SH
SHELL
AI Powered Learning Portal
Access Management: IAM and Least Privilege

Access Management: IAM and Least Privilege

Secure your AI infrastructure. Learn to use Google Cloud IAM (Identity and Access Management) to restrict who can call models or view tuning data.

Access Management

Who has the keys to the castle?

Service Accounts

For production code (running on a server), DO NOT use your personal @gmail API Key.

  1. Create a Service Account in GCP.
  2. Grant it the role: Vertex AI User or Generative AI User.
  3. Have your server authenticate as this account.

API Key Restrictions

If you MUST use an API Key (e.g., mobile app):

  1. Application Restriction: Limit to your Android Package Name or iOS Bundle ID.
  2. API Restriction: Limit to only the Gemini API.

Least Privilege

Don't give the "Editor" role to everyone.

  • Developers: Need access to Create Prompt and Run Tuning.
  • Production App: Needs access to Predict (Generate Content) ONLY. It should not be allowed to delete models or create new ones.

Summary

Treat AI access like Database access. Lock it down.

In the next lesson, we discuss Model Output Governance.

Previous LessonData Privacy Considerations: Your Data, Your Rules
Next LessonModel Output Governance: Watermarking and Copyright

Subscribe to our newsletter

Get the latest posts delivered right to your inbox.

Subscribe on LinkedIn