Google Cloud Platform
Cloud Storage

ObjectAccessControls: get

Returns the ACL entry for the specified entity on the specified object. Try it now or see an example.


HTTP request



Parameter name Value Description
Path parameters
bucket string Name of a bucket.
entity string The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.
object string Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.
Optional query parameters
generation long If present, selects a specific revision of this object (as opposed to the latest version, the default).

Request body

Do not supply a request body with this method.


If successful, this method returns an ObjectAccessControls resource in the response body.


Note: The code examples available for this method do not represent all supported programming languages (see the client libraries page for a list of supported languages).


Uses the Python client library.

req = client.objectAccessControls().get(
        fields='id,role')   # optional
resp = req.execute()
print json.dumps(resp, indent=2)


Uses the Ruby client library.

# Get object acl
object_acl_get_result = client.execute(
  api_method: storage.object_access_controls.get,
  parameters: {bucket: BUCKET, object: OBJECT, entity: 'allUsers'}
puts "Get object ACL: "
acl =
puts "Users #{acl.entity} can access #{OBJECT} as #{acl.role}"


Uses the Go client library.

// Get ACL for an object.
bucketName := "BUCKET_NAME"
objectName := "OBJECT_NAME"
result, err := service.ObjectAccessControls.Get(bucketName, objectName, "allUsers").Do()
fmt.Printf("Users in group %v can access %v/%v as %v.",
	result.Entity, bucketName, objectName, result.Role)

Try it!

Use the APIs Explorer below to call this method on live data and see the response. Alternatively, try the standalone Explorer.