Cloud Storage

The following subsections list the Google identity and access management (IAM) permissions granted via Compute Storage access shortcuts.

Use this information when requesting Google Cloud Access permissions.

Read (bucket)

Read (bucket) grants the following IAM permissions for the bucket and any contained objects:

          storage.objects.get
          storage.objects.list
          storage.buckets.get
          storage.buckets.listEffectiveTags
          storage.buckets.listTagBindings
          storage.multipartUploads.list
          storage.multipartUploads.listParts

Read (object)

Read (object) grants the following IAM permissions for the object and any child objects:

          storage.objects.get
          storage.objects.list
          storage.multipartUploads.list
          storage.multipartUploads.listParts

Write (bucket)

Write (bucket) grants the following IAM permissions for the bucket and any contained objects:

          storage.objects.get
          storage.objects.list
          storage.buckets.get
          storage.buckets.listEffectiveTags
          storage.buckets.listTagBindings
          storage.buckets.createTagBinding
          storage.buckets.delete
          storage.buckets.deleteTagBinding
          storage.buckets.update
          storage.objects.create
          storage.objects.delete
          storage.objects.update
          storage.multipartUploads.abort
          storage.multipartUploads.create
          storage.multipartUploads.list
          storage.multipartUploads.listParts

Write (object)

White (object) grants the following IAM permissions for the object and any child objects:

          storage.objects.get
          storage.objects.list
          storage.objects.create
          storage.objects.delete
          storage.objects.update
          storage.multipartUploads.abort
          storage.multipartUploads.create
          storage.multipartUploads.list
          storage.multipartUploads.listParts

Admin (bucket)

Admin (bucket) grants the storage.admin predefined role for the bucket and any contained objects.

Admin (object)

Admin (object) grants the storage.objectAdmin predefined role for the object and any child objects.

PreviousPermissions Reference NextCompute Engine

Last updated 1 year ago

hashtagRead (bucket)

hashtagRead (object)

hashtagWrite (bucket)

hashtagWrite (object)

hashtagAdmin (bucket)

hashtagAdmin (object)