The following subsections list the Google identity and access management (IAM) permissions granted via Compute Storage access shortcuts.
Use this information when .
Read (bucket)
Read (bucket) grants the following IAM permissions for the bucket and any contained objects:
storage.objects.get
storage.objects.list
storage.buckets.get
storage.buckets.listEffectiveTags
storage.buckets.listTagBindings
storage.multipartUploads.list
storage.multipartUploads.listParts
Read (object)
Read (object) grants the following IAM permissions for the object and any child objects:
storage.objects.get
storage.objects.list
storage.multipartUploads.list
storage.multipartUploads.listParts
Write (bucket)
Write (bucket) grants the following IAM permissions for the bucket and any contained objects:
storage.objects.get
storage.objects.list
storage.buckets.get
storage.buckets.listEffectiveTags
storage.buckets.listTagBindings
storage.buckets.createTagBinding
storage.buckets.delete
storage.buckets.deleteTagBinding
storage.buckets.update
storage.objects.create
storage.objects.delete
storage.objects.update
storage.multipartUploads.abort
storage.multipartUploads.create
storage.multipartUploads.list
storage.multipartUploads.listParts
Write (object)
White (object) grants the following IAM permissions for the object and any child objects:
storage.objects.get
storage.objects.list
storage.objects.create
storage.objects.delete
storage.objects.update
storage.multipartUploads.abort
storage.multipartUploads.create
storage.multipartUploads.list
storage.multipartUploads.listParts
Admin (bucket)
Admin (bucket) grants the storage.admin predefined role for the bucket and any contained objects.
Admin (object)
Admin (object) grants the storage.objectAdmin predefined role for the object and any child objects.
