Vector Search roles and permissions

This page lists the IAM roles and permissions for Vector Search. Tosearch through all roles and permissions, see therole andpermission index.

Vector Search roles

Role Permissions

Role	Permissions
Vector Search Admin (`roles/vectorsearch.admin`) Grants full access to all vectorsearch resources.	`resourcemanager.projects.get` `resourcemanager.projects.list` `vectorsearch.*` `vectorsearch.collections.create` `vectorsearch.collections.delete` `vectorsearch.collections.get` `vectorsearch.collections.list` `vectorsearch.collections.update` `vectorsearch.dataObjects.create` `vectorsearch.dataObjects.delete` `vectorsearch.dataObjects.get` `vectorsearch.dataObjects.import` `vectorsearch.dataObjects.query` `vectorsearch.dataObjects.search` `vectorsearch.dataObjects.update` `vectorsearch.indexes.create` `vectorsearch.indexes.delete` `vectorsearch.indexes.get` `vectorsearch.indexes.list` `vectorsearch.locations.get` `vectorsearch.locations.list` `vectorsearch.operations.cancel` `vectorsearch.operations.delete` `vectorsearch.operations.get` `vectorsearch.operations.list`
Vector Search Collection Writer (`roles/vectorsearch.collectionWriter`) Grants read-write access to Collections.	`resourcemanager.projects.get` `resourcemanager.projects.list` `vectorsearch.collections.` `vectorsearch.collections.create` `vectorsearch.collections.delete` `vectorsearch.collections.get` `vectorsearch.collections.list` `vectorsearch.collections.update` `vectorsearch.locations.` `vectorsearch.locations.get` `vectorsearch.locations.list` `vectorsearch.operations.*` `vectorsearch.operations.cancel` `vectorsearch.operations.delete` `vectorsearch.operations.get` `vectorsearch.operations.list`
Vector Search DataObject Writer (`roles/vectorsearch.dataObjectWriter`) Grants read-write access to DataObjects and read access to parent Collections.	`resourcemanager.projects.get` `resourcemanager.projects.list` `vectorsearch.collections.get` `vectorsearch.collections.list` `vectorsearch.dataObjects.` `vectorsearch.dataObjects.create` `vectorsearch.dataObjects.delete` `vectorsearch.dataObjects.get` `vectorsearch.dataObjects.import` `vectorsearch.dataObjects.query` `vectorsearch.dataObjects.search` `vectorsearch.dataObjects.update` `vectorsearch.locations.` `vectorsearch.locations.get` `vectorsearch.locations.list`
Vector Search Index Writer (`roles/vectorsearch.indexWriter`) Grants read-write access to Indexes and read access to parent Collections.	`resourcemanager.projects.get` `resourcemanager.projects.list` `vectorsearch.collections.get` `vectorsearch.collections.list` `vectorsearch.indexes.` `vectorsearch.indexes.create` `vectorsearch.indexes.delete` `vectorsearch.indexes.get` `vectorsearch.indexes.list` `vectorsearch.locations.` `vectorsearch.locations.get` `vectorsearch.locations.list` `vectorsearch.operations.*` `vectorsearch.operations.cancel` `vectorsearch.operations.delete` `vectorsearch.operations.get` `vectorsearch.operations.list`
Vector Search Service Agent (`roles/vectorsearch.serviceAgent`) Gives Vector Search access to read Cloud Storage buckets and read/create objects. Warning: Do not grant service agent roles to any principals except service agents.	`aiplatform.endpoints.predict` `storage.buckets.get` `storage.objects.create` `storage.objects.get` `storage.objects.list`
Vector Search Viewer (`roles/vectorsearch.viewer`) Grants read access to all vectorsearch resources.	`resourcemanager.projects.get` `resourcemanager.projects.list` `vectorsearch.collections.get` `vectorsearch.collections.list` `vectorsearch.dataObjects.get` `vectorsearch.dataObjects.query` `vectorsearch.dataObjects.search` `vectorsearch.indexes.get` `vectorsearch.indexes.list` `vectorsearch.locations.*` `vectorsearch.locations.get` `vectorsearch.locations.list` `vectorsearch.operations.get` `vectorsearch.operations.list`

Vector Search Admin

(roles/vectorsearch.admin)

Grants full access to all vectorsearch resources.

resourcemanager.projects.get

resourcemanager.projects.list

vectorsearch.*

vectorsearch.collections.create
vectorsearch.collections.delete
vectorsearch.collections.get
vectorsearch.collections.list
vectorsearch.collections.update
vectorsearch.dataObjects.create
vectorsearch.dataObjects.delete
vectorsearch.dataObjects.get
vectorsearch.dataObjects.import
vectorsearch.dataObjects.query
vectorsearch.dataObjects.search
vectorsearch.dataObjects.update
vectorsearch.indexes.create
vectorsearch.indexes.delete
vectorsearch.indexes.get
vectorsearch.indexes.list
vectorsearch.locations.get
vectorsearch.locations.list
vectorsearch.operations.cancel
vectorsearch.operations.delete
vectorsearch.operations.get
vectorsearch.operations.list

Vector Search Collection Writer

(roles/vectorsearch.collectionWriter)

Grants read-write access to Collections.

resourcemanager.projects.get

resourcemanager.projects.list

vectorsearch.collections.*

vectorsearch.collections.create
vectorsearch.collections.delete
vectorsearch.collections.get
vectorsearch.collections.list
vectorsearch.collections.update

vectorsearch.locations.*

vectorsearch.locations.get
vectorsearch.locations.list

vectorsearch.operations.*

vectorsearch.operations.cancel
vectorsearch.operations.delete
vectorsearch.operations.get
vectorsearch.operations.list

Vector Search DataObject Writer

(roles/vectorsearch.dataObjectWriter)

Grants read-write access to DataObjects and read access to parent Collections.

resourcemanager.projects.get

resourcemanager.projects.list

vectorsearch.collections.get

vectorsearch.collections.list

vectorsearch.dataObjects.*

vectorsearch.dataObjects.create
vectorsearch.dataObjects.delete
vectorsearch.dataObjects.get
vectorsearch.dataObjects.import
vectorsearch.dataObjects.query
vectorsearch.dataObjects.search
vectorsearch.dataObjects.update

vectorsearch.locations.*

vectorsearch.locations.get
vectorsearch.locations.list

Vector Search Index Writer

(roles/vectorsearch.indexWriter)

Grants read-write access to Indexes and read access to parent Collections.

resourcemanager.projects.get

resourcemanager.projects.list

vectorsearch.collections.get

vectorsearch.collections.list

vectorsearch.indexes.*

vectorsearch.indexes.create
vectorsearch.indexes.delete
vectorsearch.indexes.get
vectorsearch.indexes.list

vectorsearch.locations.*

vectorsearch.locations.get
vectorsearch.locations.list

vectorsearch.operations.*

vectorsearch.operations.cancel
vectorsearch.operations.delete
vectorsearch.operations.get
vectorsearch.operations.list

Vector Search Service Agent

(roles/vectorsearch.serviceAgent)

Gives Vector Search access to read Cloud Storage buckets and read/create objects.

Warning: Do not grant service agent roles to any principals except service agents.

aiplatform.endpoints.predict

storage.buckets.get

storage.objects.create

storage.objects.get

storage.objects.list

Vector Search Viewer

(roles/vectorsearch.viewer)

Grants read access to all vectorsearch resources.

resourcemanager.projects.get

resourcemanager.projects.list

vectorsearch.collections.get

vectorsearch.collections.list

vectorsearch.dataObjects.get

vectorsearch.dataObjects.query

vectorsearch.dataObjects.search

vectorsearch.indexes.get

vectorsearch.indexes.list

vectorsearch.locations.*

vectorsearch.locations.get
vectorsearch.locations.list

vectorsearch.operations.get

vectorsearch.operations.list

Vector Search permissions

Permission	Included in roles
`vectorsearch.collections.create`	Owner (`roles/owner`) Editor (`roles/editor`) Vector Search Admin (`roles/vectorsearch.admin`) Vector Search Collection Writer (`roles/vectorsearch.collectionWriter`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI RAG Data Service Agent (`roles/aiplatform.ragServiceAgent`)
`vectorsearch.collections.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Vector Search Admin (`roles/vectorsearch.admin`) Vector Search Collection Writer (`roles/vectorsearch.collectionWriter`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI RAG Data Service Agent (`roles/aiplatform.ragServiceAgent`)
`vectorsearch.collections.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Support User (`roles/iam.supportUser`) Vector Search Admin (`roles/vectorsearch.admin`) Vector Search Collection Writer (`roles/vectorsearch.collectionWriter`) Vector Search DataObject Writer (`roles/vectorsearch.dataObjectWriter`) Vector Search Index Writer (`roles/vectorsearch.indexWriter`) Vector Search Viewer (`roles/vectorsearch.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI RAG Data Service Agent (`roles/aiplatform.ragServiceAgent`)
`vectorsearch.collections.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Vector Search Admin (`roles/vectorsearch.admin`) Vector Search Collection Writer (`roles/vectorsearch.collectionWriter`) Vector Search DataObject Writer (`roles/vectorsearch.dataObjectWriter`) Vector Search Index Writer (`roles/vectorsearch.indexWriter`) Vector Search Viewer (`roles/vectorsearch.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI RAG Data Service Agent (`roles/aiplatform.ragServiceAgent`)
`vectorsearch.collections.update`	Owner (`roles/owner`) Editor (`roles/editor`) Vector Search Admin (`roles/vectorsearch.admin`) Vector Search Collection Writer (`roles/vectorsearch.collectionWriter`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI RAG Data Service Agent (`roles/aiplatform.ragServiceAgent`)
`vectorsearch.dataObjects.create`	Owner (`roles/owner`) Editor (`roles/editor`) Vector Search Admin (`roles/vectorsearch.admin`) Vector Search DataObject Writer (`roles/vectorsearch.dataObjectWriter`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI RAG Data Service Agent (`roles/aiplatform.ragServiceAgent`)
`vectorsearch.dataObjects.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Vector Search Admin (`roles/vectorsearch.admin`) Vector Search DataObject Writer (`roles/vectorsearch.dataObjectWriter`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI RAG Data Service Agent (`roles/aiplatform.ragServiceAgent`)
`vectorsearch.dataObjects.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Support User (`roles/iam.supportUser`) Vector Search Admin (`roles/vectorsearch.admin`) Vector Search DataObject Writer (`roles/vectorsearch.dataObjectWriter`) Vector Search Viewer (`roles/vectorsearch.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI RAG Data Service Agent (`roles/aiplatform.ragServiceAgent`)
`vectorsearch.dataObjects.import`	Owner (`roles/owner`) Editor (`roles/editor`) Vector Search Admin (`roles/vectorsearch.admin`) Vector Search DataObject Writer (`roles/vectorsearch.dataObjectWriter`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI RAG Data Service Agent (`roles/aiplatform.ragServiceAgent`)
`vectorsearch.dataObjects.query`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Support User (`roles/iam.supportUser`) Vector Search Admin (`roles/vectorsearch.admin`) Vector Search DataObject Writer (`roles/vectorsearch.dataObjectWriter`) Vector Search Viewer (`roles/vectorsearch.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI RAG Data Service Agent (`roles/aiplatform.ragServiceAgent`)
`vectorsearch.dataObjects.search`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Support User (`roles/iam.supportUser`) Vector Search Admin (`roles/vectorsearch.admin`) Vector Search DataObject Writer (`roles/vectorsearch.dataObjectWriter`) Vector Search Viewer (`roles/vectorsearch.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI RAG Data Service Agent (`roles/aiplatform.ragServiceAgent`)
`vectorsearch.dataObjects.update`	Owner (`roles/owner`) Editor (`roles/editor`) Vector Search Admin (`roles/vectorsearch.admin`) Vector Search DataObject Writer (`roles/vectorsearch.dataObjectWriter`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI RAG Data Service Agent (`roles/aiplatform.ragServiceAgent`)
`vectorsearch.indexes.create`	Owner (`roles/owner`) Editor (`roles/editor`) Vector Search Admin (`roles/vectorsearch.admin`) Vector Search Index Writer (`roles/vectorsearch.indexWriter`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI RAG Data Service Agent (`roles/aiplatform.ragServiceAgent`)
`vectorsearch.indexes.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Vector Search Admin (`roles/vectorsearch.admin`) Vector Search Index Writer (`roles/vectorsearch.indexWriter`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI RAG Data Service Agent (`roles/aiplatform.ragServiceAgent`)
`vectorsearch.indexes.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Support User (`roles/iam.supportUser`) Vector Search Admin (`roles/vectorsearch.admin`) Vector Search Index Writer (`roles/vectorsearch.indexWriter`) Vector Search Viewer (`roles/vectorsearch.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI RAG Data Service Agent (`roles/aiplatform.ragServiceAgent`)
`vectorsearch.indexes.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Vector Search Admin (`roles/vectorsearch.admin`) Vector Search Index Writer (`roles/vectorsearch.indexWriter`) Vector Search Viewer (`roles/vectorsearch.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI RAG Data Service Agent (`roles/aiplatform.ragServiceAgent`)
`vectorsearch.locations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Support User (`roles/iam.supportUser`) Vector Search Admin (`roles/vectorsearch.admin`) Vector Search Collection Writer (`roles/vectorsearch.collectionWriter`) Vector Search DataObject Writer (`roles/vectorsearch.dataObjectWriter`) Vector Search Index Writer (`roles/vectorsearch.indexWriter`) Vector Search Viewer (`roles/vectorsearch.viewer`)
`vectorsearch.locations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Vector Search Admin (`roles/vectorsearch.admin`) Vector Search Collection Writer (`roles/vectorsearch.collectionWriter`) Vector Search DataObject Writer (`roles/vectorsearch.dataObjectWriter`) Vector Search Index Writer (`roles/vectorsearch.indexWriter`) Vector Search Viewer (`roles/vectorsearch.viewer`)
`vectorsearch.operations.cancel`	Owner (`roles/owner`) Editor (`roles/editor`) Vector Search Admin (`roles/vectorsearch.admin`) Vector Search Collection Writer (`roles/vectorsearch.collectionWriter`) Vector Search Index Writer (`roles/vectorsearch.indexWriter`)
`vectorsearch.operations.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Vector Search Admin (`roles/vectorsearch.admin`) Vector Search Collection Writer (`roles/vectorsearch.collectionWriter`) Vector Search Index Writer (`roles/vectorsearch.indexWriter`)
`vectorsearch.operations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Support User (`roles/iam.supportUser`) Vector Search Admin (`roles/vectorsearch.admin`) Vector Search Collection Writer (`roles/vectorsearch.collectionWriter`) Vector Search Index Writer (`roles/vectorsearch.indexWriter`) Vector Search Viewer (`roles/vectorsearch.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI RAG Data Service Agent (`roles/aiplatform.ragServiceAgent`)
`vectorsearch.operations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Vector Search Admin (`roles/vectorsearch.admin`) Vector Search Collection Writer (`roles/vectorsearch.collectionWriter`) Vector Search Index Writer (`roles/vectorsearch.indexWriter`) Vector Search Viewer (`roles/vectorsearch.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Vertex AI RAG Data Service Agent (`roles/aiplatform.ragServiceAgent`)

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-12-16 UTC.

Movatterモバイル変換

Vector Search roles and permissions