs.update` `discoveryengine.audioOverviews.` `discoveryengine.audioOverviews.create` `discoveryengine.audioOverviews.delete` `discoveryengine.audioOverviews.get` `discoveryengine.audioOverviews.getIceConfig` `discoveryengine.audioOverviews.sendSdpOffer` `discoveryengine.notebooks.` `discoveryengine.notebooks.create` `discoveryengine.notebooks.generateGuide` `discoveryengine.notebooks.get` `discoveryengine.notebooks.getAnalytics` `discoveryengine.notebooks.getIamPolicy` `discoveryengine.notebooks.interactSources` `discoveryengine.notebooks.list` `discoveryengine.notebooks.removeSelf` `discoveryengine.notebooks.setIamPolicy` `discoveryengine.notebooks.update` `discoveryengine.notes.` `discoveryengine.notes.create` `discoveryengine.notes.delete` `discoveryengine.notes.get` `discoveryengine.notes.update` `discoveryengine.sources.*` `discoveryengine.sources.checkFreshness` `discoveryengine.sources.create` `discoveryengine.sources.delete` `discoveryengine.sources.generateDocumentGuide` `discoveryengine.sources.get` `discoveryengine.sources.refresh` `discoveryengine.sources.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Cloud NotebookLM User^Beta (`roles/discoveryengine.notebookLmUser`) Grants user-level access to Cloud NotebookLM resources.	`discoveryengine.accounts.create` `discoveryengine.notebooks.create` `discoveryengine.notebooks.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Cloud NotebookLM Notebook Owner^Beta (`roles/discoveryengine.notebookOwner`) Grants full access to a Cloud NotebookLM Notebook.	`discoveryengine.audioOverviews.` `discoveryengine.audioOverviews.create` `discoveryengine.audioOverviews.delete` `discoveryengine.audioOverviews.get` `discoveryengine.audioOverviews.getIceConfig` `discoveryengine.audioOverviews.sendSdpOffer` `discoveryengine.notebooks.generateGuide` `discoveryengine.notebooks.get` `discoveryengine.notebooks.getAnalytics` `discoveryengine.notebooks.getIamPolicy` `discoveryengine.notebooks.interactSources` `discoveryengine.notebooks.list` `discoveryengine.notebooks.removeSelf` `discoveryengine.notebooks.setIamPolicy` `discoveryengine.notebooks.update` `discoveryengine.notes.` `discoveryengine.notes.create` `discoveryengine.notes.delete` `discoveryengine.notes.get` `discoveryengine.notes.update` `discoveryengine.sources.*` `discoveryengine.sources.checkFreshness` `discoveryengine.sources.create` `discoveryengine.sources.delete` `discoveryengine.sources.generateDocumentGuide` `discoveryengine.sources.get` `discoveryengine.sources.refresh` `discoveryengine.sources.update`
Cloud NotebookLM Notebook Viewer^Beta (`roles/discoveryengine.notebookViewer`) Grants read-only access to a Cloud NotebookLM Notebook.	`discoveryengine.audioOverviews.get` `discoveryengine.audioOverviews.getIceConfig` `discoveryengine.audioOverviews.sendSdpOffer` `discoveryengine.notebooks.generateGuide` `discoveryengine.notebooks.get` `discoveryengine.notebooks.getIamPolicy` `discoveryengine.notebooks.interactSources` `discoveryengine.notebooks.list` `discoveryengine.notebooks.removeSelf` `discoveryengine.notes.get` `discoveryengine.sources.checkFreshness` `discoveryengine.sources.generateDocumentGuide` `discoveryengine.sources.get`
Podcast API User^Beta (`roles/discoveryengine.podcastApiUser`) Grants user-level access to the Podcast resources.	`discoveryengine.accounts.create` `discoveryengine.agents.` `discoveryengine.agents.create` `discoveryengine.agents.delete` `discoveryengine.agents.get` `discoveryengine.agents.list` `discoveryengine.agents.update` `discoveryengine.answers.get` `discoveryengine.assistAnswers.get` `discoveryengine.assistants.assist` `discoveryengine.completionConfigs.completeQuery` `discoveryengine.dataConnectors.acquireAccessToken` `discoveryengine.dataConnectors.acquireAndStoreRefreshToken` `discoveryengine.dataConnectors.buildActionInvocation` `discoveryengine.dataConnectors.checkRefreshToken` `discoveryengine.dataConnectors.executeAction` `discoveryengine.dataConnectors.queryAvailableActions` `discoveryengine.engines.createEngineUserData` `discoveryengine.engines.get` `discoveryengine.notebooks.create` `discoveryengine.notebooks.list` `discoveryengine.operations.get` `discoveryengine.podcasts.create` `discoveryengine.servingConfigs.answer` `discoveryengine.servingConfigs.recommend` `discoveryengine.servingConfigs.search` `discoveryengine.sessions.` `discoveryengine.sessions.addContextFile` `discoveryengine.sessions.create` `discoveryengine.sessions.delete` `discoveryengine.sessions.downloadFile` `discoveryengine.sessions.get` `discoveryengine.sessions.list` `discoveryengine.sessions.listSessionFileMetadata` `discoveryengine.sessions.recommendQuestions` `discoveryengine.sessions.removeContextFile` `discoveryengine.sessions.search` `discoveryengine.sessions.selectContextFiles` `discoveryengine.sessions.update` `discoveryengine.sessions.uploadFile` `discoveryengine.userEvents.create` `discoveryengine.users.*` `discoveryengine.users.get` `discoveryengine.users.update` `discoveryengine.widgetConfigs.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`) Discovery Engine service uploads documents and user events from Cloud Storage and BigQuery, reports results to the customer Cloud Storage bucket, writes logs to customer projects using Cloud Logging, and writes and reads metrics for customer using Cloud Monitoring. Warning: Do not grant service agent roles to any principals except service agents.	`aiplatform.executions.create` `aiplatform.executions.delete` `aiplatform.executions.update` `aiplatform.extensions.` `aiplatform.extensions.delete` `aiplatform.extensions.execute` `aiplatform.extensions.get` `aiplatform.extensions.import` `aiplatform.extensions.list` `aiplatform.extensions.update` `aiplatform.operations.list` `aiplatform.reasoningEngines.` `aiplatform.reasoningEngines.create` `aiplatform.reasoningEngines.delete` `aiplatform.reasoningEngines.get` `aiplatform.reasoningEngines.list` `aiplatform.reasoningEngines.query` `aiplatform.reasoningEngines.update` `alloydb.clusters.export` `alloydb.databases.list` `alloydb.instances.get` `alloydb.operations.get` `bigquery.datasets.create` `bigquery.datasets.get` `bigquery.jobs.create` `bigquery.jobs.get` `bigquery.jobs.list` `bigquery.jobs.update` `bigquery.tables.create` `bigquery.tables.export` `bigquery.tables.get` `bigquery.tables.getData` `bigquery.tables.list` `bigquery.tables.update` `bigquery.tables.updateData` `bigtable.tables.readRows` `bigtable.tables.sampleRowKeys` `cloudsql.databases.get` `cloudsql.instances.export` `cloudsql.instances.get` `datastore.databases.export` `datastore.databases.get` `datastore.databases.getMetadata` `datastore.operations.get` `dialogflow.sessions.detectIntent` `discoveryengine.agents.create` `discoveryengine.completionConfigs.completeQuery` `discoveryengine.conversations.converse` `discoveryengine.conversations.create` `discoveryengine.dataStores.completeQuery` `discoveryengine.servingConfigs.answer` `discoveryengine.servingConfigs.search` `discoveryengine.userEvents.create` `integrations.apigeeExecutions.list` `integrations.apigeeIntegrationVers.get` `integrations.apigeeIntegrationVers.list` `integrations.integrationVersions.get` `integrations.integrationVersions.invoke` `integrations.integrationVersions.list` `integrations.integrations.get` `integrations.integrations.invoke` `integrations.integrations.list` `integrations.testCases.get` `integrations.testCases.invoke` `integrations.testCases.list` `logging.logEntries.create` `modelarmor.templates.useToSanitizeModelResponse` `modelarmor.templates.useToSanitizeUserPrompt` `monitoring.metricDescriptors.create` `monitoring.metricDescriptors.get` `monitoring.metricDescriptors.list` `monitoring.monitoredResourceDescriptors.` `monitoring.monitoredResourceDescriptors.get` `monitoring.monitoredResourceDescriptors.list` `monitoring.timeSeries.` `monitoring.timeSeries.create` `monitoring.timeSeries.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `spanner.databases.beginReadOnlyTransaction` `spanner.databases.partitionQuery` `spanner.databases.select` `spanner.databases.useDataBoost` `spanner.sessions.create` `storage.buckets.create` `storage.buckets.get` `storage.buckets.getIamPolicy` `storage.buckets.setIamPolicy` `storage.managedFolders.*` `storage.managedFolders.create` `storage.managedFolders.delete` `storage.managedFolders.get` `storage.managedFolders.getIamPolicy` `storage.managedFolders.list` `storage.managedFolders.setIamPolicy` `storage.objects.create` `storage.objects.delete` `storage.objects.get` `storage.objects.list` `storage.objects.update`
Discovery Engine User (`roles/discoveryengine.user`) Grants user-level access to Discovery Engine resources.	`discoveryengine.accounts.create` `discoveryengine.agents.` `discoveryengine.agents.create` `discoveryengine.agents.delete` `discoveryengine.agents.get` `discoveryengine.agents.list` `discoveryengine.agents.update` `discoveryengine.answers.get` `discoveryengine.assistAnswers.get` `discoveryengine.assistants.assist` `discoveryengine.completionConfigs.completeQuery` `discoveryengine.dataConnectors.acquireAccessToken` `discoveryengine.dataConnectors.acquireAndStoreRefreshToken` `discoveryengine.dataConnectors.buildActionInvocation` `discoveryengine.dataConnectors.checkRefreshToken` `discoveryengine.dataConnectors.executeAction` `discoveryengine.dataConnectors.queryAvailableActions` `discoveryengine.engines.createEngineUserData` `discoveryengine.engines.get` `discoveryengine.notebooks.create` `discoveryengine.notebooks.list` `discoveryengine.servingConfigs.answer` `discoveryengine.servingConfigs.recommend` `discoveryengine.servingConfigs.search` `discoveryengine.sessions.` `discoveryengine.sessions.addContextFile` `discoveryengine.sessions.create` `discoveryengine.sessions.delete` `discoveryengine.sessions.downloadFile` `discoveryengine.sessions.get` `discoveryengine.sessions.list` `discoveryengine.sessions.listSessionFileMetadata` `discoveryengine.sessions.recommendQuestions` `discoveryengine.sessions.removeContextFile` `discoveryengine.sessions.search` `discoveryengine.sessions.selectContextFiles` `discoveryengine.sessions.update` `discoveryengine.sessions.uploadFile` `discoveryengine.userEvents.create` `discoveryengine.users.*` `discoveryengine.users.get` `discoveryengine.users.update` `discoveryengine.widgetConfigs.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Discovery Engine Viewer (`roles/discoveryengine.viewer`) Grants read access to all discovery engine resources.	`discoveryengine.aclConfigs.get` `discoveryengine.agents.get` `discoveryengine.agents.list` `discoveryengine.alertPolicies.get` `discoveryengine.analytics.` `discoveryengine.analytics.acquireDashboardSession` `discoveryengine.analytics.refreshDashboardSessionTokens` `discoveryengine.answers.get` `discoveryengine.assistAnswers.get` `discoveryengine.assistants.get` `discoveryengine.assistants.list` `discoveryengine.branches.` `discoveryengine.branches.get` `discoveryengine.branches.list` `discoveryengine.cmekConfigs.get` `discoveryengine.cmekConfigs.list` `discoveryengine.collections.get` `discoveryengine.collections.list` `discoveryengine.completionConfigs.completeQuery` `discoveryengine.completionConfigs.get` `discoveryengine.connectorRuns.list` `discoveryengine.controls.get` `discoveryengine.controls.list` `discoveryengine.conversations.converse` `discoveryengine.conversations.get` `discoveryengine.conversations.list` `discoveryengine.dataConnectors.buildActionInvocation` `discoveryengine.dataConnectors.checkRefreshToken` `discoveryengine.dataConnectors.get` `discoveryengine.dataConnectors.queryAvailableActions` `discoveryengine.dataStores.completeQuery` `discoveryengine.dataStores.get` `discoveryengine.dataStores.list` `discoveryengine.dataStores.listCustomModels` `discoveryengine.documentProcessingConfigs.get` `discoveryengine.documents.batchGetDocumentsMetadata` `discoveryengine.documents.get` `discoveryengine.documents.list` `discoveryengine.engines.get` `discoveryengine.engines.list` `discoveryengine.evaluations.get` `discoveryengine.evaluations.list` `discoveryengine.groundingConfigs.check` `discoveryengine.identityMappingStores.get` `discoveryengine.identityMappingStores.list` `discoveryengine.identityMappingStores.listIdentityMappings` `discoveryengine.models.get` `discoveryengine.models.list` `discoveryengine.operations.*` `discoveryengine.operations.get` `discoveryengine.operations.list` `discoveryengine.projects.get` `discoveryengine.rankingConfigs.rank` `discoveryengine.sampleQueries.get` `discoveryengine.sampleQueries.list` `discoveryengine.sampleQuerySets.get` `discoveryengine.sampleQuerySets.list` `discoveryengine.schemas.get` `discoveryengine.schemas.list` `discoveryengine.schemas.preview` `discoveryengine.schemas.validate` `discoveryengine.servingConfigs.answer` `discoveryengine.servingConfigs.get` `discoveryengine.servingConfigs.list` `discoveryengine.servingConfigs.recommend` `discoveryengine.servingConfigs.search` `discoveryengine.sessions.downloadFile` `discoveryengine.sessions.get` `discoveryengine.sessions.list` `discoveryengine.sessions.listSessionFileMetadata` `discoveryengine.sessions.recommendQuestions` `discoveryengine.siteSearchEngines.get` `discoveryengine.targetSites.get` `discoveryengine.targetSites.list` `discoveryengine.userEvents.fetchStats` `discoveryengine.userStores.get` `discoveryengine.widgetConfigs.get` `resourcemanager.projects.get` `resourcemanager.projects.list`

Discovery Engine Admin

(roles/discoveryengine.admin)

Grants full access to all discoveryengine resources.

discoveryengine.aclConfigs.*

discoveryengine.aclConfigs.get
discoveryengine.aclConfigs.update

discoveryengine.agents.*

discoveryengine.agents.create
discoveryengine.agents.delete
discoveryengine.agents.get
discoveryengine.agents.list
discoveryengine.agents.update

discoveryengine.alertPolicies.*

discoveryengine.alertPolicies.create
discoveryengine.alertPolicies.get
discoveryengine.alertPolicies.update

discoveryengine.analytics.*

discoveryengine.analytics.acquireDashboardSession
discoveryengine.analytics.refreshDashboardSessionTokens

discoveryengine.answers.get

discoveryengine.assistAnswers.get

discoveryengine.assistants.*

discoveryengine.assistants.assist
discoveryengine.assistants.create
discoveryengine.assistants.delete
discoveryengine.assistants.get
discoveryengine.assistants.list
discoveryengine.assistants.update

discoveryengine.billingAccountLicenseConfigs.*

discoveryengine.billingAccountLicenseConfigs.distribute
discoveryengine.billingAccountLicenseConfigs.get
discoveryengine.billingAccountLicenseConfigs.list
discoveryengine.billingAccountLicenseConfigs.retract

discoveryengine.branches.*

discoveryengine.branches.get
discoveryengine.branches.list

discoveryengine.cmekConfigs.*

discoveryengine.cmekConfigs.get
discoveryengine.cmekConfigs.list
discoveryengine.cmekConfigs.update

discoveryengine.collections.*

discoveryengine.collections.delete
discoveryengine.collections.get
discoveryengine.collections.list

discoveryengine.completionConfigs.*

discoveryengine.completionConfigs.completeQuery
discoveryengine.completionConfigs.get
discoveryengine.completionConfigs.update

discoveryengine.connectorRuns.*

discoveryengine.connectorRuns.cancel
discoveryengine.connectorRuns.list

discoveryengine.controls.*

discoveryengine.controls.create
discoveryengine.controls.delete
discoveryengine.controls.get
discoveryengine.controls.list
discoveryengine.controls.update

discoveryengine.conversations.*

discoveryengine.conversations.converse
discoveryengine.conversations.create
discoveryengine.conversations.delete
discoveryengine.conversations.get
discoveryengine.conversations.list
discoveryengine.conversations.update

discoveryengine.dataConnectors.*

discoveryengine.dataConnectors.acquireAccessToken
discoveryengine.dataConnectors.acquireAndStoreRefreshToken
discoveryengine.dataConnectors.buildActionInvocation
discoveryengine.dataConnectors.checkRefreshToken
discoveryengine.dataConnectors.executeAction
discoveryengine.dataConnectors.get
discoveryengine.dataConnectors.queryAvailableActions
discoveryengine.dataConnectors.startConnectorRun
discoveryengine.dataConnectors.update

discoveryengine.dataStores.*

discoveryengine.dataStores.completeQuery
discoveryengine.dataStores.create
discoveryengine.dataStores.delete
discoveryengine.dataStores.enrollSolutions
discoveryengine.dataStores.get
discoveryengine.dataStores.list
discoveryengine.dataStores.listCustomModels
discoveryengine.dataStores.trainCustomModel
discoveryengine.dataStores.update

discoveryengine.documentProcessingConfigs.*

discoveryengine.documentProcessingConfigs.get
discoveryengine.documentProcessingConfigs.update

discoveryengine.documents.*

discoveryengine.documents.batchGetDocumentsMetadata
discoveryengine.documents.create
discoveryengine.documents.delete
discoveryengine.documents.get
discoveryengine.documents.import
discoveryengine.documents.list
discoveryengine.documents.purge
discoveryengine.documents.update

discoveryengine.engines.*

discoveryengine.engines.create
discoveryengine.engines.createEngineUserData
discoveryengine.engines.delete
discoveryengine.engines.get
discoveryengine.engines.getIamPolicy
discoveryengine.engines.list
discoveryengine.engines.pause
discoveryengine.engines.resume
discoveryengine.engines.setIamPolicy
discoveryengine.engines.tune
discoveryengine.engines.update

discoveryengine.evaluations.*

discoveryengine.evaluations.create
discoveryengine.evaluations.get
discoveryengine.evaluations.list

discoveryengine.groundingConfigs.check

discoveryengine.identityMappingStores.*

discoveryengine.identityMappingStores.create
discoveryengine.identityMappingStores.delete
discoveryengine.identityMappingStores.get
discoveryengine.identityMappingStores.importIdentityMappings
discoveryengine.identityMappingStores.list
discoveryengine.identityMappingStores.listIdentityMappings
discoveryengine.identityMappingStores.purgeIdentityMappings

discoveryengine.licenseConfigs.*

discoveryengine.licenseConfigs.create
discoveryengine.licenseConfigs.get
discoveryengine.licenseConfigs.list
discoveryengine.licenseConfigs.update

discoveryengine.locations.*

discoveryengine.locations.estimateDataSize
discoveryengine.locations.exchangeAuthCredentials
discoveryengine.locations.getConnectorSource
discoveryengine.locations.listConnectorSources
discoveryengine.locations.setUpDataConnector

discoveryengine.models.*

discoveryengine.models.create
discoveryengine.models.delete
discoveryengine.models.get
discoveryengine.models.list
discoveryengine.models.pause
discoveryengine.models.resume
discoveryengine.models.tune
discoveryengine.models.update

discoveryengine.operations.*

discoveryengine.operations.get
discoveryengine.operations.list

discoveryengine.projects.*

discoveryengine.projects.get
discoveryengine.projects.provision
discoveryengine.projects.reportConsentChange

discoveryengine.rankingConfigs.rank

discoveryengine.sampleQueries.*

discoveryengine.sampleQueries.create
discoveryengine.sampleQueries.delete
discoveryengine.sampleQueries.get
discoveryengine.sampleQueries.import
discoveryengine.sampleQueries.list
discoveryengine.sampleQueries.update

discoveryengine.sampleQuerySets.*

discoveryengine.sampleQuerySets.create
discoveryengine.sampleQuerySets.delete
discoveryengine.sampleQuerySets.get
discoveryengine.sampleQuerySets.list
discoveryengine.sampleQuerySets.update

discoveryengine.schemas.*

discoveryengine.schemas.create
discoveryengine.schemas.delete
discoveryengine.schemas.get
discoveryengine.schemas.list
discoveryengine.schemas.preview
discoveryengine.schemas.update
discoveryengine.schemas.validate

discoveryengine.servingConfigs.*

discoveryengine.servingConfigs.answer
discoveryengine.servingConfigs.create
discoveryengine.servingConfigs.delete
discoveryengine.servingConfigs.get
discoveryengine.servingConfigs.list
discoveryengine.servingConfigs.recommend
discoveryengine.servingConfigs.search
discoveryengine.servingConfigs.update

discoveryengine.sessions.*

discoveryengine.sessions.addContextFile
discoveryengine.sessions.create
discoveryengine.sessions.delete
discoveryengine.sessions.downloadFile
discoveryengine.sessions.get
discoveryengine.sessions.list
discoveryengine.sessions.listSessionFileMetadata
discoveryengine.sessions.recommendQuestions
discoveryengine.sessions.removeContextFile
discoveryengine.sessions.search
discoveryengine.sessions.selectContextFiles
discoveryengine.sessions.update
discoveryengine.sessions.uploadFile

discoveryengine.siteSearchEngines.*

discoveryengine.siteSearchEngines.batchVerifyTargetSites
discoveryengine.siteSearchEngines.disableAdvancedSiteSearch
discoveryengine.siteSearchEngines.enableAdvancedSiteSearch
discoveryengine.siteSearchEngines.fetchDomainVerificationStatus
discoveryengine.siteSearchEngines.get
discoveryengine.siteSearchEngines.recrawlUris

discoveryengine.sitemaps.*

discoveryengine.sitemaps.create
discoveryengine.sitemaps.delete
discoveryengine.sitemaps.fetch

discoveryengine.suggestionDenyListEntries.*

discoveryengine.suggestionDenyListEntries.import
discoveryengine.suggestionDenyListEntries.purge

discoveryengine.targetSites.*

discoveryengine.targetSites.batchCreate
discoveryengine.targetSites.create
discoveryengine.targetSites.delete
discoveryengine.targetSites.get
discoveryengine.targetSites.list
discoveryengine.targetSites.update

discoveryengine.userEvents.*

discoveryengine.userEvents.create
discoveryengine.userEvents.fetchStats
discoveryengine.userEvents.import
discoveryengine.userEvents.purge

discoveryengine.userStores.*

discoveryengine.userStores.batchUpdateUserLicenses
discoveryengine.userStores.get
discoveryengine.userStores.listUserLicenses
discoveryengine.userStores.update

discoveryengine.users.*

discoveryengine.users.get
discoveryengine.users.update

discoveryengine.widgetConfigs.*

discoveryengine.widgetConfigs.get
discoveryengine.widgetConfigs.update

resourcemanager.projects.get

resourcemanager.projects.list

Agent Admin^Beta

(roles/discoveryengine.agentAdmin)

Grants admin-level access to Agent resources.

discoveryengine.agents.*

discoveryengine.agents.create
discoveryengine.agents.delete
discoveryengine.agents.get
discoveryengine.agents.list
discoveryengine.agents.update

Gemini Enterprise Admin^Beta

(roles/discoveryengine.agentspaceAdmin)

Grants admin-level access to Gemini Enterprise resources.

discoveryengine.aclConfigs.*

discoveryengine.aclConfigs.get
discoveryengine.aclConfigs.update

discoveryengine.agents.*

discoveryengine.agents.create
discoveryengine.agents.delete
discoveryengine.agents.get
discoveryengine.agents.list
discoveryengine.agents.update

discoveryengine.alertPolicies.*

discoveryengine.alertPolicies.create
discoveryengine.alertPolicies.get
discoveryengine.alertPolicies.update

discoveryengine.analytics.*

discoveryengine.analytics.acquireDashboardSession
discoveryengine.analytics.refreshDashboardSessionTokens

discoveryengine.answers.get

discoveryengine.assistAnswers.get

discoveryengine.assistants.*

discoveryengine.assistants.assist
discoveryengine.assistants.create
discoveryengine.assistants.delete
discoveryengine.assistants.get
discoveryengine.assistants.list
discoveryengine.assistants.update

discoveryengine.billingAccountLicenseConfigs.*

discoveryengine.billingAccountLicenseConfigs.distribute
discoveryengine.billingAccountLicenseConfigs.get
discoveryengine.billingAccountLicenseConfigs.list
discoveryengine.billingAccountLicenseConfigs.retract

discoveryengine.branches.*

discoveryengine.branches.get
discoveryengine.branches.list

discoveryengine.cmekConfigs.*

discoveryengine.cmekConfigs.get
discoveryengine.cmekConfigs.list
discoveryengine.cmekConfigs.update

discoveryengine.collections.*

discoveryengine.collections.delete
discoveryengine.collections.get
discoveryengine.collections.list

discoveryengine.completionConfigs.*

discoveryengine.completionConfigs.completeQuery
discoveryengine.completionConfigs.get
discoveryengine.completionConfigs.update

discoveryengine.connectorRuns.*

discoveryengine.connectorRuns.cancel
discoveryengine.connectorRuns.list

discoveryengine.controls.*

discoveryengine.controls.create
discoveryengine.controls.delete
discoveryengine.controls.get
discoveryengine.controls.list
discoveryengine.controls.update

discoveryengine.conversations.*

discoveryengine.conversations.converse
discoveryengine.conversations.create
discoveryengine.conversations.delete
discoveryengine.conversations.get
discoveryengine.conversations.list
discoveryengine.conversations.update

discoveryengine.dataConnectors.*

discoveryengine.dataConnectors.acquireAccessToken
discoveryengine.dataConnectors.acquireAndStoreRefreshToken
discoveryengine.dataConnectors.buildActionInvocation
discoveryengine.dataConnectors.checkRefreshToken
discoveryengine.dataConnectors.executeAction
discoveryengine.dataConnectors.get
discoveryengine.dataConnectors.queryAvailableActions
discoveryengine.dataConnectors.startConnectorRun
discoveryengine.dataConnectors.update

discoveryengine.dataStores.*

discoveryengine.dataStores.completeQuery
discoveryengine.dataStores.create
discoveryengine.dataStores.delete
discoveryengine.dataStores.enrollSolutions
discoveryengine.dataStores.get
discoveryengine.dataStores.list
discoveryengine.dataStores.listCustomModels
discoveryengine.dataStores.trainCustomModel
discoveryengine.dataStores.update

discoveryengine.documentProcessingConfigs.*

discoveryengine.documentProcessingConfigs.get
discoveryengine.documentProcessingConfigs.update

discoveryengine.documents.*

discoveryengine.documents.batchGetDocumentsMetadata
discoveryengine.documents.create
discoveryengine.documents.delete
discoveryengine.documents.get
discoveryengine.documents.import
discoveryengine.documents.list
discoveryengine.documents.purge
discoveryengine.documents.update

discoveryengine.engines.*

discoveryengine.engines.create
discoveryengine.engines.createEngineUserData
discoveryengine.engines.delete
discoveryengine.engines.get
discoveryengine.engines.getIamPolicy
discoveryengine.engines.list
discoveryengine.engines.pause
discoveryengine.engines.resume
discoveryengine.engines.setIamPolicy
discoveryengine.engines.tune
discoveryengine.engines.update

discoveryengine.evaluations.*

discoveryengine.evaluations.create
discoveryengine.evaluations.get
discoveryengine.evaluations.list

discoveryengine.groundingConfigs.check

discoveryengine.identityMappingStores.*

discoveryengine.identityMappingStores.create
discoveryengine.identityMappingStores.delete
discoveryengine.identityMappingStores.get
discoveryengine.identityMappingStores.importIdentityMappings
discoveryengine.identityMappingStores.list
discoveryengine.identityMappingStores.listIdentityMappings
discoveryengine.identityMappingStores.purgeIdentityMappings

discoveryengine.licenseConfigs.*

discoveryengine.licenseConfigs.create
discoveryengine.licenseConfigs.get
discoveryengine.licenseConfigs.list
discoveryengine.licenseConfigs.update

discoveryengine.locations.*

discoveryengine.locations.estimateDataSize
discoveryengine.locations.exchangeAuthCredentials
discoveryengine.locations.getConnectorSource
discoveryengine.locations.listConnectorSources
discoveryengine.locations.setUpDataConnector

discoveryengine.models.*

discoveryengine.models.create
discoveryengine.models.delete
discoveryengine.models.get
discoveryengine.models.list
discoveryengine.models.pause
discoveryengine.models.resume
discoveryengine.models.tune
discoveryengine.models.update

discoveryengine.operations.*

discoveryengine.operations.get
discoveryengine.operations.list

discoveryengine.projects.*

discoveryengine.projects.get
discoveryengine.projects.provision
discoveryengine.projects.reportConsentChange

discoveryengine.rankingConfigs.rank

discoveryengine.sampleQueries.*

discoveryengine.sampleQueries.create
discoveryengine.sampleQueries.delete
discoveryengine.sampleQueries.get
discoveryengine.sampleQueries.import
discoveryengine.sampleQueries.list
discoveryengine.sampleQueries.update

discoveryengine.sampleQuerySets.*

discoveryengine.sampleQuerySets.create
discoveryengine.sampleQuerySets.delete
discoveryengine.sampleQuerySets.get
discoveryengine.sampleQuerySets.list
discoveryengine.sampleQuerySets.update

discoveryengine.schemas.*

discoveryengine.schemas.create
discoveryengine.schemas.delete
discoveryengine.schemas.get
discoveryengine.schemas.list
discoveryengine.schemas.preview
discoveryengine.schemas.update
discoveryengine.schemas.validate

discoveryengine.servingConfigs.*

discoveryengine.servingConfigs.answer
discoveryengine.servingConfigs.create
discoveryengine.servingConfigs.delete
discoveryengine.servingConfigs.get
discoveryengine.servingConfigs.list
discoveryengine.servingConfigs.recommend
discoveryengine.servingConfigs.search
discoveryengine.servingConfigs.update

discoveryengine.sessions.*

discoveryengine.sessions.addContextFile
discoveryengine.sessions.create
discoveryengine.sessions.delete
discoveryengine.sessions.downloadFile
discoveryengine.sessions.get
discoveryengine.sessions.list
discoveryengine.sessions.listSessionFileMetadata
discoveryengine.sessions.recommendQuestions
discoveryengine.sessions.removeContextFile
discoveryengine.sessions.search
discoveryengine.sessions.selectContextFiles
discoveryengine.sessions.update
discoveryengine.sessions.uploadFile

discoveryengine.siteSearchEngines.*

discoveryengine.siteSearchEngines.batchVerifyTargetSites
discoveryengine.siteSearchEngines.disableAdvancedSiteSearch
discoveryengine.siteSearchEngines.enableAdvancedSiteSearch
discoveryengine.siteSearchEngines.fetchDomainVerificationStatus
discoveryengine.siteSearchEngines.get
discoveryengine.siteSearchEngines.recrawlUris

discoveryengine.sitemaps.*

discoveryengine.sitemaps.create
discoveryengine.sitemaps.delete
discoveryengine.sitemaps.fetch

discoveryengine.suggestionDenyListEntries.*

discoveryengine.suggestionDenyListEntries.import
discoveryengine.suggestionDenyListEntries.purge

discoveryengine.targetSites.*

discoveryengine.targetSites.batchCreate
discoveryengine.targetSites.create
discoveryengine.targetSites.delete
discoveryengine.targetSites.get
discoveryengine.targetSites.list
discoveryengine.targetSites.update

discoveryengine.userEvents.*

discoveryengine.userEvents.create
discoveryengine.userEvents.fetchStats
discoveryengine.userEvents.import
discoveryengine.userEvents.purge

discoveryengine.userStores.*

discoveryengine.userStores.batchUpdateUserLicenses
discoveryengine.userStores.get
discoveryengine.userStores.listUserLicenses
discoveryengine.userStores.update

discoveryengine.users.*

discoveryengine.users.get
discoveryengine.users.update

discoveryengine.widgetConfigs.*

discoveryengine.widgetConfigs.get
discoveryengine.widgetConfigs.update

resourcemanager.projects.get

resourcemanager.projects.list

Gemini Enterprise Editor^Beta

(roles/discoveryengine.agentspaceEditor)

Grants access to edit Gemini Enterprise resources.

discoveryengine.aclConfigs.get

discoveryengine.agents.*

discoveryengine.agents.create
discoveryengine.agents.delete
discoveryengine.agents.get
discoveryengine.agents.list
discoveryengine.agents.update

discoveryengine.alertPolicies.get

discoveryengine.analytics.*

discoveryengine.analytics.acquireDashboardSession
discoveryengine.analytics.refreshDashboardSessionTokens

discoveryengine.answers.get

discoveryengine.assistAnswers.get

discoveryengine.assistants.assist

discoveryengine.assistants.get

discoveryengine.assistants.list

discoveryengine.branches.*

discoveryengine.branches.get
discoveryengine.branches.list

discoveryengine.cmekConfigs.get

discoveryengine.cmekConfigs.list

discoveryengine.collections.get

discoveryengine.collections.list

discoveryengine.completionConfigs.completeQuery

discoveryengine.completionConfigs.get

discoveryengine.connectorRuns.list

discoveryengine.controls.get

discoveryengine.controls.list

discoveryengine.conversations.*

discoveryengine.conversations.converse
discoveryengine.conversations.create
discoveryengine.conversations.delete
discoveryengine.conversations.get
discoveryengine.conversations.list
discoveryengine.conversations.update

discoveryengine.dataConnectors.acquireAccessToken

discoveryengine.dataConnectors.acquireAndStoreRefreshToken

discoveryengine.dataConnectors.buildActionInvocation

discoveryengine.dataConnectors.checkRefreshToken

discoveryengine.dataConnectors.executeAction

discoveryengine.dataConnectors.get

discoveryengine.dataConnectors.queryAvailableActions

discoveryengine.dataStores.completeQuery

discoveryengine.dataStores.get

discoveryengine.dataStores.list

discoveryengine.dataStores.listCustomModels

discoveryengine.dataStores.trainCustomModel

discoveryengine.documentProcessingConfigs.get

discoveryengine.documents.batchGetDocumentsMetadata

discoveryengine.documents.create

discoveryengine.documents.delete

discoveryengine.documents.get

discoveryengine.documents.import

discoveryengine.documents.list

discoveryengine.documents.update

discoveryengine.engines.createEngineUserData

discoveryengine.engines.get

discoveryengine.engines.list

discoveryengine.engines.pause

discoveryengine.engines.resume

discoveryengine.engines.tune

discoveryengine.evaluations.get

discoveryengine.evaluations.list

discoveryengine.groundingConfigs.check

discoveryengine.identityMappingStores.*

discoveryengine.identityMappingStores.create
discoveryengine.identityMappingStores.delete
discoveryengine.identityMappingStores.get
discoveryengine.identityMappingStores.importIdentityMappings
discoveryengine.identityMappingStores.list
discoveryengine.identityMappingStores.listIdentityMappings
discoveryengine.identityMappingStores.purgeIdentityMappings

discoveryengine.licenseConfigs.get

discoveryengine.licenseConfigs.list

discoveryengine.models.*

discoveryengine.models.create
discoveryengine.models.delete
discoveryengine.models.get
discoveryengine.models.list
discoveryengine.models.pause
discoveryengine.models.resume
discoveryengine.models.tune
discoveryengine.models.update

discoveryengine.operations.*

discoveryengine.operations.get
discoveryengine.operations.list

discoveryengine.projects.get

discoveryengine.rankingConfigs.rank

discoveryengine.sampleQueries.*

discoveryengine.sampleQueries.create
discoveryengine.sampleQueries.delete
discoveryengine.sampleQueries.get
discoveryengine.sampleQueries.import
discoveryengine.sampleQueries.list
discoveryengine.sampleQueries.update

discoveryengine.sampleQuerySets.*

discoveryengine.sampleQuerySets.create
discoveryengine.sampleQuerySets.delete
discoveryengine.sampleQuerySets.get
discoveryengine.sampleQuerySets.list
discoveryengine.sampleQuerySets.update

discoveryengine.schemas.get

discoveryengine.schemas.list

discoveryengine.schemas.preview

discoveryengine.schemas.validate

discoveryengine.servingConfigs.answer

discoveryengine.servingConfigs.get

discoveryengine.servingConfigs.list

discoveryengine.servingConfigs.recommend

discoveryengine.servingConfigs.search

discoveryengine.sessions.*

discoveryengine.sessions.addContextFile
discoveryengine.sessions.create
discoveryengine.sessions.delete
discoveryengine.sessions.downloadFile
discoveryengine.sessions.get
discoveryengine.sessions.list
discoveryengine.sessions.listSessionFileMetadata
discoveryengine.sessions.recommendQuestions
discoveryengine.sessions.removeContextFile
discoveryengine.sessions.search
discoveryengine.sessions.selectContextFiles
discoveryengine.sessions.update
discoveryengine.sessions.uploadFile

discoveryengine.siteSearchEngines.get

discoveryengine.targetSites.get

discoveryengine.targetSites.list

discoveryengine.userEvents.create

discoveryengine.userEvents.fetchStats

discoveryengine.userEvents.import

discoveryengine.userStores.get

discoveryengine.widgetConfigs.*

discoveryengine.widgetConfigs.get
discoveryengine.widgetConfigs.update

resourcemanager.projects.get

resourcemanager.projects.list

Gemini Enterprise Restricted User^Beta

(roles/discoveryengine.agentspaceRestrictedUser)

Grants restricted user-level access to Gemini Enterprise resources, for fine-grained control over multiple Gemini Enterprise instances in the same project. Principals with this role will need to be granted an unrestricted user-level role (e.g. /agentspaceUser) on an Engine policy in order to use Gemini Enterprise.

discoveryengine.dataConnectors.acquireAccessToken

discoveryengine.dataConnectors.acquireAndStoreRefreshToken

discoveryengine.dataConnectors.buildActionInvocation

discoveryengine.dataConnectors.checkRefreshToken

discoveryengine.dataConnectors.executeAction

discoveryengine.dataConnectors.queryAvailableActions

discoveryengine.userEvents.create

discoveryengine.users.*

discoveryengine.users.get
discoveryengine.users.update

Gemini Enterprise User^Beta

(roles/discoveryengine.agentspaceUser)

Grants user-level access to Gemini Enterprise resources.

discoveryengine.accounts.create

discoveryengine.agents.*

discoveryengine.agents.create
discoveryengine.agents.delete
discoveryengine.agents.get
discoveryengine.agents.list
discoveryengine.agents.update

discoveryengine.answers.get

discoveryengine.assistAnswers.get

discoveryengine.assistants.assist

discoveryengine.completionConfigs.completeQuery

discoveryengine.dataConnectors.acquireAccessToken

discoveryengine.dataConnectors.acquireAndStoreRefreshToken

discoveryengine.dataConnectors.buildActionInvocation

discoveryengine.dataConnectors.checkRefreshToken

discoveryengine.dataConnectors.executeAction

discoveryengine.dataConnectors.queryAvailableActions

discoveryengine.engines.createEngineUserData

discoveryengine.engines.get

discoveryengine.notebooks.create

discoveryengine.notebooks.list

discoveryengine.servingConfigs.answer

discoveryengine.servingConfigs.recommend

discoveryengine.servingConfigs.search

discoveryengine.sessions.*

discoveryengine.sessions.addContextFile
discoveryengine.sessions.create
discoveryengine.sessions.delete
discoveryengine.sessions.downloadFile
discoveryengine.sessions.get
discoveryengine.sessions.list
discoveryengine.sessions.listSessionFileMetadata
discoveryengine.sessions.recommendQuestions
discoveryengine.sessions.removeContextFile
discoveryengine.sessions.search
discoveryengine.sessions.selectContextFiles
discoveryengine.sessions.update
discoveryengine.sessions.uploadFile

discoveryengine.userEvents.create

discoveryengine.users.*

discoveryengine.users.get
discoveryengine.users.update

discoveryengine.widgetConfigs.get

resourcemanager.projects.get

resourcemanager.projects.list

Gemini Enterprise Viewer^Beta

(roles/discoveryengine.agentspaceViewer)

Grants access to view the details of Gemini Enterprise resources.

discoveryengine.aclConfigs.get

discoveryengine.agents.get

discoveryengine.agents.list

discoveryengine.alertPolicies.get

discoveryengine.analytics.*

discoveryengine.analytics.acquireDashboardSession
discoveryengine.analytics.refreshDashboardSessionTokens

discoveryengine.answers.get

discoveryengine.assistAnswers.get

discoveryengine.assistants.get

discoveryengine.assistants.list

discoveryengine.branches.*

discoveryengine.branches.get
discoveryengine.branches.list

discoveryengine.cmekConfigs.get

discoveryengine.cmekConfigs.list

discoveryengine.collections.get

discoveryengine.collections.list

discoveryengine.completionConfigs.completeQuery

discoveryengine.completionConfigs.get

discoveryengine.connectorRuns.list

discoveryengine.controls.get

discoveryengine.controls.list

discoveryengine.conversations.converse

discoveryengine.conversations.get

discoveryengine.conversations.list

discoveryengine.dataConnectors.buildActionInvocation

discoveryengine.dataConnectors.checkRefreshToken

discoveryengine.dataConnectors.get

discoveryengine.dataConnectors.queryAvailableActions

discoveryengine.dataStores.completeQuery

discoveryengine.dataStores.get

discoveryengine.dataStores.list

discoveryengine.dataStores.listCustomModels

discoveryengine.documentProcessingConfigs.get

discoveryengine.documents.batchGetDocumentsMetadata

discoveryengine.documents.get

discoveryengine.documents.list

discoveryengine.engines.get

discoveryengine.engines.list

discoveryengine.evaluations.get

discoveryengine.evaluations.list

discoveryengine.groundingConfigs.check

discoveryengine.identityMappingStores.get

discoveryengine.identityMappingStores.list

discoveryengine.identityMappingStores.listIdentityMappings

discoveryengine.models.get

discoveryengine.models.list

discoveryengine.operations.*

discoveryengine.operations.get
discoveryengine.operations.list

discoveryengine.projects.get

discoveryengine.rankingConfigs.rank

discoveryengine.sampleQueries.get

discoveryengine.sampleQueries.list

discoveryengine.sampleQuerySets.get

discoveryengine.sampleQuerySets.list

discoveryengine.schemas.get

discoveryengine.schemas.list

discoveryengine.schemas.preview

discoveryengine.schemas.validate

discoveryengine.servingConfigs.answer

discoveryengine.servingConfigs.get

discoveryengine.servingConfigs.list

discoveryengine.servingConfigs.recommend

discoveryengine.servingConfigs.search

discoveryengine.sessions.downloadFile

discoveryengine.sessions.get

discoveryengine.sessions.list

discoveryengine.sessions.listSessionFileMetadata

discoveryengine.sessions.recommendQuestions

discoveryengine.siteSearchEngines.get

discoveryengine.targetSites.get

discoveryengine.targetSites.list

discoveryengine.userEvents.fetchStats

discoveryengine.userStores.get

discoveryengine.widgetConfigs.get

resourcemanager.projects.get

resourcemanager.projects.list

Discovery Engine Editor

(roles/discoveryengine.editor)

Grants read and write access to all discovery engine resources.

discoveryengine.aclConfigs.get

discoveryengine.agents.*

discoveryengine.agents.create
discoveryengine.agents.delete
discoveryengine.agents.get
discoveryengine.agents.list
discoveryengine.agents.update

discoveryengine.alertPolicies.get

discoveryengine.analytics.*

discoveryengine.analytics.acquireDashboardSession
discoveryengine.analytics.refreshDashboardSessionTokens

discoveryengine.answers.get

discoveryengine.assistAnswers.get

discoveryengine.assistants.assist

discoveryengine.assistants.get

discoveryengine.assistants.list

discoveryengine.branches.*

discoveryengine.branches.get
discoveryengine.branches.list

discoveryengine.cmekConfigs.get

discoveryengine.cmekConfigs.list

discoveryengine.collections.get

discoveryengine.collections.list

discoveryengine.completionConfigs.completeQuery

discoveryengine.completionConfigs.get

discoveryengine.connectorRuns.list

discoveryengine.controls.get

discoveryengine.controls.list

discoveryengine.conversations.*

discoveryengine.conversations.converse
discoveryengine.conversations.create
discoveryengine.conversations.delete
discoveryengine.conversations.get
discoveryengine.conversations.list
discoveryengine.conversations.update

discoveryengine.dataConnectors.acquireAccessToken

discoveryengine.dataConnectors.acquireAndStoreRefreshToken

discoveryengine.dataConnectors.buildActionInvocation

discoveryengine.dataConnectors.checkRefreshToken

discoveryengine.dataConnectors.executeAction

discoveryengine.dataConnectors.get

discoveryengine.dataConnectors.queryAvailableActions

discoveryengine.dataStores.completeQuery

discoveryengine.dataStores.get

discoveryengine.dataStores.list

discoveryengine.dataStores.listCustomModels

discoveryengine.dataStores.trainCustomModel

discoveryengine.documentProcessingConfigs.get

discoveryengine.documents.batchGetDocumentsMetadata

discoveryengine.documents.create

discoveryengine.documents.delete

discoveryengine.documents.get

discoveryengine.documents.import

discoveryengine.documents.list

discoveryengine.documents.update

discoveryengine.engines.createEngineUserData

discoveryengine.engines.get

discoveryengine.engines.list

discoveryengine.engines.pause

discoveryengine.engines.resume

discoveryengine.engines.tune

discoveryengine.evaluations.get

discoveryengine.evaluations.list

discoveryengine.groundingConfigs.check

discoveryengine.identityMappingStores.*

discoveryengine.identityMappingStores.create
discoveryengine.identityMappingStores.delete
discoveryengine.identityMappingStores.get
discoveryengine.identityMappingStores.importIdentityMappings
discoveryengine.identityMappingStores.list
discoveryengine.identityMappingStores.listIdentityMappings
discoveryengine.identityMappingStores.purgeIdentityMappings

discoveryengine.licenseConfigs.get

discoveryengine.licenseConfigs.list

discoveryengine.models.*

discoveryengine.models.create
discoveryengine.models.delete
discoveryengine.models.get
discoveryengine.models.list
discoveryengine.models.pause
discoveryengine.models.resume
discoveryengine.models.tune
discoveryengine.models.update

discoveryengine.operations.*

discoveryengine.operations.get
discoveryengine.operations.list

discoveryengine.projects.get

discoveryengine.rankingConfigs.rank

discoveryengine.sampleQueries.*

discoveryengine.sampleQueries.create
discoveryengine.sampleQueries.delete
discoveryengine.sampleQueries.get
discoveryengine.sampleQueries.import
discoveryengine.sampleQueries.list
discoveryengine.sampleQueries.update

discoveryengine.sampleQuerySets.*

discoveryengine.sampleQuerySets.create
discoveryengine.sampleQuerySets.delete
discoveryengine.sampleQuerySets.get
discoveryengine.sampleQuerySets.list
discoveryengine.sampleQuerySets.update

discoveryengine.schemas.get

discoveryengine.schemas.list

discoveryengine.schemas.preview

discoveryengine.schemas.validate

discoveryengine.servingConfigs.answer

discoveryengine.servingConfigs.get

discoveryengine.servingConfigs.list

discoveryengine.servingConfigs.recommend

discoveryengine.servingConfigs.search

discoveryengine.sessions.*

discoveryengine.sessions.addContextFile
discoveryengine.sessions.create
discoveryengine.sessions.delete
discoveryengine.sessions.downloadFile
discoveryengine.sessions.get
discoveryengine.sessions.list
discoveryengine.sessions.listSessionFileMetadata
discoveryengine.sessions.recommendQuestions
discoveryengine.sessions.removeContextFile
discoveryengine.sessions.search
discoveryengine.sessions.selectContextFiles
discoveryengine.sessions.update
discoveryengine.sessions.uploadFile

discoveryengine.siteSearchEngines.get

discoveryengine.targetSites.get

discoveryengine.targetSites.list

discoveryengine.userEvents.create

discoveryengine.userEvents.fetchStats

discoveryengine.userEvents.import

discoveryengine.userStores.get

discoveryengine.widgetConfigs.*

discoveryengine.widgetConfigs.get
discoveryengine.widgetConfigs.update

resourcemanager.projects.get

resourcemanager.projects.list

Cloud NotebookLM Notebook Editor^Beta

(roles/discoveryengine.notebookEditor)

Grants read and write access to a Cloud NotebookLM Notebook.

discoveryengine.audioOverviews.*

discoveryengine.audioOverviews.create
discoveryengine.audioOverviews.delete
discoveryengine.audioOverviews.get
discoveryengine.audioOverviews.getIceConfig
discoveryengine.audioOverviews.sendSdpOffer

discoveryengine.notebooks.generateGuide

discoveryengine.notebooks.get

discoveryengine.notebooks.getIamPolicy

discoveryengine.notebooks.interactSources

discoveryengine.notebooks.list

discoveryengine.notebooks.removeSelf

discoveryengine.notebooks.update

discoveryengine.notes.*

discoveryengine.notes.create
discoveryengine.notes.delete
discoveryengine.notes.get
discoveryengine.notes.update

discoveryengine.sources.*

discoveryengine.sources.checkFreshness
discoveryengine.sources.create
discoveryengine.sources.delete
discoveryengine.sources.generateDocumentGuide
discoveryengine.sources.get
discoveryengine.sources.refresh
discoveryengine.sources.update

Cloud NotebookLM Admin^Beta

(roles/discoveryengine.notebookLmOwner)

Grants full access to Cloud NotebookLM resources.

discoveryengine.accounts.create

discoveryengine.aclConfigs.*

discoveryengine.aclConfigs.get
discoveryengine.aclConfigs.update

discoveryengine.audioOverviews.*

discoveryengine.audioOverviews.create
discoveryengine.audioOverviews.delete
discoveryengine.audioOverviews.get
discoveryengine.audioOverviews.getIceConfig
discoveryengine.audioOverviews.sendSdpOffer

discoveryengine.notebooks.*

discoveryengine.notebooks.create
discoveryengine.notebooks.generateGuide
discoveryengine.notebooks.get
discoveryengine.notebooks.getAnalytics
discoveryengine.notebooks.getIamPolicy
discoveryengine.notebooks.interactSources
discoveryengine.notebooks.list
discoveryengine.notebooks.removeSelf
discoveryengine.notebooks.setIamPolicy
discoveryengine.notebooks.update

discoveryengine.notes.*

discoveryengine.notes.create
discoveryengine.notes.delete
discoveryengine.notes.get
discoveryengine.notes.update

discoveryengine.sources.*

discoveryengine.sources.checkFreshness
discoveryengine.sources.create
discoveryengine.sources.delete
discoveryengine.sources.generateDocumentGuide
discoveryengine.sources.get
discoveryengine.sources.refresh
discoveryengine.sources.update

resourcemanager.projects.get

resourcemanager.projects.list

Cloud NotebookLM User^Beta

(roles/discoveryengine.notebookLmUser)

Grants user-level access to Cloud NotebookLM resources.

discoveryengine.accounts.create

discoveryengine.notebooks.create

discoveryengine.notebooks.list

resourcemanager.projects.get

resourcemanager.projects.list

Cloud NotebookLM Notebook Owner^Beta

(roles/discoveryengine.notebookOwner)

Grants full access to a Cloud NotebookLM Notebook.

discoveryengine.audioOverviews.*

discoveryengine.audioOverviews.create
discoveryengine.audioOverviews.delete
discoveryengine.audioOverviews.get
discoveryengine.audioOverviews.getIceConfig
discoveryengine.audioOverviews.sendSdpOffer

discoveryengine.notebooks.generateGuide

discoveryengine.notebooks.get

discoveryengine.notebooks.getAnalytics

discoveryengine.notebooks.getIamPolicy

discoveryengine.notebooks.interactSources

discoveryengine.notebooks.list

discoveryengine.notebooks.removeSelf

discoveryengine.notebooks.setIamPolicy

discoveryengine.notebooks.update

discoveryengine.notes.*

discoveryengine.notes.create
discoveryengine.notes.delete
discoveryengine.notes.get
discoveryengine.notes.update

discoveryengine.sources.*

discoveryengine.sources.checkFreshness
discoveryengine.sources.create
discoveryengine.sources.delete
discoveryengine.sources.generateDocumentGuide
discoveryengine.sources.get
discoveryengine.sources.refresh
discoveryengine.sources.update

Cloud NotebookLM Notebook Viewer^Beta

(roles/discoveryengine.notebookViewer)

Grants read-only access to a Cloud NotebookLM Notebook.

discoveryengine.audioOverviews.get

discoveryengine.audioOverviews.getIceConfig

discoveryengine.audioOverviews.sendSdpOffer

discoveryengine.notebooks.generateGuide

discoveryengine.notebooks.get

discoveryengine.notebooks.getIamPolicy

discoveryengine.notebooks.interactSources

discoveryengine.notebooks.list

discoveryengine.notebooks.removeSelf

discoveryengine.notes.get

discoveryengine.sources.checkFreshness

discoveryengine.sources.generateDocumentGuide

discoveryengine.sources.get

Podcast API User^Beta

(roles/discoveryengine.podcastApiUser)

Grants user-level access to the Podcast resources.

discoveryengine.accounts.create

discoveryengine.agents.*

discoveryengine.agents.create
discoveryengine.agents.delete
discoveryengine.agents.get
discoveryengine.agents.list
discoveryengine.agents.update

discoveryengine.answers.get

discoveryengine.assistAnswers.get

discoveryengine.assistants.assist

discoveryengine.completionConfigs.completeQuery

discoveryengine.dataConnectors.acquireAccessToken

discoveryengine.dataConnectors.acquireAndStoreRefreshToken

discoveryengine.dataConnectors.buildActionInvocation

discoveryengine.dataConnectors.checkRefreshToken

discoveryengine.dataConnectors.executeAction

discoveryengine.dataConnectors.queryAvailableActions

discoveryengine.engines.createEngineUserData

discoveryengine.engines.get

discoveryengine.notebooks.create

discoveryengine.notebooks.list

discoveryengine.operations.get

discoveryengine.podcasts.create

discoveryengine.servingConfigs.answer

discoveryengine.servingConfigs.recommend

discoveryengine.servingConfigs.search

discoveryengine.sessions.*

discoveryengine.sessions.addContextFile
discoveryengine.sessions.create
discoveryengine.sessions.delete
discoveryengine.sessions.downloadFile
discoveryengine.sessions.get
discoveryengine.sessions.list
discoveryengine.sessions.listSessionFileMetadata
discoveryengine.sessions.recommendQuestions
discoveryengine.sessions.removeContextFile
discoveryengine.sessions.search
discoveryengine.sessions.selectContextFiles
discoveryengine.sessions.update
discoveryengine.sessions.uploadFile

discoveryengine.userEvents.create

discoveryengine.users.*

discoveryengine.users.get
discoveryengine.users.update

discoveryengine.widgetConfigs.get

resourcemanager.projects.get

resourcemanager.projects.list

Discovery Engine Service Agent

(roles/discoveryengine.serviceAgent)

Discovery Engine service uploads documents and user events from Cloud Storage and BigQuery, reports results to the customer Cloud Storage bucket, writes logs to customer projects using Cloud Logging, and writes and reads metrics for customer using Cloud Monitoring.

Warning: Do not grant service agent roles to any principals except service agents.

aiplatform.executions.create

aiplatform.executions.delete

aiplatform.executions.update

aiplatform.extensions.*

aiplatform.extensions.delete
aiplatform.extensions.execute
aiplatform.extensions.get
aiplatform.extensions.import
aiplatform.extensions.list
aiplatform.extensions.update

aiplatform.operations.list

aiplatform.reasoningEngines.*

aiplatform.reasoningEngines.create
aiplatform.reasoningEngines.delete
aiplatform.reasoningEngines.get
aiplatform.reasoningEngines.list
aiplatform.reasoningEngines.query
aiplatform.reasoningEngines.update

alloydb.clusters.export

alloydb.databases.list

alloydb.instances.get

alloydb.operations.get

bigquery.datasets.create

bigquery.datasets.get

bigquery.jobs.create

bigquery.jobs.get

bigquery.jobs.list

bigquery.jobs.update

bigquery.tables.create

bigquery.tables.export

bigquery.tables.get

bigquery.tables.getData

bigquery.tables.list

bigquery.tables.update

bigquery.tables.updateData

bigtable.tables.readRows

bigtable.tables.sampleRowKeys

cloudsql.databases.get

cloudsql.instances.export

cloudsql.instances.get

datastore.databases.export

datastore.databases.get

datastore.databases.getMetadata

datastore.operations.get

dialogflow.sessions.detectIntent

discoveryengine.agents.create

discoveryengine.completionConfigs.completeQuery

discoveryengine.conversations.converse

discoveryengine.conversations.create

discoveryengine.dataStores.completeQuery

discoveryengine.servingConfigs.answer

discoveryengine.servingConfigs.search

discoveryengine.userEvents.create

integrations.apigeeExecutions.list

integrations.apigeeIntegrationVers.get

integrations.apigeeIntegrationVers.list

integrations.integrationVersions.get

integrations.integrationVersions.invoke

integrations.integrationVersions.list

integrations.integrations.get

integrations.integrations.invoke

integrations.integrations.list

integrations.testCases.get

integrations.testCases.invoke

integrations.testCases.list

logging.logEntries.create

modelarmor.templates.useToSanitizeModelResponse

modelarmor.templates.useToSanitizeUserPrompt

monitoring.metricDescriptors.create

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

monitoring.monitoredResourceDescriptors.get
monitoring.monitoredResourceDescriptors.list

monitoring.timeSeries.*

monitoring.timeSeries.create
monitoring.timeSeries.list

resourcemanager.projects.get

resourcemanager.projects.list

spanner.databases.beginReadOnlyTransaction

spanner.databases.partitionQuery

spanner.databases.select

spanner.databases.useDataBoost

spanner.sessions.create

storage.buckets.create

storage.buckets.get

storage.buckets.getIamPolicy

storage.buckets.setIamPolicy

storage.managedFolders.*

storage.managedFolders.create
storage.managedFolders.delete
storage.managedFolders.get
storage.managedFolders.getIamPolicy
storage.managedFolders.list
storage.managedFolders.setIamPolicy

storage.objects.create

storage.objects.delete

storage.objects.get

storage.objects.list

storage.objects.update

Discovery Engine User

(roles/discoveryengine.user)

Grants user-level access to Discovery Engine resources.

discoveryengine.accounts.create

discoveryengine.agents.*

discoveryengine.agents.create
discoveryengine.agents.delete
discoveryengine.agents.get
discoveryengine.agents.list
discoveryengine.agents.update

discoveryengine.answers.get

discoveryengine.assistAnswers.get

discoveryengine.assistants.assist

discoveryengine.completionConfigs.completeQuery

discoveryengine.dataConnectors.acquireAccessToken

discoveryengine.dataConnectors.acquireAndStoreRefreshToken

discoveryengine.dataConnectors.buildActionInvocation

discoveryengine.dataConnectors.checkRefreshToken

discoveryengine.dataConnectors.executeAction

discoveryengine.dataConnectors.queryAvailableActions

discoveryengine.engines.createEngineUserData

discoveryengine.engines.get

discoveryengine.notebooks.create

discoveryengine.notebooks.list

discoveryengine.servingConfigs.answer

discoveryengine.servingConfigs.recommend

discoveryengine.servingConfigs.search

discoveryengine.sessions.*

discoveryengine.sessions.addContextFile
discoveryengine.sessions.create
discoveryengine.sessions.delete
discoveryengine.sessions.downloadFile
discoveryengine.sessions.get
discoveryengine.sessions.list
discoveryengine.sessions.listSessionFileMetadata
discoveryengine.sessions.recommendQuestions
discoveryengine.sessions.removeContextFile
discoveryengine.sessions.search
discoveryengine.sessions.selectContextFiles
discoveryengine.sessions.update
discoveryengine.sessions.uploadFile

discoveryengine.userEvents.create

discoveryengine.users.*

discoveryengine.users.get
discoveryengine.users.update

discoveryengine.widgetConfigs.get

resourcemanager.projects.get

resourcemanager.projects.list

Discovery Engine Viewer

(roles/discoveryengine.viewer)

Grants read access to all discovery engine resources.

discoveryengine.aclConfigs.get

discoveryengine.agents.get

discoveryengine.agents.list

discoveryengine.alertPolicies.get

discoveryengine.analytics.*

discoveryengine.analytics.acquireDashboardSession
discoveryengine.analytics.refreshDashboardSessionTokens

discoveryengine.answers.get

discoveryengine.assistAnswers.get

discoveryengine.assistants.get

discoveryengine.assistants.list

discoveryengine.branches.*

discoveryengine.branches.get
discoveryengine.branches.list

discoveryengine.cmekConfigs.get

discoveryengine.cmekConfigs.list

discoveryengine.collections.get

discoveryengine.collections.list

discoveryengine.completionConfigs.completeQuery

discoveryengine.completionConfigs.get

discoveryengine.connectorRuns.list

discoveryengine.controls.get

discoveryengine.controls.list

discoveryengine.conversations.converse

discoveryengine.conversations.get

discoveryengine.conversations.list

discoveryengine.dataConnectors.buildActionInvocation

discoveryengine.dataConnectors.checkRefreshToken

discoveryengine.dataConnectors.get

discoveryengine.dataConnectors.queryAvailableActions

discoveryengine.dataStores.completeQuery

discoveryengine.dataStores.get

discoveryengine.dataStores.list

discoveryengine.dataStores.listCustomModels

discoveryengine.documentProcessingConfigs.get

discoveryengine.documents.batchGetDocumentsMetadata

discoveryengine.documents.get

discoveryengine.documents.list

discoveryengine.engines.get

discoveryengine.engines.list

discoveryengine.evaluations.get

discoveryengine.evaluations.list

discoveryengine.groundingConfigs.check

discoveryengine.identityMappingStores.get

discoveryengine.identityMappingStores.list

discoveryengine.identityMappingStores.listIdentityMappings

discoveryengine.models.get

discoveryengine.models.list

discoveryengine.operations.*

discoveryengine.operations.get
discoveryengine.operations.list

discoveryengine.projects.get

discoveryengine.rankingConfigs.rank

discoveryengine.sampleQueries.get

discoveryengine.sampleQueries.list

discoveryengine.sampleQuerySets.get

discoveryengine.sampleQuerySets.list

discoveryengine.schemas.get

discoveryengine.schemas.list

discoveryengine.schemas.preview

discoveryengine.schemas.validate

discoveryengine.servingConfigs.answer

discoveryengine.servingConfigs.get

discoveryengine.servingConfigs.list

discoveryengine.servingConfigs.recommend

discoveryengine.servingConfigs.search

discoveryengine.sessions.downloadFile

discoveryengine.sessions.get

discoveryengine.sessions.list

discoveryengine.sessions.listSessionFileMetadata

discoveryengine.sessions.recommendQuestions

discoveryengine.siteSearchEngines.get

discoveryengine.targetSites.get

discoveryengine.targetSites.list

discoveryengine.userEvents.fetchStats

discoveryengine.userStores.get

discoveryengine.widgetConfigs.get

resourcemanager.projects.get

resourcemanager.projects.list

Discovery Engine permissions

Permission	Included in roles
`discoveryengine.accounts.create`	Owner (`roles/owner`) Editor (`roles/editor`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Cloud NotebookLM Admin (`roles/discoveryengine.notebookLmOwner`) Cloud NotebookLM User (`roles/discoveryengine.notebookLmUser`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`)
`discoveryengine.aclConfigs.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Cloud NotebookLM Admin (`roles/discoveryengine.notebookLmOwner`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.aclConfigs.update`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Cloud NotebookLM Admin (`roles/discoveryengine.notebookLmOwner`)
`discoveryengine.agents.create`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Agent Admin (`roles/discoveryengine.agentAdmin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Discovery Engine Editor (`roles/discoveryengine.editor`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`)
`discoveryengine.agents.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Agent Admin (`roles/discoveryengine.agentAdmin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Discovery Engine Editor (`roles/discoveryengine.editor`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`)
`discoveryengine.agents.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Agent Admin (`roles/discoveryengine.agentAdmin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.agents.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Agent Admin (`roles/discoveryengine.agentAdmin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.agents.update`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Agent Admin (`roles/discoveryengine.agentAdmin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Discovery Engine Editor (`roles/discoveryengine.editor`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`)
`discoveryengine.alertPolicies.create`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.alertPolicies.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.alertPolicies.update`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.analytics.acquireDashboardSession`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.analytics.refreshDashboardSessionTokens`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.answers.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.assistAnswers.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.assistants.assist`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Discovery Engine Editor (`roles/discoveryengine.editor`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`)
`discoveryengine.assistants.create`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.assistants.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.assistants.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.assistants.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.assistants.update`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.audioOverviews.create`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud NotebookLM Notebook Editor (`roles/discoveryengine.notebookEditor`) Cloud NotebookLM Admin (`roles/discoveryengine.notebookLmOwner`) Cloud NotebookLM Notebook Owner (`roles/discoveryengine.notebookOwner`)
`discoveryengine.audioOverviews.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud NotebookLM Notebook Editor (`roles/discoveryengine.notebookEditor`) Cloud NotebookLM Admin (`roles/discoveryengine.notebookLmOwner`) Cloud NotebookLM Notebook Owner (`roles/discoveryengine.notebookOwner`)
`discoveryengine.audioOverviews.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud NotebookLM Notebook Editor (`roles/discoveryengine.notebookEditor`) Cloud NotebookLM Admin (`roles/discoveryengine.notebookLmOwner`) Cloud NotebookLM Notebook Owner (`roles/discoveryengine.notebookOwner`) Cloud NotebookLM Notebook Viewer (`roles/discoveryengine.notebookViewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.audioOverviews.getIceConfig`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud NotebookLM Notebook Editor (`roles/discoveryengine.notebookEditor`) Cloud NotebookLM Admin (`roles/discoveryengine.notebookLmOwner`) Cloud NotebookLM Notebook Owner (`roles/discoveryengine.notebookOwner`) Cloud NotebookLM Notebook Viewer (`roles/discoveryengine.notebookViewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.audioOverviews.sendSdpOffer`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud NotebookLM Notebook Editor (`roles/discoveryengine.notebookEditor`) Cloud NotebookLM Admin (`roles/discoveryengine.notebookLmOwner`) Cloud NotebookLM Notebook Owner (`roles/discoveryengine.notebookOwner`) Cloud NotebookLM Notebook Viewer (`roles/discoveryengine.notebookViewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.billingAccountLicenseConfigs.distribute`	Owner (`roles/owner`) Billing Account Administrator (`roles/billing.admin`) Consumer Procurement Order Administrator (`roles/consumerprocurement.orderAdmin`) Consumer Procurement Administrator (`roles/consumerprocurement.procurementAdmin`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.billingAccountLicenseConfigs.get`	Owner (`roles/owner`) Billing Account Administrator (`roles/billing.admin`) Consumer Procurement Order Administrator (`roles/consumerprocurement.orderAdmin`) Consumer Procurement Order Viewer (`roles/consumerprocurement.orderViewer`) Consumer Procurement Administrator (`roles/consumerprocurement.procurementAdmin`) Consumer Procurement Viewer (`roles/consumerprocurement.procurementViewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.billingAccountLicenseConfigs.list`	Owner (`roles/owner`) Billing Account Administrator (`roles/billing.admin`) Consumer Procurement Order Administrator (`roles/consumerprocurement.orderAdmin`) Consumer Procurement Order Viewer (`roles/consumerprocurement.orderViewer`) Consumer Procurement Administrator (`roles/consumerprocurement.procurementAdmin`) Consumer Procurement Viewer (`roles/consumerprocurement.procurementViewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`)
`discoveryengine.billingAccountLicenseConfigs.retract`	Owner (`roles/owner`) Billing Account Administrator (`roles/billing.admin`) Consumer Procurement Order Administrator (`roles/consumerprocurement.orderAdmin`) Consumer Procurement Administrator (`roles/consumerprocurement.procurementAdmin`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.branches.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.branches.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.cmekConfigs.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.cmekConfigs.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.cmekConfigs.update`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.collections.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.collections.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.collections.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dialogflow Service Agent (`roles/dialogflow.serviceAgent`) Customer Engagement Suite Service Agent (`roles/ces.serviceAgent`)
`discoveryengine.completionConfigs.completeQuery`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`)
`discoveryengine.completionConfigs.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.completionConfigs.update`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.connectorRuns.cancel`	Owner (`roles/owner`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.connectorRuns.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.controls.create`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.controls.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.controls.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.controls.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.controls.update`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.conversations.converse`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`)
`discoveryengine.conversations.create`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Discovery Engine Editor (`roles/discoveryengine.editor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`)
`discoveryengine.conversations.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Discovery Engine Editor (`roles/discoveryengine.editor`)
`discoveryengine.conversations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.conversations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.conversations.update`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Discovery Engine Editor (`roles/discoveryengine.editor`)
`discoveryengine.dataConnectors.acquireAccessToken`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Restricted User (`roles/discoveryengine.agentspaceRestrictedUser`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Discovery Engine Editor (`roles/discoveryengine.editor`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`)
`discoveryengine.dataConnectors.acquireAndStoreRefreshToken`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Restricted User (`roles/discoveryengine.agentspaceRestrictedUser`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Discovery Engine Editor (`roles/discoveryengine.editor`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`)
`discoveryengine.dataConnectors.buildActionInvocation`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Restricted User (`roles/discoveryengine.agentspaceRestrictedUser`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.dataConnectors.checkRefreshToken`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Restricted User (`roles/discoveryengine.agentspaceRestrictedUser`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.dataConnectors.executeAction`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Restricted User (`roles/discoveryengine.agentspaceRestrictedUser`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Discovery Engine Editor (`roles/discoveryengine.editor`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`)
`discoveryengine.dataConnectors.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.dataConnectors.queryAvailableActions`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Restricted User (`roles/discoveryengine.agentspaceRestrictedUser`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.dataConnectors.startConnectorRun`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.dataConnectors.update`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.dataStores.completeQuery`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. SecLM Service Agent (`roles/seclm.serviceAgent`) Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`)
`discoveryengine.dataStores.create`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dialogflow Service Agent (`roles/dialogflow.serviceAgent`) Customer Engagement Suite Service Agent (`roles/ces.serviceAgent`)
`discoveryengine.dataStores.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.dataStores.enrollSolutions`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.dataStores.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. SecLM Service Agent (`roles/seclm.serviceAgent`) Customer Engagement Suite Service Agent (`roles/ces.serviceAgent`)
`discoveryengine.dataStores.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dialogflow Service Agent (`roles/dialogflow.serviceAgent`) SecLM Service Agent (`roles/seclm.serviceAgent`) Customer Engagement Suite Service Agent (`roles/ces.serviceAgent`)
`discoveryengine.dataStores.listCustomModels`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.dataStores.trainCustomModel`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Discovery Engine Editor (`roles/discoveryengine.editor`)
`discoveryengine.dataStores.update`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.documentProcessingConfigs.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.documentProcessingConfigs.update`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.documents.batchGetDocumentsMetadata`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.documents.create`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Discovery Engine Editor (`roles/discoveryengine.editor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dialogflow Service Agent (`roles/dialogflow.serviceAgent`) Customer Engagement Suite Service Agent (`roles/ces.serviceAgent`)
`discoveryengine.documents.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Discovery Engine Editor (`roles/discoveryengine.editor`)
`discoveryengine.documents.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dialogflow Service Agent (`roles/dialogflow.serviceAgent`) Customer Engagement Suite Service Agent (`roles/ces.serviceAgent`)
`discoveryengine.documents.import`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Discovery Engine Editor (`roles/discoveryengine.editor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dialogflow Service Agent (`roles/dialogflow.serviceAgent`) Customer Engagement Suite Service Agent (`roles/ces.serviceAgent`)
`discoveryengine.documents.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dialogflow Service Agent (`roles/dialogflow.serviceAgent`) Customer Engagement Suite Service Agent (`roles/ces.serviceAgent`)
`discoveryengine.documents.purge`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.documents.update`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Discovery Engine Editor (`roles/discoveryengine.editor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dialogflow Service Agent (`roles/dialogflow.serviceAgent`) Customer Engagement Suite Service Agent (`roles/ces.serviceAgent`)
`discoveryengine.engines.create`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dialogflow Service Agent (`roles/dialogflow.serviceAgent`) Customer Engagement Suite Service Agent (`roles/ces.serviceAgent`)
`discoveryengine.engines.createEngineUserData`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Discovery Engine Editor (`roles/discoveryengine.editor`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`)
`discoveryengine.engines.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dialogflow Service Agent (`roles/dialogflow.serviceAgent`) Customer Engagement Suite Service Agent (`roles/ces.serviceAgent`)
`discoveryengine.engines.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dialogflow Service Agent (`roles/dialogflow.serviceAgent`) Customer Engagement Suite Service Agent (`roles/ces.serviceAgent`)
`discoveryengine.engines.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.engines.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.engines.pause`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Discovery Engine Editor (`roles/discoveryengine.editor`)
`discoveryengine.engines.resume`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Discovery Engine Editor (`roles/discoveryengine.editor`)
`discoveryengine.engines.setIamPolicy`	Owner (`roles/owner`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Security Admin (`roles/iam.securityAdmin`)
`discoveryengine.engines.tune`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Discovery Engine Editor (`roles/discoveryengine.editor`)
`discoveryengine.engines.update`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dialogflow Service Agent (`roles/dialogflow.serviceAgent`) Customer Engagement Suite Service Agent (`roles/ces.serviceAgent`)
`discoveryengine.evaluations.create`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.evaluations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.evaluations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.groundingConfigs.check`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.identityMappingStores.create`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Discovery Engine Editor (`roles/discoveryengine.editor`)
`discoveryengine.identityMappingStores.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Discovery Engine Editor (`roles/discoveryengine.editor`)
`discoveryengine.identityMappingStores.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.identityMappingStores.importIdentityMappings`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Discovery Engine Editor (`roles/discoveryengine.editor`)
`discoveryengine.identityMappingStores.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.identityMappingStores.listIdentityMappings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.identityMappingStores.purgeIdentityMappings`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Discovery Engine Editor (`roles/discoveryengine.editor`)
`discoveryengine.licenseConfigs.create`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.licenseConfigs.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Discovery Engine Editor (`roles/discoveryengine.editor`) Support User (`roles/iam.supportUser`)
`discoveryengine.licenseConfigs.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Discovery Engine Editor (`roles/discoveryengine.editor`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.licenseConfigs.update`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.locations.estimateDataSize`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Support User (`roles/iam.supportUser`)
`discoveryengine.locations.exchangeAuthCredentials`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Support User (`roles/iam.supportUser`)
`discoveryengine.locations.getConnectorSource`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Support User (`roles/iam.supportUser`)
`discoveryengine.locations.listConnectorSources`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Support User (`roles/iam.supportUser`)
`discoveryengine.locations.setUpDataConnector`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.models.create`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Discovery Engine Editor (`roles/discoveryengine.editor`)
`discoveryengine.models.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Discovery Engine Editor (`roles/discoveryengine.editor`)
`discoveryengine.models.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.models.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.models.pause`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Discovery Engine Editor (`roles/discoveryengine.editor`)
`discoveryengine.models.resume`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Discovery Engine Editor (`roles/discoveryengine.editor`)
`discoveryengine.models.tune`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Discovery Engine Editor (`roles/discoveryengine.editor`)
`discoveryengine.models.update`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Discovery Engine Editor (`roles/discoveryengine.editor`)
`discoveryengine.notebooks.create`	Owner (`roles/owner`) Editor (`roles/editor`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Cloud NotebookLM Admin (`roles/discoveryengine.notebookLmOwner`) Cloud NotebookLM User (`roles/discoveryengine.notebookLmUser`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`)
`discoveryengine.notebooks.generateGuide`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud NotebookLM Notebook Editor (`roles/discoveryengine.notebookEditor`) Cloud NotebookLM Admin (`roles/discoveryengine.notebookLmOwner`) Cloud NotebookLM Notebook Owner (`roles/discoveryengine.notebookOwner`) Cloud NotebookLM Notebook Viewer (`roles/discoveryengine.notebookViewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.notebooks.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud NotebookLM Notebook Editor (`roles/discoveryengine.notebookEditor`) Cloud NotebookLM Admin (`roles/discoveryengine.notebookLmOwner`) Cloud NotebookLM Notebook Owner (`roles/discoveryengine.notebookOwner`) Cloud NotebookLM Notebook Viewer (`roles/discoveryengine.notebookViewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.notebooks.getAnalytics`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud NotebookLM Admin (`roles/discoveryengine.notebookLmOwner`) Cloud NotebookLM Notebook Owner (`roles/discoveryengine.notebookOwner`) Support User (`roles/iam.supportUser`)
`discoveryengine.notebooks.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud NotebookLM Notebook Editor (`roles/discoveryengine.notebookEditor`) Cloud NotebookLM Admin (`roles/discoveryengine.notebookLmOwner`) Cloud NotebookLM Notebook Owner (`roles/discoveryengine.notebookOwner`) Cloud NotebookLM Notebook Viewer (`roles/discoveryengine.notebookViewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.notebooks.interactSources`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud NotebookLM Notebook Editor (`roles/discoveryengine.notebookEditor`) Cloud NotebookLM Admin (`roles/discoveryengine.notebookLmOwner`) Cloud NotebookLM Notebook Owner (`roles/discoveryengine.notebookOwner`) Cloud NotebookLM Notebook Viewer (`roles/discoveryengine.notebookViewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.notebooks.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Cloud NotebookLM Notebook Editor (`roles/discoveryengine.notebookEditor`) Cloud NotebookLM Admin (`roles/discoveryengine.notebookLmOwner`) Cloud NotebookLM User (`roles/discoveryengine.notebookLmUser`) Cloud NotebookLM Notebook Owner (`roles/discoveryengine.notebookOwner`) Cloud NotebookLM Notebook Viewer (`roles/discoveryengine.notebookViewer`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.notebooks.removeSelf`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud NotebookLM Notebook Editor (`roles/discoveryengine.notebookEditor`) Cloud NotebookLM Admin (`roles/discoveryengine.notebookLmOwner`) Cloud NotebookLM Notebook Owner (`roles/discoveryengine.notebookOwner`) Cloud NotebookLM Notebook Viewer (`roles/discoveryengine.notebookViewer`)
`discoveryengine.notebooks.setIamPolicy`	Owner (`roles/owner`) Cloud NotebookLM Admin (`roles/discoveryengine.notebookLmOwner`) Cloud NotebookLM Notebook Owner (`roles/discoveryengine.notebookOwner`) Security Admin (`roles/iam.securityAdmin`)
`discoveryengine.notebooks.update`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud NotebookLM Notebook Editor (`roles/discoveryengine.notebookEditor`) Cloud NotebookLM Admin (`roles/discoveryengine.notebookLmOwner`) Cloud NotebookLM Notebook Owner (`roles/discoveryengine.notebookOwner`)
`discoveryengine.notes.create`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud NotebookLM Notebook Editor (`roles/discoveryengine.notebookEditor`) Cloud NotebookLM Admin (`roles/discoveryengine.notebookLmOwner`) Cloud NotebookLM Notebook Owner (`roles/discoveryengine.notebookOwner`)
`discoveryengine.notes.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud NotebookLM Notebook Editor (`roles/discoveryengine.notebookEditor`) Cloud NotebookLM Admin (`roles/discoveryengine.notebookLmOwner`) Cloud NotebookLM Notebook Owner (`roles/discoveryengine.notebookOwner`)
`discoveryengine.notes.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud NotebookLM Notebook Editor (`roles/discoveryengine.notebookEditor`) Cloud NotebookLM Admin (`roles/discoveryengine.notebookLmOwner`) Cloud NotebookLM Notebook Owner (`roles/discoveryengine.notebookOwner`) Cloud NotebookLM Notebook Viewer (`roles/discoveryengine.notebookViewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.notes.update`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud NotebookLM Notebook Editor (`roles/discoveryengine.notebookEditor`) Cloud NotebookLM Admin (`roles/discoveryengine.notebookLmOwner`) Cloud NotebookLM Notebook Owner (`roles/discoveryengine.notebookOwner`)
`discoveryengine.operations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.operations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.podcasts.create`	Owner (`roles/owner`) Editor (`roles/editor`) Podcast API User (`roles/discoveryengine.podcastApiUser`)
`discoveryengine.projects.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.projects.provision`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.projects.reportConsentChange`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.rankingConfigs.rank`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.sampleQueries.create`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Discovery Engine Editor (`roles/discoveryengine.editor`)
`discoveryengine.sampleQueries.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Discovery Engine Editor (`roles/discoveryengine.editor`)
`discoveryengine.sampleQueries.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.sampleQueries.import`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Discovery Engine Editor (`roles/discoveryengine.editor`)
`discoveryengine.sampleQueries.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.sampleQueries.update`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Discovery Engine Editor (`roles/discoveryengine.editor`)
`discoveryengine.sampleQuerySets.create`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Discovery Engine Editor (`roles/discoveryengine.editor`)
`discoveryengine.sampleQuerySets.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Discovery Engine Editor (`roles/discoveryengine.editor`)
`discoveryengine.sampleQuerySets.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.sampleQuerySets.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.sampleQuerySets.update`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Discovery Engine Editor (`roles/discoveryengine.editor`)
`discoveryengine.schemas.create`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.schemas.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.schemas.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dialogflow Service Agent (`roles/dialogflow.serviceAgent`) Customer Engagement Suite Service Agent (`roles/ces.serviceAgent`)
`discoveryengine.schemas.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dialogflow Service Agent (`roles/dialogflow.serviceAgent`) Customer Engagement Suite Service Agent (`roles/ces.serviceAgent`)
`discoveryengine.schemas.preview`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.schemas.update`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.schemas.validate`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.servingConfigs.answer`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`)
`discoveryengine.servingConfigs.create`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.servingConfigs.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.servingConfigs.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.servingConfigs.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.servingConfigs.recommend`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.servingConfigs.search`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Customer Engagement Suite Service Agent (`roles/ces.serviceAgent`) Dialogflow Service Agent (`roles/dialogflow.serviceAgent`) Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`) SecLM Service Agent (`roles/seclm.serviceAgent`) Vertex AI Extension Service Agent (`roles/aiplatform.extensionServiceAgent`)
`discoveryengine.servingConfigs.update`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.sessions.addContextFile`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Discovery Engine Editor (`roles/discoveryengine.editor`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`)
`discoveryengine.sessions.create`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Discovery Engine Editor (`roles/discoveryengine.editor`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`)
`discoveryengine.sessions.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Discovery Engine Editor (`roles/discoveryengine.editor`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`)
`discoveryengine.sessions.downloadFile`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.sessions.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.sessions.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.sessions.listSessionFileMetadata`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.sessions.recommendQuestions`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.sessions.removeContextFile`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Discovery Engine Editor (`roles/discoveryengine.editor`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`)
`discoveryengine.sessions.search`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Discovery Engine Editor (`roles/discoveryengine.editor`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`) Support User (`roles/iam.supportUser`)
`discoveryengine.sessions.selectContextFiles`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Discovery Engine Editor (`roles/discoveryengine.editor`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`)
`discoveryengine.sessions.update`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Discovery Engine Editor (`roles/discoveryengine.editor`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`)
`discoveryengine.sessions.uploadFile`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Discovery Engine Editor (`roles/discoveryengine.editor`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`)
`discoveryengine.siteSearchEngines.batchVerifyTargetSites`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.siteSearchEngines.disableAdvancedSiteSearch`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.siteSearchEngines.enableAdvancedSiteSearch`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.siteSearchEngines.fetchDomainVerificationStatus`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Support User (`roles/iam.supportUser`)
`discoveryengine.siteSearchEngines.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.siteSearchEngines.recrawlUris`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.sitemaps.create`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.sitemaps.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.sitemaps.fetch`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Support User (`roles/iam.supportUser`)
`discoveryengine.sources.checkFreshness`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud NotebookLM Notebook Editor (`roles/discoveryengine.notebookEditor`) Cloud NotebookLM Admin (`roles/discoveryengine.notebookLmOwner`) Cloud NotebookLM Notebook Owner (`roles/discoveryengine.notebookOwner`) Cloud NotebookLM Notebook Viewer (`roles/discoveryengine.notebookViewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.sources.create`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud NotebookLM Notebook Editor (`roles/discoveryengine.notebookEditor`) Cloud NotebookLM Admin (`roles/discoveryengine.notebookLmOwner`) Cloud NotebookLM Notebook Owner (`roles/discoveryengine.notebookOwner`)
`discoveryengine.sources.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud NotebookLM Notebook Editor (`roles/discoveryengine.notebookEditor`) Cloud NotebookLM Admin (`roles/discoveryengine.notebookLmOwner`) Cloud NotebookLM Notebook Owner (`roles/discoveryengine.notebookOwner`)
`discoveryengine.sources.generateDocumentGuide`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud NotebookLM Notebook Editor (`roles/discoveryengine.notebookEditor`) Cloud NotebookLM Admin (`roles/discoveryengine.notebookLmOwner`) Cloud NotebookLM Notebook Owner (`roles/discoveryengine.notebookOwner`) Cloud NotebookLM Notebook Viewer (`roles/discoveryengine.notebookViewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.sources.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud NotebookLM Notebook Editor (`roles/discoveryengine.notebookEditor`) Cloud NotebookLM Admin (`roles/discoveryengine.notebookLmOwner`) Cloud NotebookLM Notebook Owner (`roles/discoveryengine.notebookOwner`) Cloud NotebookLM Notebook Viewer (`roles/discoveryengine.notebookViewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.sources.refresh`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud NotebookLM Notebook Editor (`roles/discoveryengine.notebookEditor`) Cloud NotebookLM Admin (`roles/discoveryengine.notebookLmOwner`) Cloud NotebookLM Notebook Owner (`roles/discoveryengine.notebookOwner`)
`discoveryengine.sources.update`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud NotebookLM Notebook Editor (`roles/discoveryengine.notebookEditor`) Cloud NotebookLM Admin (`roles/discoveryengine.notebookLmOwner`) Cloud NotebookLM Notebook Owner (`roles/discoveryengine.notebookOwner`)
`discoveryengine.suggestionDenyListEntries.import`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.suggestionDenyListEntries.purge`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.targetSites.batchCreate`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.targetSites.create`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.targetSites.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.targetSites.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.targetSites.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.targetSites.update`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.userEvents.create`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Restricted User (`roles/discoveryengine.agentspaceRestrictedUser`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Discovery Engine Editor (`roles/discoveryengine.editor`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Discovery Engine Service Agent (`roles/discoveryengine.serviceAgent`)
`discoveryengine.userEvents.fetchStats`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.userEvents.import`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Discovery Engine Editor (`roles/discoveryengine.editor`)
`discoveryengine.userEvents.purge`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.userStores.batchUpdateUserLicenses`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.userStores.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.userStores.listUserLicenses`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Support User (`roles/iam.supportUser`)
`discoveryengine.userStores.update`	Owner (`roles/owner`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`)
`discoveryengine.users.get`	Owner (`roles/owner`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Restricted User (`roles/discoveryengine.agentspaceRestrictedUser`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`)
`discoveryengine.users.update`	Owner (`roles/owner`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Restricted User (`roles/discoveryengine.agentspaceRestrictedUser`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`)
`discoveryengine.widgetConfigs.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Gemini Enterprise User (`roles/discoveryengine.agentspaceUser`) Gemini Enterprise Viewer (`roles/discoveryengine.agentspaceViewer`) Discovery Engine Editor (`roles/discoveryengine.editor`) Podcast API User (`roles/discoveryengine.podcastApiUser`) Discovery Engine User (`roles/discoveryengine.user`) Discovery Engine Viewer (`roles/discoveryengine.viewer`) Support User (`roles/iam.supportUser`)
`discoveryengine.widgetConfigs.update`	Owner (`roles/owner`) Editor (`roles/editor`) Discovery Engine Admin (`roles/discoveryengine.admin`) Gemini Enterprise Admin (`roles/discoveryengine.agentspaceAdmin`) Gemini Enterprise Editor (`roles/discoveryengine.agentspaceEditor`) Discovery Engine Editor (`roles/discoveryengine.editor`)

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-12-16 UTC.

Movatterモバイル変換

Discovery Engine roles and permissions Stay organized with collections Save and categorize content based on your preferences.