Module acl (1.20.0)

Manipulate access control lists that Cloud Storage provides.

Bucket has a getting method that creates an ACL object under the hood, and you can interact with that using acl:

.. literalinclude:: :start-after: [START client_bucket_acl] :end-before: [END client_bucket_acl]

Adding and removing permissions can be done with the following methods (in increasing order of granularity):

  • ACL.all corresponds to access for all users.
  • ACL.all_authenticated corresponds to access for all users that are signed into a Google account.
  • ACL.domain corresponds to access on a per Google Apps domain (ie,
  • corresponds to access on a per group basis (either by ID or e-mail address).
  • ACL.user corresponds to access on a per user basis (either by ID or e-mail address).

And you are able to grant and revoke the following roles:

  • Reading: _ACLEntity.grant_read and _ACLEntity.revoke_read
  • Writing: _ACLEntity.grant_write and _ACLEntity.revoke_write
  • Owning: _ACLEntity.grant_owner and _ACLEntity.revoke_owner

You can use any of these like any other factory method (these happen to be _ACLEntity factories):

.. literalinclude:: :start-after: [START acl_user_settings] :end-before: [END acl_user_settings]

After that, you can save any changes you make with the save method:

.. literalinclude:: :start-after: [START acl_save] :end-before: [END acl_save]

You can alternatively save any existing ACL object (whether it was created by a factory method or not) from a Bucket:

.. literalinclude:: :start-after: [START acl_save_bucket] :end-before: [END acl_save_bucket]

To get the list of entity and role for each unique pair, the ACL class is iterable:

.. literalinclude:: :start-after: [START acl_print] :end-before: [END acl_print]

This list of tuples can be used as the entity and role fields when sending metadata for ACLs to the API.




Container class representing a list of access controls.



An ACL specifically for a bucket.

bucket Bucket

The bucket to which this ACL relates.



A class representing the default object ACL for a bucket.



An ACL specifically for a Cloud Storage object / blob.

blob Blob

The blob that this ACL corresponds to.