Cloud Storage

The following subsections list the Google identity and access management (IAM) permissions granted via Compute Storage access shortcuts.

Use this information when requesting Google Cloud Access permissions.

Read (bucket)

Read (bucket) grants the following IAM permissions for the bucket and any contained objects:

          storage.objects.get
          storage.objects.list
          storage.buckets.get
          storage.buckets.listEffectiveTags
          storage.buckets.listTagBindings
          storage.multipartUploads.list
          storage.multipartUploads.listParts

Read (object)

Read (object) grants the following IAM permissions for the object and any child objects:

          storage.objects.get
          storage.objects.list
          storage.multipartUploads.list
          storage.multipartUploads.listParts

Write (bucket)

Write (bucket) grants the following IAM permissions for the bucket and any contained objects:

Write (object)

White (object) grants the following IAM permissions for the object and any child objects:

Admin (bucket)

Admin (bucket) grants the storage.admin predefined role for the bucket and any contained objects.

Admin (object)

Admin (object) grants the storage.objectAdmin predefined role for the object and any child objects.