DefaultObjectAccessControls

The DefaultObjectAccessControls resources represent the Access Control Lists (ACLs) applied to a new object within Google Cloud Storage when no ACL was provided for that object. ACLs let you specify who has access to your data and to what extent.

There are two roles that can be assigned to an entity:

  • READERs can get an object, though the acl property will not be revealed.
  • OWNERs are READERs, and they can get the acl property, update an object, and call all objectAccessControls methods on the object.
For more information, see Access Control, with the caveat that this API uses READER and OWNER instead of READ and FULL_CONTROL.

For a list of methods for this resource, see the end of this page.

Resource representations

{
  "kind": "storage#objectAccessControl",
  "id": string,
  "selfLink": string,
  "bucket": string,
  "object": string,
  "generation": long,
  "entity": string,
  "role": string,
  "email": string,
  "entityId": string,
  "domain": string,
  "projectTeam": {
    "projectNumber": string,
    "team": string
  },
  "etag": string
}
Property name Value Description Notes
bucket string The name of the bucket.
domain string The domain associated with the entity, if any.
email string The email address associated with the entity, if any.
entity string The entity holding the permission, in one of the following forms:
  • user-userId
  • user-email
  • group-groupId
  • group-email
  • domain-domain
  • project-team-projectId
  • allUsers
  • allAuthenticatedUsers
Examples:
  • The user liz@example.com would be user-liz@example.com.
  • The group example@googlegroups.com would be group-example@googlegroups.com.
  • To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
writable
entityId string The ID for the entity, if any.
etag string HTTP 1.1 Entity tag for the access-control entry.
generation long The content generation of the object, if applied to an object.
id string The ID of the access-control entry.
kind string The kind of item this is. For object access control entries, this is always storage#objectAccessControl.
object string The name of the object, if applied to an object.
projectTeam object The project team associated with the entity, if any.
projectTeam.projectNumber string The project number.
projectTeam.team string The team.

Acceptable values are:
  • "editors"
  • "owners"
  • "viewers"
role string The access permission for the entity.

Acceptable values are:
  • "OWNER"
  • "READER"
writable

Methods

Buckets in Google Cloud Storage have an optional default object Access Control List. The methods for working with a bucket's default object access controls are as follows:

delete
Permanently deletes the default object ACL entry for the specified entity on the specified bucket.
get
Returns the default object ACL entry for the specified entity on the specified bucket.
insert
Creates a new default object ACL entry on the specified bucket.
list
Retrieves default object ACL entries on the specified bucket.
patch
Updates a default object ACL entry on the specified bucket. This method supports patch semantics.
update
Updates a default object ACL entry on the specified bucket.

Send feedback about...

Cloud Storage Documentation