Change theme
Help
Press space for more information.
Show links for this issue (Shortcut: i, l)
Copy issue ID
Previous Issue (Shortcut: k)
Next Issue (Shortcut: j)
Sign in to use full features.
Vote: I am impacted
Notification menu
Refresh (Shortcut: Shift+r)
Go home (Shortcut: u)
Use Markdown for this comment
Set severity, which reflects how much the issue affects the use of the product
Assign issue to yourself
Pending code changes (auto-populated)
[ID: 82937]
Primary programming language affected, if applicable [ID: 82936]
[ID: 82935]
[ID: 82940]
[ID: 82941]
Set the version(s) of the product affected by this issue (comma-separated list)
Set the version(s) of the product in which the issue should be fixed (comma-separated list)
Set the version(s) of the product in which the issue fix was verified (comma-separated list)
Set if this issue occurs in production
Set Reporter
Set Type
Set priority, which reflects how soon the issue should be fixed
Set Status
Set Assignee
Set Verifier
Remove item
View or edit staffing
View issue level access limits(Press Alt + Right arrow for more information)
Description
Please describe your requested enhancement. Good feature requests will solve common problems or enable new use cases.
What you would like to accomplish:
- It seems that after enabling the AI Platform Notebooks API the permissions required to interact with the Notebooks instances changed and the predefined roles for Notebooks [1] doesn't seem to be functional because of the following:
- The Compute Viewer role is necessary in order to interact with the AI Platform notebooks.
- The Notebooks Admin role seems to be the only role with enough permissions to start and stop the AI Notebooks instances, but this role also provide additional permissions that one may not want to grant to users interacting with the instances.
How this might work:
- Create other roles with more tailored permissions, like starting and stopping instances but not created new ones.
If applicable, reasons why alternative solutions are not sufficient:
- An alternative is using custom roles but this require an effort on the customer's side to figure out the adequate permissions.
Other information (workarounds you have tried, documentation consulted, etc):
[1]