Cloud Storage
The following subsections list the Google identity and access management (IAM) permissions granted via Compute Storage access shortcuts.
Use this information when requesting Google Cloud Access permissions.
Read (bucket)
Read (bucket) grants the following IAM permissions for the bucket and any contained objects:
storage.objects.get
storage.objects.list
storage.buckets.get
storage.buckets.listEffectiveTags
storage.buckets.listTagBindings
storage.multipartUploads.list
storage.multipartUploads.listPartsRead (object)
Read (object) grants the following IAM permissions for the object and any child objects:
storage.objects.get
storage.objects.list
storage.multipartUploads.list
storage.multipartUploads.listPartsWrite (bucket)
Write (bucket) grants the following IAM permissions for the bucket and any contained objects:
storage.objects.get
storage.objects.list
storage.buckets.get
storage.buckets.listEffectiveTags
storage.buckets.listTagBindings
storage.buckets.createTagBinding
storage.buckets.delete
storage.buckets.deleteTagBinding
storage.buckets.update
storage.objects.create
storage.objects.delete
storage.objects.update
storage.multipartUploads.abort
storage.multipartUploads.create
storage.multipartUploads.list
storage.multipartUploads.listPartsWrite (object)
White (object) grants the following IAM permissions for the object and any child objects:
storage.objects.get
storage.objects.list
storage.objects.create
storage.objects.delete
storage.objects.update
storage.multipartUploads.abort
storage.multipartUploads.create
storage.multipartUploads.list
storage.multipartUploads.listPartsAdmin (bucket)
Admin (bucket) grants the storage.admin predefined role for the bucket and any contained objects.
Admin (object)
Admin (object) grants the storage.objectAdmin predefined role for the object and any child objects.
Last updated