DefaultObjectAccessControls: insert

Creates a new default object ACL entry on the specified bucket.

Required permissions

To use this method, the authenticated user must have the following IAM permissions for the bucket:

  • storage.buckets.get
  • storage.buckets.getIamPolicy
  • storage.buckets.setIamPolicy
  • storage.buckets.update

Request

HTTP request

POST https://storage.googleapis.com/storage/v1/b/bucket/defaultObjectAcl

In addition to standard query parameters, the following query parameters apply to this method.

To see an example of how to include query parameters in a request, see the JSON API Overview page.

Parameters

Parameter name Value Description
Path parameters
bucket string Name of a bucket.

Request body

In the request body, supply a DefaultObjectAccessControls resource with the following properties:

Property name Value Description Notes
Required Properties
entity string The entity holding the permission, in one of the following forms:
  • user-email
  • group-groupId
  • group-email
  • domain-domain
  • project-team-projectId
  • allUsers
  • allAuthenticatedUsers
Examples:
  • The user liz@example.com would be user-liz@example.com.
  • The group example@googlegroups.com would be group-example@googlegroups.com.
  • To refer to all members of the domain example.com, the entity would be domain-example.com.
writable
role string The access permission for the entity.

Acceptable values are:
  • "OWNER"
  • "READER"
writable

Response

If successful, this method returns a DefaultObjectAccessControls resource in the response body.

Try it!

Use the APIs Explorer below to call this method on live data and see the response.