Gemini API roles and permissions

This page lists the IAM roles and permissions for Gemini API. Tosearch through all roles and permissions, see therole andpermission index.

Gemini API roles

Role Permissions

Role	Permissions
Generative Language Service Agent (`roles/generativelanguage.serviceAgent`) Grants Generative Language Service Agent permissions required to read data from GCS buckets. Warning: Do not grant service agent roles to any principals except service agents.	`storage.buckets.get` `storage.objects.get`

(roles/generativelanguage.serviceAgent)

Grants Generative Language Service Agent permissions required to read data from GCS buckets.

Warning: Do not grant service agent roles to any principals except service agents.

storage.buckets.get

storage.objects.get

There are no IAM permissions for this service.

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-12-15 UTC.