Cloud Storage

ObjectAccessControls: insert

Creates a new ACL entry on the specified object. Try it now or see an example.


HTTP request

POST https://www.googleapis.com/storage/v1/b/bucket/o/object/acl


Parameter name Value Description
Path parameters
bucket string Name of a bucket.
object string Name of the object.
Optional query parameters
generation long If present, selects a specific revision of this object (as opposed to the latest version, the default).

Request body

In the request body, supply an ObjectAccessControls resource with the following properties:

Property name Value Description Notes
Required Properties
entity string The entity holding the permission, in one of the following forms:
  • user-userId
  • user-email
  • group-groupId
  • group-email
  • domain-domain
  • project-team-projectId
  • allUsers
  • allAuthenticatedUsers
  • The user liz@example.com would be user-liz@example.com.
  • The group example@googlegroups.com would be group-example@googlegroups.com.
  • To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
role string The access permission for the entity. Can be READER or OWNER. writable


If successful, this method returns an ObjectAccessControls resource in the response body.


Note: The code examples available for this method do not represent all supported programming languages (see the client libraries page for a list of supported languages).


Uses the Python client library.

req = client.objectAccessControls().insert(
        body={'entity': 'allAuthenticatedUsers', 'role': 'READER'})
resp = req.execute()
print json.dumps(resp, indent=2)


Uses the Ruby client library.

# Insert object acl
object_acl_insert_result = client.execute(
  api_method: storage.object_access_controls.insert,
  parameters: {bucket: BUCKET, object: OBJECT},
  body_object: {entity: 'allUsers', role: 'READER'}
puts "Inserting object ACL: #{object_acl_insert_result.body}"


Uses the Go client library.

// Insert ACL for an object.
bucketName := "BUCKET_NAME"
objectName := "OBJECT_NAME"
// This illustrates the minimum requirements.
objectAcl := &storage.ObjectAccessControl{
	Bucket: bucketName, Entity: "allUsers", Object: objectName, Role: "READER",
result, err := service.ObjectAccessControls.Insert(bucketName, objectName, objectAcl).Do()
fmt.Printf("Result of inserting ACL for %s/%s:\n%v", bucketName, objectName, result)

Try it!

Use the APIs Explorer below to call this method on live data and see the response. Alternatively, try the standalone Explorer.