Cloud IAM permissions for Cloud Storage

The following tables list the Cloud Identity and Access Management (Cloud IAM) permissions that are associated with Cloud Storage.

Bucket permissions

Bucket permission name	Description
`storage.buckets.create`	Create new buckets in a project.
`storage.buckets.delete`	Delete buckets.
`storage.buckets.get`	Read bucket metadata, excluding Cloud IAM policies.
`storage.buckets.getIamPolicy`	Read bucket Cloud IAM policies.
`storage.buckets.list`	List buckets in a project. Also read bucket metadata, excluding Cloud IAM policies, when listing.
`storage.buckets.setIamPolicy`	Update bucket Cloud IAM policies.
`storage.buckets.update`	Update bucket metadata, excluding Cloud IAM policies.

Object permission name	Description
`storage.objects.create`	Add new objects to a bucket.
`storage.objects.delete`	Delete objects.
`storage.objects.get`	Read object data and metadata, excluding ACLs.
`storage.objects.getIamPolicy`	Read object ACLs, returned as Cloud IAM policies.
`storage.objects.list`	List objects in a bucket. Also read object metadata, excluding ACLs, when listing.
`storage.objects.setIamPolicy`	Update object ACLs.
`storage.objects.update`	Update object metadata, excluding ACLs.

HMAC key permission name	Description
`storage.hmacKeys.create`	Create new HMAC keys for service accounts in a project.
`storage.hmacKeys.delete`	Delete existing HMAC keys.
`storage.hmacKeys.get`	Read HMAC key metadata.
`storage.hmacKeys.list`	List the metadata of HMAC keys in a project.
`storage.hmacKeys.update`	Update HMAC key status.

Learn how to control access to buckets and objects using Cloud IAM permissions.
Learn about which Cloud IAM permissions are contained in each Cloud Storage Cloud IAM role.
To learn about which Cloud IAM permissions allow users to perform actions with different Cloud Storage tools, see Cloud IAM with the Cloud Console, Cloud IAM with gsutil, Cloud IAM with JSON, and Cloud IAM with XML.
For a list of other Google Cloud permissions, see Support Level for Permissions in Custom Roles.

Hai trovato utile questa pagina? Facci sapere cosa ne pensi:

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see our Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Ultimo aggiornamento: Novembre 15, 2019.