This page shows you how to make objects you own readable to everyone on the public internet. To learn how to access data that has been made public, see Accessing Public Data.
Making individual objects publicly readable
To make individual objects readable to everyone on the public internet:
Console
- Open the Cloud Storage browser in the Google Cloud Console.
Open the Cloud Storage browser Check the Access control column for the bucket containing the object you want to make public. If the column reads Fine-grained, proceed to the next step. If the column reads Uniform, you cannot use the following steps to make individual objects in the bucket publicly readable. Instead, grant public readability to all objects in the bucket, or use signed URLs.
Click on the name of the bucket that contains the object you want to make public, and navigate to the object if it's in a subdirectory.
Click the more actions menu (
) associated with the object that you want to make public.
Select Edit permissions from the drop-down menu. If the option does not exist, you may have Uniform access control enabled. See Step 2 for more details.
In the overlay that appears, click the + Add entry button.
Add a permission for allUsers.
- Select Public for the Entity.
- Select allUsers for the Name.
- Select Reader for the Access.
Click Save.
Once shared publicly, a link icon appears in the public access column. You can click on this icon to get the URL for the object.
See Troubleshooting for how to get detailed error information about failed operations in the Cloud Storage browser.
gsutil
Use the gsutil acl ch
command:
gsutil acl ch -u AllUsers:R gs://BUCKET_NAME/OBJECT_NAME
Where:
BUCKET_NAME
is the name of the bucket containing the object you want to make public. For example,my-bucket
.OBJECT_NAME
is the name of the object you want to make public. For example,pets/dog.png
.
If successful, the response looks like the following example:
Updated ACL on gs://my-bucket/pets/dog.png
Code samples
For more information, see the
Cloud Storage C++ API reference documentation.
For more information, see the
Cloud Storage C# API reference documentation.
For more information, see the
Cloud Storage Go API reference documentation.
For more information, see the
Cloud Storage Java API reference documentation.
For more information, see the
Cloud Storage Node.js API reference documentation.
For more information, see the
Cloud Storage PHP API reference documentation.
For more information, see the
Cloud Storage Python API reference documentation.
For more information, see the
Cloud Storage Ruby API reference documentation.
C++
C#
Go
Java
Node.js
PHP
Python
Ruby
REST APIs
JSON API
- Get an authorization access token from the OAuth 2.0 Playground. Configure the playground to use your own OAuth credentials.
Create a .json file that contains the following information:
{ "entity": "allUsers", "role": "READER" }
Use
cURL
to call the JSON API with anInsert
ACL request:curl -X POST --data-binary @JSON_FILE_NAME.json \ -H "Authorization: Bearer OAUTH2_TOKEN" \ -H "Content-Type: application/json" \ "https://storage.googleapis.com/storage/v1/b/BUCKET_NAME/o/OBJECT_NAME/acl"
Where:
JSON_FILE_NAME
is the name of the file you created in Step 2.OAUTH2_TOKEN
is the access token you created in Step 1.BUCKET_NAME
is the name of the bucket containing the object you want to make public. For example,my-bucket
.OBJECT_NAME
is the name of the object you want to make public. For example,pets/dog.png
.
XML API
- Get an authorization access token from the OAuth 2.0 Playground. Configure the playground to use your own OAuth credentials.
Create a .xml file that contains the following information:
<AccessControlList> <Entries> <Entry> <Scope type="AllUsers"/> <Permission>READ</Permission> </Entry> </Entries> </AccessControlList>
Use
cURL
to call the XML API with aSet Object ACL
request:curl -X PUT --data-binary @XML_FILE_NAME.xml \ -H "Authorization: Bearer OAUTH2_TOKEN" \ "https://storage.googleapis.com/BUCKET_NAME/OBJECT_NAME?acl"
Where:
XML_FILE_NAME
is the name of the file you created in Step 2.OAUTH2_TOKEN
is the access token you created in Step 1.BUCKET_NAME
is the name of the bucket containing the object you want to make public. For example,my-bucket
.OBJECT_NAME
is the name of the object you want to make public. For example,pets/dog.png
.
Making all objects in a bucket publicly readable
To make all objects in a bucket readable to everyone on the public internet:
Console
- Open the Cloud Storage browser in the Google Cloud Console.
Open the Cloud Storage browser In the list of buckets, click on the name of the bucket that you want to make public.
Select the Permissions tab near the top of the page.
Click the Add members button.
The Add members dialog box appears.
In the New members field, enter
allUsers
.In the Select a role drop down, select the Cloud Storage sub-menu, and click the Storage Object Viewer option.
Click Save.
Once shared publicly, a link icon appears for each object in the public access column. You can click on this icon to get the URL for the object.
See Troubleshooting for how to get detailed error information about failed operations in the Cloud Storage browser.
gsutil
Use the gsutil iam ch
command:
gsutil iam ch allUsers:objectViewer gs://BUCKET_NAME
Where BUCKET_NAME
is the name of the bucket whose
objects you want to make public. For example, my-bucket
.
Code samples
For more information, see the
Cloud Storage C++ API reference documentation.
For more information, see the
Cloud Storage C# API reference documentation.
For more information, see the
Cloud Storage Go API reference documentation.
For more information, see the
Cloud Storage Java API reference documentation.
For more information, see the
Cloud Storage Node.js API reference documentation.
For more information, see the
Cloud Storage Python API reference documentation.
For more information, see the
Cloud Storage Ruby API reference documentation.
C++
C#
Go
Java
Node.js
Python
Ruby
REST APIs
JSON API
- Get an authorization access token from the OAuth 2.0 Playground. Configure the playground to use your own OAuth credentials.
Create a .json file that contains the following information:
{ "bindings":[ { "role": "roles/storage.objectViewer", "members":["allUsers"] } ] }
Use
cURL
to call the JSON API with aPUT
Bucket request:curl -X PUT --data-binary @JSON_FILE_NAME.json \ -H "Authorization: Bearer OAUTH2_TOKEN" \ -H "Content-Type: application/json" \ "https://storage.googleapis.com/storage/v1/b/BUCKET_NAME/iam"
Where:
JSON_FILE_NAME
is the name of the file you created in Step 2.OAUTH2_TOKEN
is the access token you created in Step 1.BUCKET_NAME
is the name of the bucket whose objects you want to make public. For example,my-bucket
.
XML API
Making all objects in a bucket publicly readable is not supported by the XML API. Use gsutil or the JSON API instead.
What's next
- Access data that has been made public.
- Learn about more access control options for your buckets and objects.