ObjectAccessControls: insert

Creates a new ACL entry on the specified object.

Required permissions

The authenticated user must have one of the following permissions to use this method:

  • The storage.objects.setIamPolicy IAM permission for the bucket containing the object
  • The OWNER ACL permission for the object

Request

HTTP request

POST https://storage.googleapis.com/storage/v1/b/bucket/o/object/acl

In addition to standard query parameters, the following query parameters apply to this method.

To see an example of how to include query parameters in a request, see the JSON API Overview page.

Parameters

Parameter name Value Description
Path parameters
bucket string Name of a bucket.
object string Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI path parts.
Optional query parameters
generation long If present, selects a specific revision of this object (as opposed to the latest version, the default).

Request body

In the request body, supply an ObjectAccessControls resource with the following properties:

Property name Value Description Notes
Required Properties
entity string The entity holding the permission, in one of the following forms:
  • user-email
  • group-groupId
  • group-email
  • domain-domain
  • project-team-projectId
  • allUsers
  • allAuthenticatedUsers
Examples:
  • The user liz@example.com would be user-liz@example.com.
  • The group example@googlegroups.com would be group-example@googlegroups.com.
  • To refer to all members of the domain example.com, the entity would be domain-example.com.
 writable
role string The access permission for the entity.

Acceptable values are:
  • "OWNER"
  • "READER"
 writable

Response

If successful, this method returns an ObjectAccessControls resource in the response body.

Try it!

Use the APIs Explorer below to call this method on live data and see the response.