Cloud Storage

ObjectAccessControls: get

Returns the ACL entry for the specified entity on the specified object. Try it now or see an example.


HTTP request

GET https://www.googleapis.com/storage/v1/b/bucket/o/object/acl/entity


Parameter name Value Description
Path parameters
bucket string Name of a bucket.
entity string The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.
object string Name of the object.
Optional query parameters
generation long If present, selects a specific revision of this object (as opposed to the latest version, the default).

Request body

Do not supply a request body with this method.


If successful, this method returns an ObjectAccessControls resource in the response body.


Note: The code examples available for this method do not represent all supported programming languages (see the client libraries page for a list of supported languages).


Uses the Python client library.

req = client.objectAccessControls().get(
        fields='id,role')   # optional
resp = req.execute()
print json.dumps(resp, indent=2)


Uses the Ruby client library.

# Get object acl
object_acl_get_result = client.execute(
  api_method: storage.object_access_controls.get,
  parameters: {bucket: BUCKET, object: OBJECT, entity: 'allUsers'}
puts "Get object ACL: "
acl = object_acl_get_result.data
puts "Users #{acl.entity} can access #{OBJECT} as #{acl.role}"


Uses the Go client library.

// Get ACL for an object.
bucketName := "BUCKET_NAME"
objectName := "OBJECT_NAME"
result, err := service.ObjectAccessControls.Get(bucketName, objectName, "allUsers").Do()
fmt.Printf("Users in group %v can access %v/%v as %v.",
	result.Entity, bucketName, objectName, result.Role)

Try it!

Use the APIs Explorer below to call this method on live data and see the response. Alternatively, try the standalone Explorer.