Google Vertex AI in Practice

Vertex AI IAM Roles for Claude: What Each Role Grants

Four or five IAM roles cover the entire lifecycle of Claude on Vertex — from the admin who enables the model to the CI job that smoke-tests it. Here is who needs what, and why.

Claude 3P 101 · Updated July 2026 · Unofficial guide

Google Cloud IAM works by binding roles (bundles of permissions) to principals (users, groups, service accounts, or whole domains) on a project. For Claude on Vertex AI, the good news is that the permission surface is small — but the roles involved come from three different Google services (Vertex AI, procurement, and service usage), which is where teams get confused. This reference maps each role to the job function that actually needs it.

The roles Google documents for Claude

RoleWhat it grantsWho needs it
roles/aiplatform.user
(Vertex AI User)
Includes aiplatform.endpoints.predict — the permission required to make prompt requests to partner modelsDevelopers, CI pipelines, and production service accounts that call Claude
roles/consumerprocurement.entitlementManager
(Consumer Procurement Entitlement Manager)
Enabling partner models in Model Garden — the terms-acceptance stepA platform admin, once per model per project; not runtime identities
roles/serviceusage.serviceUsageAdmin
(Service Usage Admin)
Contains serviceusage.services.enable, needed to switch on the Vertex AI API itselfWhoever bootstraps the project
roles/logging.viewer
(Logs Viewer)
Read Admin Activity, Policy Denied, and System Event audit logsOps and security staff doing routine review
roles/logging.privateLogViewer
(Private Logs Viewer)
Additionally read Data Access audit logs — where Claude prediction calls are recordedCompliance reviewers and incident responders

Bindings are granted the same way regardless of role, and the principal can be a person, a group, a service account, or a domain:

gcloud projects add-iam-policy-binding PROJECT_ID \
  --member=group:claude-devs@example.com \
  --role=roles/aiplatform.user

Read-only and custom roles

Google also ships narrower Vertex AI roles, such as a viewer-level role for people who need console visibility (model cards, quota pages, dashboards) without the ability to send prompts. If someone's job is to observe — a FinOps analyst checking usage, an auditor confirming which models are enabled — prefer a viewer-level role over aiplatform.user; check the current Vertex AI access-control documentation for the exact permission list, since predefined role contents evolve.

For the tightest possible production identity, you can define a custom role containing little more than aiplatform.endpoints.predict, the one permission Google documents as required for prompt requests. That removes every other capability that rides along in the predefined Vertex AI User role. The trade-off is maintenance: custom roles do not pick up new permissions automatically, so when you adopt a new Vertex feature you may need to amend the role. Many teams settle on the predefined role for developers and a custom role for internet-facing production workloads.

Mapping roles to job functions

Rule of thumb: if an identity can call Claude in production, it should not also be able to enable new models, change quotas, or read audit logs. Separating "uses the model" from "administers the platform" from "audits the usage" is the whole game.

Finally, remember that project boundaries are part of the permission model too. All of these bindings are per project, so giving a team its own project for Claude experiments — with aiplatform.user bound broadly there and tightly in production — is often simpler and safer than engineering elaborate custom roles inside a single shared project.

Where to go next

See how these roles fit the broader setup sequence in the project preflight checklist, and read IAM least privilege for the cross-platform principles.

Sources