P0 App Documentation
Sign up for FreeSandbox
  • What Is P0?
    • πŸŽ›οΈIAM Dashboard
    • πŸ”ŽAccess Inventory
    • πŸͺ‘IAM Posture
    • ⏱️Just-In-Time Access
    • ♻️Service-Account Key Rotation
  • Getting Started
    • ⬇️Quick Start
    • 🎁Share P0 With Your Team
  • INVENTORY
    • πŸ—ΊοΈAccess Inventory
    • πŸ”¬Result Details
    • ❔Query Search
      • πŸ“–Search Reference
  • Posture
    • βš–οΈPosture Overview
  • Monitor Results
  • πŸ€”Finding Details
  • ORCHESTRATION
    • ⏰Just-in-time access
      • πŸ–οΈRequesting Access
        • πŸ‘‰For Another Party
      • 🏁Approving Access
        • Pre-approving Access
      • πŸ”€Request Routing
        • Google Cloud Filtering
        • AWS Filtering
  • Environments
    • ☁️Creating an Environment
    • πŸ““Environment Terminology
    • βš™οΈSettings
  • Integrations
    • πŸ“žNotifier integrations
      • πŸ’¬Slack
      • πŸ‘¬Microsoft Teams
      • πŸ“£Custom Notifier
    • πŸ”‘Resource integrations
      • ☁️Google Cloud
        • Requesting Access
        • Permissions Reference
          • Cloud Storage
          • Compute Engine
      • πŸ“¦AWS
        • Requesting Access
      • ☸️Kubernetes
        • Requesting Access
        • Advanced Requests
      • πŸ”‹PostgreSQL
        • Requesting Access
      • ❄️Snowflake
      • πŸ–₯️SSH
      • GitHub
        • Requesting Access
      • πŸ› οΈCustom Resource
    • πŸ‘₯Directory integrations
      • Microsoft Entra ID
        • Requesting Access
      • Google Workspace
      • Integrate P0 with Okta
    • βœ”οΈApproval integrations
      • πŸ””PagerDuty
    • πŸ”ŒSIEM Integrations
      • Splunk HEC Setup
  • P0 Management
    • 🎩Role-Based Access Control
Powered by GitBook
On this page
  • Read (bucket)
  • Read (object)
  • Write (bucket)
  • Write (object)
  • Admin (bucket)
  • Admin (object)
  1. Integrations
  2. Resource integrations
  3. Google Cloud
  4. Permissions Reference

Cloud Storage

PreviousPermissions ReferenceNextCompute Engine

Last updated 5 months ago

The following subsections list the Google identity and access management (IAM) permissions granted via Compute Storage access shortcuts.

Use this information when .

Read (bucket)

Read (bucket) grants the following IAM permissions for the bucket and any contained objects:

          storage.objects.get
          storage.objects.list
          storage.buckets.get
          storage.buckets.listEffectiveTags
          storage.buckets.listTagBindings
          storage.multipartUploads.list
          storage.multipartUploads.listParts

Read (object)

Read (object) grants the following IAM permissions for the object and any child objects:

          storage.objects.get
          storage.objects.list
          storage.multipartUploads.list
          storage.multipartUploads.listParts

Write (bucket)

Write (bucket) grants the following IAM permissions for the bucket and any contained objects:

          storage.objects.get
          storage.objects.list
          storage.buckets.get
          storage.buckets.listEffectiveTags
          storage.buckets.listTagBindings
          storage.buckets.createTagBinding
          storage.buckets.delete
          storage.buckets.deleteTagBinding
          storage.buckets.update
          storage.objects.create
          storage.objects.delete
          storage.objects.update
          storage.multipartUploads.abort
          storage.multipartUploads.create
          storage.multipartUploads.list
          storage.multipartUploads.listParts

Write (object)

White (object) grants the following IAM permissions for the object and any child objects:

          storage.objects.get
          storage.objects.list
          storage.objects.create
          storage.objects.delete
          storage.objects.update
          storage.multipartUploads.abort
          storage.multipartUploads.create
          storage.multipartUploads.list
          storage.multipartUploads.listParts

Admin (bucket)

Admin (bucket) grants the storage.admin predefined role for the bucket and any contained objects.

Admin (object)

Admin (object) grants the storage.objectAdmin predefined role for the object and any child objects.

πŸ”‘
☁️
requesting Google Cloud Access permissions