I am setting up permissions for users to use a pre-created AI Platform VM instance in GCP AI Platform. I have created a custom role with permissions
compute.acceleratorTypes.list
compute.diskTypes.list
compute.instances.list
compute.instances.start
compute.instances.stop
compute.machineTypes.list
compute.subnetworks.list
iam.serviceAccounts.actAs
notebooks.environments.get
notebooks.environments.getIamPolicy
notebooks.environments.list
notebooks.instances.get
notebooks.instances.getIamPolicy
notebooks.instances.list
notebooks.locations.get
notebooks.locations.list
notebooks.operations.get
notebooks.operations.list
resourcemanager.projects.get
The user can start and stop the instance from the Compute Engine section of the GCP console, but not from the AI Platform section. When I try in the latter, I get the error:
sample-ai-platform-vm: Permission 'notebooks.instances.start' denied on 'projects/test-project/locations/us-east1-b/instances/sample-ai-platform-vm'
Any idea what is going on?
You need to add the following permissions:
notebooks.instances.start
notebooks.instances.stop
You can take a look at the Notebooks Admin role for reference: