Configure Gemini for Google Cloud administrator settings

This document describes how to access and use the Gemini for Google Cloud administrator settings to configure changes for all users in a project. You can manage administrator settings for a project by using the Google Cloud console or an API.

Before you begin

  • Ensure your Google Cloud project is attached to a billing account.

Configure settings for projects in a folder

When you enable Gemini Cloud Assist for all APIs in the folder, all Gemini Cloud Assist settings are off by default. You must modify settings for each project in the folder.

(Optional) Bind permissions to settings and targets

If you are configuring Gemini for Google Cloud administrator settings in the Google Cloud console, then you can skip this section.

To configure Gemini for Google Cloud administrator settings with the Gemini for Google Cloud API, you must first create settings, then create bindings to "bind" those settings and targets (such as instance, topic, or projects) for specific products (such as Gemini Cloud Assist or Gemini Code Assist).

All permissions to create and update settings are at the project level.

Configure Gemini Cloud Assist to share prompts and responses with Google

The following sections provide steps required to configure Gemini Cloud Assist to share your organization's prompts and responses with Google for product improvement. This setting instructs Google to process the prompts and responses of all Gemini Cloud Assist users in the project for purposes of product improvement, which helps Google to improve Gemini Cloud Assist.

By default, Google has no access to log or examine the prompts that your users type and send to Gemini Cloud Assist, nor the responses that are sent back. This limits the ability of Google to improve Gemini Cloud Assist by better understanding what topics are important to your organization and how good our responses are. If you enable prompt and response sharing for a project, Google stores anonymized prompts and responses submitted from the project for a maximum of 180 days. Your organization's prompts and responses are never used to train or fine tune any LLM model.

If you enable prompt and response sharing with Google, you can disable it at any time by visiting the Admin for Gemini page in the Google Cloud console.

Enable prompt and response sharing for Gemini Cloud Assist

Select one of the following options:

Console

  1. Ensure that you have the following Identity and Access Management (IAM) permissions on the project that owns the subscription:

    • dataSharingWithGoogleSettings.create
    • dataSharingWithGoogleSettings.list
    • dataSharingWithGoogleSettings.get
    • dataSharingWithGoogleSettings.update
    • settingBindings.dataSharingWithGoogleSettingsCreate
    • settingBindings.dataSharingWithGoogleSettingsGet
    • settingBindings.dataSharingWithGoogleSettingsUpdate
    • settingBindings.dataSharingWithGoogleSettingsUse

  2. In the Google Cloud console, go to the Admin for Gemini page.

    Go to Gemini for Google Cloud

    The Gemini for Google Cloud page loads.

  3. Click Settings in the left navigation menu.

    The Settings page loads.

  4. Click Turn on data sharing to share prompts and responses with Google for all Gemini Cloud Assist users in the project.

Google's use of this data is governed by the Google Cloud Agreement, including the Pre-GA Offering Terms of the Google Cloud Specific Service Terms, as supplemented by the terms for the Gemini for Google Cloud Trusted Tester Program.

API

To enable data sharing for Gemini Cloud Assist, use the CreateDataSharingWithGoogleSetting method.

  1. Ensure that you have the following Identity and Access Management (IAM) permissions on the project that owns the subscription:

    • dataSharingWithGoogleSettings.create
    • dataSharingWithGoogleSettings.list
    • dataSharingWithGoogleSettings.get
    • dataSharingWithGoogleSettings.update
    • settingBindings.dataSharingWithGoogleSettingsCreate
    • settingBindings.dataSharingWithGoogleSettingsGet
    • settingBindings.dataSharingWithGoogleSettingsUpdate
    • settingBindings.dataSharingWithGoogleSettingsUse

  2. Create the setting and a setting-specific value:

    1. Obtain the token:

      TOKEN=$(gcloud auth print-access-token)

    2. Run the following command to create the setting:

      curl -X POST \
  -H "Authorization: Bearer $TOKEN" \
  -H 'Content-Type: application/json' \
  -d '{
    "enable_customer_data_sharing": true
    }' \
  "https://cloudaicompanion.googleapis.com/v1/projects/CONTAINER_PROJECT_NAME/locations/global/dataSharingWithGoogleSettings?data_sharing_with_google_setting_id=SETTING_ID"

      Replace the following:

      • CONTAINER_PROJECT_NAME: Enter the parent project ID.
      • SETTING_ID: Enter a unique setting name, such as dswg1 for Data Sharing with Google.

      If the command succeeds, it returns a response body that shows the enablePreviewDataSharing set to true:

      {
  "name": "projects/CONTAINER_PROJECT_NAME/locations/global/dataSharingWithGoogleSettings/SETTING_ID",
  "createTime": "2025-01-23T15:22:49.717166932Z",
  "updateTime": "2025-01-23T15:22:49.717166932Z",
  "enablePreviewDataSharing": true
}

  3. Create the setting binding:

      curl -X POST \
    -H "Authorization: Bearer $TOKEN" \
    -H 'Content-Type: application/json' \
    -d '{
      "target": "projects/TARGET_PROJECT_NAME",
      "product": "GEMINI_CLOUD_ASSIST"
      }' \
    "https://cloudaicompanion.googleapis.com/v1/projects/CONTAINER_PROJECT_NAME/locations/global/dataSharingWithGoogleSettings/SETTING_ID/settingBindings?setting_binding_id=BINDING_ID"

    Replace the following:

    • TARGET_PROJECT_NAME: Enter the target project to which the setting should be applied.
    • SETTING_ID: Use the same SETTING_ID when you created the setting, but append it with b1. For example, use dswg1b1 for Data Sharing with Google.

    If the command succeeds, it returns the operation metadata in the following format:

    {
  "name": "projects/<var>CONTAINER_PROJECT_NAME</var>/locations/global/operations/operation-1737646069712-62c6140bb04bb-49261230-43701daf",
  "metadata": {
    "@type": "type.googleapis.com/google.cloud.cloudaicompanion.v1.OperationMetadata",
    "createTime": "2025-01-23T15:27:50.076075570Z",
    "target": "projects/<var>TARGET_PROJECT_NAME</var>/locations/global/dataSharingWithGoogleSettings/<var>SETTING_ID</var>/settingBindings/<var>BINDING_ID</var>",
    "verb": "create",
    "requestedCancellation": false,
    "apiVersion": "v1"
  },
  "done": false
}

Google's use of this data is governed by the Google Cloud Agreement, including the Pre-GA Offering Terms of the Google Cloud Specific Service Terms, as supplemented by the terms for the Gemini for Google Cloud Trusted Tester Program.

Disable prompt and response sharing for Gemini Cloud Assist

Select one of the following options:

Console

  1. Ensure that you have the following Identity and Access Management (IAM) permissions on the project where you want to modify settings:

    • dataSharingWithGoogleSettings.list
    • dataSharingWithGoogleSettings.get
    • settingBindings.dataSharingWithGoogleSettingsGet
    • settingBindings.dataSharingWithGoogleSettingsDelete
    • settingBindings.dataSharingWithGoogleSettingsUse

  2. In the Google Cloud console, go to the Admin for Gemini page.

    Go to Gemini for Google Cloud

    The Gemini for Google Cloud page loads.

  3. Click Settings in the left navigation menu.

    The Settings page loads.

  4. Click Turn off data sharing to stop sharing prompts and responses with Google for all Gemini Cloud Assist users in the project.

API

To disable data sharing for Gemini Cloud Assist, use the DeleteDataSharingWithGoogleSetting method.

  1. Ensure that you have the following Identity and Access Management (IAM) permissions on the project where you want to modify settings:

    • dataSharingWithGoogleSettings.list
    • dataSharingWithGoogleSettings.delete
    • dataSharingWithGoogleSettings.get
    • settingBindings.dataSharingWithGoogleSettingsGet
    • settingBindings.dataSharingWithGoogleSettingsUpdate
    • settingBindings.dataSharingWithGoogleSettingsUse

  2. Disable prompt and response sharing for the specified setting:

    1. Obtain the token:

      TOKEN=$(gcloud auth print-access-token)

    2. Run the following command to disable the setting:

      curl -X PATCH \
  -H "Authorization: Bearer $TOKEN" \
  -H 'Content-Type: application/json' \
  -d '{
    "enable_customer_data_sharing": false
    } ' \
  "https://cloudaicompanion.googleapis.com/v1/projects/CONTAINER_PROJECT_NAME/locations/global/dataSharingWithGoogleSettings?data_sharing_with_google_setting_id=SETTING_ID"

      This PATCH command only succeeds if the setting resource already exists from when you enabled prompt and response sharing.

      Replace the following:

      • CONTAINER_PROJECT_NAME: Enter the parent project ID.
      • SETTING_ID: Enter the existing setting name, such as dswg1 for Data Sharing with Google.

      If the command succeeds, it returns a response body that shows the enablePreviewDataSharing set to false:

      {
  "name": "projects/CONTAINER_PROJECT_NAME/locations/global/dataSharingWithGoogleSettings/SETTING_ID",
  "createTime": "2025-01-23T15:22:49.717166932Z",
  "updateTime": "2025-01-23T15:22:49.717166932Z",
  "enablePreviewDataSharing": false
}

Configure Gemini logging

The following sections provide steps required to enable the collection and storage of Gemini Code Assist activity in Cloud Logging, including:

  • Gemini Code Assist prompts and response logs, such as user input, contextual information, and responses.

  • Gemini Code Assist metadata logs, such as telemetry metadata and lines of code accepted by the user.

For more details on both types of log, see View Gemini logs.

Enable logging for Gemini Code Assist

Select one of the following options:

Console

  1. Ensure you have enabled the Cloud Logging API in the project.

  2. Ensure that you have the following Identity and Access Management (IAM) permissions on the project that owns the subscription:

    • loggingSettings.create
    • loggingSettings.list
    • loggingSettings.update
    • loggingSettings.get
    • cloudaicompanion.instances.loggingSettings.use
    • cloudaicompanion.instances.queryEffectiveSetting
    • settingBindings.loggingSettingsList
    • settingBindings.loggingSettingsGet
    • settingBindings.loggingSettingsUpdate
    • settingBindings.loggingSettingsCreate
    • cloudaicompanion.settingBindings.loggingSettingsUse
    • cloudaicompanion.instances.queryEffectiveSettingBindings

  3. In the Google Cloud console, go to the Admin for Gemini page.

    Go to Gemini for Google Cloud

    The Gemini for Google Cloud page loads.

  4. Click Settings in the left navigation menu.

    The Settings page loads.

  5. (Optional) Click Logging for Code Assist metadata to record the metadata from the usage of Gemini Code Assist in the project.

  6. (Optional) Click Logging for Code Assist prompts and responses to record the prompts and responses generated by users of Gemini Code Assist in the project.

  7. Click Save Changes.

API

To enable logging for Gemini Code Assist, use the loggingSetting method.

  1. Ensure you have enabled the Cloud Logging API in the project.

  2. Ensure that you have the following Identity and Access Management (IAM) permissions on the project that owns the subscription:

    • loggingSettings.create
    • loggingSettings.list
    • loggingSettings.update
    • loggingSettings.get
    • cloudaicompanion.instances.loggingSettings.use
    • cloudaicompanion.instances.queryEffectiveSetting
    • settingBindings.loggingSettingsList
    • settingBindings.loggingSettingsGet
    • settingBindings.loggingSettingsUpdate
    • settingBindings.loggingSettingsCreate
    • cloudaicompanion.settingBindings.loggingSettingsUse
    • cloudaicompanion.instances.queryEffectiveSettingBindings

  3. Create the setting and a setting-specific value:

    1. Obtain the token:

      TOKEN=$(gcloud auth print-access-token)

  4. Enable Gemini Code Assist metadata logs.

    1. Run the following command to create the setting:

      curl -X POST \
  -H "Authorization: Bearer $TOKEN" \
  -H 'Content-Type: application/json' \
  -d '{
    "log_metadata": true,
    } ' \
  "https://cloudaicompanion.googleapis.com/v1/projects/CONTAINER_PROJECT_NAME/locations/global/loggingSettings?logging_setting_id=SETTING_ID"

      Replace the following:

      • CONTAINER_PROJECT_NAME: Enter the parent project ID.
      • SETTING_ID: Enter a unique setting name, such as gcalm1 for Gemini Code Assist log metadata.

      If the command succeeds, it returns a response body that shows the log_metadata set to true:

      {
  "name": "projects/CONTAINER_PROJECT_NAME/locations/global/loggingSettings/SETTING_ID",
  "createTime": "2025-01-23T15:22:49.717166932Z",
  "updateTime": "2025-01-23T15:22:49.717166932Z",
  "log_metadata": true
}

    2. Run the following command to create the Gemini Code Assist metadata logs setting binding:

      curl -X POST \
  -H "Authorization: Bearer $TOKEN" \
  -H 'Content-Type: application/json' \
  -d '{
    "target": "projects/TARGET_PROJECT_NAME"
    }' \
  "https://cloudaicompanion.googleapis.com/v1/projects/CONTAINER_PROJECT_NAME/locations/global/loggingSettings/SETTING_ID/settingBindings?setting_binding_id=BINDING_ID"

    Replace the following:

    • TARGET_PROJECT_NAME: Enter the target project to which the setting should be applied.
    • SETTING_ID: Use the same SETTING_ID when you created the setting, but append it with b1. For example, use gcalmb1 for Gemini Code Assist log metadata.

    If the command succeeds, it returns the operation metadata in the following format:

    {
  "name": "projects/<var>CONTAINER_PROJECT_NAME</var>/locations/global/operations/operation-1737646069712-62c6140bb04bb-49261230-43701daf",
  "metadata": {
    "@type": "type.googleapis.com/google.cloud.cloudaicompanion.v1.OperationMetadata",
    "createTime": "2025-01-23T15:27:50.076075570Z",
    "target": "projects/<var>TARGET_PROJECT_NAME</var>/locations/global/loggingSettings/<var>SETTING_ID</var>/settingBindings/<var>BINDING_ID</var>",
    "verb": "create",
    "requestedCancellation": false,
    "apiVersion": "v1"
  },
  "done": false
}

  5. Enable Gemini Code Assist user logs.

    1. Run the following command to create the setting:

      curl -X POST \
  -H "Authorization: Bearer $TOKEN" \
  -H 'Content-Type: application/json' \
  -d '{
    "log_prompts_and_responses": true,
    } ' \
  "https://cloudaicompanion.googleapis.com/v1/projects/CONTAINER_PROJECT_NAME/locations/global/loggingSettings?logging_setting_id=SETTING_ID"

      Replace the following:

      • CONTAINER_PROJECT_NAME: Enter the parent project ID.
      • SETTING_ID: Enter a unique setting name, such as gcapar1 for Gemini Code Assist prompts and responses.

      If the command succeeds, it returns a response body that shows the log_prompts_and_responses set to true:

      {
  "name": "projects/CONTAINER_PROJECT_NAME/locations/global/loggingSettings/SETTING_ID",
  "createTime": "2025-01-23T15:22:49.717166932Z",
  "updateTime": "2025-01-23T15:22:49.717166932Z",
  "log_prompts_and_responses": true
}

    2. Run the following command to create the Gemini Code Assist user logs setting binding:

      curl \
  -H "Authorization: Bearer $TOKEN" \
  -H 'Content-Type: application/json' \
  -d '{
    "target": "projects/TARGET_PROJECT_NAME"
    }' \
  "https://cloudaicompanion.googleapis.com/v1/projects/CONTAINER_PROJECT_NAME/locations/global/loggingSettings/SETTING_ID/settingBindings?setting_binding_id=BINDING_ID"

    Replace the following:

    • TARGET_PROJECT_NAME: Enter the target project to which the setting should be applied.
    • SETTING_ID: Use the same SETTING_ID when you created the setting, but append it with b1. For example, use gcaparb1 for Gemini Code Assist prompts and responses.

    If the command succeeds, it returns the operation metadata in the following format:

    {
  "name": "projects/<var>CONTAINER_PROJECT_NAME</var>/locations/global/operations/operation-1737646069712-62c6140bb04bb-49261230-43701daf",
  "metadata": {
    "@type": "type.googleapis.com/google.cloud.cloudaicompanion.v1.OperationMetadata",
    "createTime": "2025-01-23T15:27:50.076075570Z",
    "target": "projects/<var>TARGET_PROJECT_NAME</var>/locations/global/loggingSettings/<var>SETTING_ID</var>/settingBindings/<var>BINDING_ID</var>",
    "verb": "create",
    "requestedCancellation": false,
    "apiVersion": "v1"
  },
  "done": false
}

Disable logging for Gemini Code Assist

Select one of the following options:

Console

  1. Ensure that you have the following Identity and Access Management (IAM) permissions on the project that owns the subscription:

    • loggingSettings.delete
    • loggingSettings.list
    • loggingSettings.update
    • loggingSettings.get
    • cloudaicompanion.instances.loggingSettings.use
    • cloudaicompanion.instances.queryEffectiveSetting
    • settingBindings.loggingSettingsList
    • settingBindings.loggingSettingsGet
    • settingBindings.loggingSettingsUpdate
    • settingBindings.loggingSettingsDelete
    • cloudaicompanion.settingBindings.loggingSettingsUse
    • cloudaicompanion.instances.queryEffectiveSettingBindings

  2. In the Google Cloud console, go to the Admin for Gemini page.

    Go to Gemini for Google Cloud

    The Gemini for Google Cloud page loads.

  3. Click Settings in the left navigation menu.

    The Settings page loads.

  4. (Optional) Click Logging for Code Assist metadata to record the metadata from the usage of Gemini Code Assist in the project.

  5. Click Turn off logging.

  6. Click Save Changes.

API

To enable logging for Gemini Code Assist, use the loggingSetting method.

  1. Ensure that you have the following Identity and Access Management (IAM) permissions on the project that owns the subscription:

    • loggingSettings.create
    • loggingSettings.list
    • loggingSettings.update
    • loggingSettings.get
    • cloudaicompanion.instances.loggingSettings.use
    • cloudaicompanion.instances.queryEffectiveSetting
    • settingBindings.loggingSettingsList
    • settingBindings.loggingSettingsGet
    • settingBindings.loggingSettingsUpdate
    • settingBindings.loggingSettingsCreate
    • serviceusage.services.enable

  2. Create the setting and a setting-specific value:

    1. Obtain the token:

      TOKEN=$(gcloud auth print-access-token)

  3. Run the following command to disable the Gemini Code Assist metadata logs setting:

      curl -X POST \
    -H "Authorization: Bearer $TOKEN" \
    -H 'Content-Type: application/json' \
    -d '{
      "log_metadata": false,
      } ' \
    "https://cloudaicompanion.googleapis.com/v1/projects/CONTAINER_PROJECT_NAME/locations/global/loggingSettings?logging_metadata_id=SETTING_ID"

    Replace the following:

    • CONTAINER_PROJECT_NAME: Enter the parent project ID.

    • SETTING_ID: Enter the existing setting name, such as gcalm1 for Gemini Code Assist log metadata.

      If the command succeeds, it returns a response body that shows the log_metadata set to false:

      {
  "name": "projects/CONTAINER_PROJECT_NAME/locations/global/loggingSettings/SETTING_ID",
  "createTime": "2025-01-23T15:22:49.717166932Z",
  "updateTime": "2025-01-23T15:22:49.717166932Z",
  "log_metadata": false
}

  4. Run the following command to disable the Gemini Code Assist user logs setting:

      curl -X POST \
    -H "Authorization: Bearer $TOKEN" \
    -H 'Content-Type: application/json' \
    -d '{
      "log_prompts_and_responses": false,
      } ' \
    "https://cloudaicompanion.googleapis.com/v1/projects/CONTAINER_PROJECT_NAME/locations/global/loggingSettings?logging_setting_id=SETTING_ID"

    Replace the following:

    • CONTAINER_PROJECT_NAME: Enter the parent project ID.

    • SETTING_ID: Enter the existing setting name, such as gcapar1 for Gemini Code Assist prompts and responses.

      If the command succeeds, it returns a response body that shows the log_prompts_and_responses set to false:

      {
  "name": "projects/CONTAINER_PROJECT_NAME/locations/global/loggingSettings/SETTING_ID",
  "createTime": "2025-01-23T15:22:49.717166932Z",
  "updateTime": "2025-01-23T15:22:49.717166932Z",
  "log_prompts_and_responses": false
}