List buckets in a project. Also read bucket metadata, excluding IAM policies, when listing.
storage.buckets.listEffectiveTags
List all tags associated with a bucket, including tags inherited from higher in the resource hierarchy, such as from the bucket's project.
storage.buckets.listTagBindings
List tags directly attached to a bucket.
storage.buckets.setIamPolicy
Update bucket IAM policies.
storage.buckets.update
Update bucket metadata, excluding IAM policies, and add or remove a Pub/Sub notification configuration on a bucket. Also read bucket metadata, excluding IAM policies, when updating.
Managed folder permissions
Managed folder permission name
Description
storage.managedfolders.create
Create a managed folder.
storage.managedfolders.delete
Delete a managed folder.
storage.managedfolders.get
Read a managed folder.
storage.managedfolders.getIamPolicy
Read managed folder IAM policies.
storage.managedfolders.list
List the managed folders in a bucket or folder.
storage.managedfolders.setIamPolicy
Update managed folder IAM policies.
Object permissions
Object permission name
Description
storage.objects.create
Add new objects to a bucket.
storage.objects.delete
Delete objects.
storage.objects.get
Read object data and metadata, excluding ACLs.
storage.objects.getIamPolicy
Read object ACLs, returned as IAM policies.
storage.objects.list
List objects in a bucket. Also read object metadata, excluding ACLs, when listing.
storage.objects.overrideUnlockedRetention
Use the x-goog-bypass-governance-retention header or the overrideUnlockedRetention query parameter when working with object retention configurations.