ObjectAccessControls: get

Returns the ACL entry for the specified entity on the specified object. Try it now.

Required permissions

The authenticated user must have one of the following permissions to use this method:

  • The storage.objects.getIamPolicy IAM permission for the bucket containing the object
  • The OWNER ACL permission for the object


HTTP request

GET https://storage.googleapis.com/storage/v1/b/bucket/o/object/acl/entity

In addition to standard query parameters, the following query parameters apply to this method.

To see an example of how to include query parameters in a request, see the JSON API Overview page.


Parameter name Value Description
Path parameters
bucket string Name of a bucket.
entity string The entity holding the permission. Can be user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.
object string Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI path parts.
Optional query parameters
generation long If present, selects a specific revision of this object (as opposed to the latest version, the default).

Request body

Do not supply a request body with this method.


If successful, this method returns an ObjectAccessControls resource in the response body.

Try it!

Use the APIs Explorer below to call this method on live data and see the response.