Get a bucket's ACL

Stay organized with collections Save and categorize content based on your preferences.

View the access control list (ACL) for a Cloud Storage bucket.

Explore further

For detailed documentation that includes this code sample, see the following:

Code sample


For more information, see the Cloud Storage C# API reference documentation.

using Google.Apis.Storage.v1.Data;
using Google.Cloud.Storage.V1;
using System;
using System.Collections.Generic;

public class PrintBucketAclSample
    public IEnumerable<BucketAccessControl> PrintBucketAcl(string bucketName = "your-unique-bucket-name")
        var storage = StorageClient.Create();
        var bucket = storage.GetBucket(bucketName, new GetBucketOptions { Projection = Projection.Full });

        foreach (var acl in bucket.Acl)

        return bucket.Acl;


For more information, see the Cloud Storage C++ API reference documentation.

namespace gcs = ::google::cloud::storage;
using ::google::cloud::StatusOr;
[](gcs::Client client, std::string const& bucket_name) {
  StatusOr<std::vector<gcs::BucketAccessControl>> items =

  if (!items) throw std::runtime_error(items.status().message());
  std::cout << "ACLs for bucket=" << bucket_name << "\n";
  for (gcs::BucketAccessControl const& acl : *items) {
    std::cout << acl.role() << ":" << acl.entity() << "\n";


For more information, see the Cloud Storage Go API reference documentation.

import (


// printBucketACL lists bucket ACL.
func printBucketACL(w io.Writer, bucket string) error {
	// bucket := "bucket-name"
	ctx := context.Background()
	client, err := storage.NewClient(ctx)
	if err != nil {
		return fmt.Errorf("storage.NewClient: %v", err)
	defer client.Close()

	rules, err := client.Bucket(bucket).ACL().List(ctx)
	if err != nil {
		return fmt.Errorf("ACLHandle.List: %v", err)
	for _, rule := range rules {
		fmt.Fprintf(w, "ACL rule: %v\n", rule)
	return nil


For more information, see the Cloud Storage Java API reference documentation.

import java.util.List;

public class PrintBucketAcl {

  public static void printBucketAcl(String projectId, String bucketName) {
    // The ID of your GCS bucket
    // String bucketName = "your-unique-bucket-name";

    Storage storage = StorageOptions.newBuilder().setProjectId(projectId).build().getService();
    Bucket bucket = storage.get(bucketName);
    List<Acl> bucketAcls = bucket.getAcl();

    for (Acl acl : bucketAcls) {

      // This will give you the role.
      // See
      String role = acl.getRole().name();

      // This will give you the Entity type (i.e. User, Group, Project etc.)
      // See
      String entityType = acl.getEntity().getType().name();

      System.out.printf("%s: %s \n", role, entityType);


For more information, see the Cloud Storage Node.js API reference documentation.

 * TODO(developer): Uncomment the following lines before running the sample.
// The ID of your GCS bucket
// const bucketName = 'your-unique-bucket-name';

// Imports the Google Cloud client library
const {Storage} = require('@google-cloud/storage');

// Creates a client
const storage = new Storage();

async function printBucketAcl() {
  // Gets the ACL for the bucket
  const [acls] = await storage.bucket(bucketName).acl.get();

  acls.forEach(acl => {
    console.log(`${acl.role}: ${acl.entity}`);


For more information, see the Cloud Storage PHP API reference documentation.

use Google\Cloud\Storage\StorageClient;

 * Print all entities and roles for a bucket's ACL.
 * @param string $bucketName The name of your Cloud Storage bucket.
 *        (e.g. 'my-bucket')
function get_bucket_acl(string $bucketName): void
    $storage = new StorageClient();
    $bucket = $storage->bucket($bucketName);
    $acl = $bucket->acl();
    foreach ($acl->get() as $item) {
        printf('%s: %s' . PHP_EOL, $item['entity'], $item['role']);


For more information, see the Cloud Storage Python API reference documentation.

from import storage

def print_bucket_acl(bucket_name):
    """Prints out a bucket's access control list."""

    storage_client = storage.Client()
    bucket = storage_client.bucket(bucket_name)

    for entry in bucket.acl:
        print(f"{entry['role']}: {entry['entity']}")


For more information, see the Cloud Storage Ruby API reference documentation.

# The ID of your GCS bucket
# bucket_name = "your-unique-bucket-name"

require "google/cloud/storage"

storage =
bucket  = storage.bucket bucket_name

puts "ACL for #{bucket_name}:"

bucket.acl.owners.each do |owner|
  puts "OWNER #{owner}"

bucket.acl.writers.each do |writer|
  puts "WRITER #{writer}"

bucket.acl.readers.each do |reader|
  puts "READER #{reader}"

What's next

To search and filter code samples for other Google Cloud products, see the Google Cloud sample browser.