Remove an owner from a bucket

Remove owner access control to a Cloud Storage bucket.

Documentation pages that include this code sample

To view the code sample used in context, see the following documentation:

Code sample


For more information, see the Cloud Storage C# API reference documentation.

using Google.Cloud.Storage.V1;
using System;
using System.Linq;

public class RemoveBucketOwnerSample
    public void RemoveBucketOwner(
        string bucketName = "your-unique-bucket-name",
        string userEmail = "")
        var storage = StorageClient.Create();
        var bucket = storage.GetBucket(bucketName, new GetBucketOptions { Projection = Projection.Full });
        if (bucket.Acl == null)
            Console.WriteLine("No owner to remove");
            bucket.Acl = bucket.Acl.Where(acl => !(acl.Entity == $"user-{userEmail}" && acl.Role == "OWNER")).ToList();
            var updatedBucket = storage.UpdateBucket(bucket);
            Console.WriteLine($"Removed user {userEmail} from bucket {bucketName}.");


For more information, see the Cloud Storage C++ API reference documentation.

namespace gcs = ::google::cloud::storage;
using ::google::cloud::StatusOr;
[](gcs::Client client, std::string const& bucket_name,
   std::string const& entity) {
  StatusOr<gcs::BucketMetadata> original_metadata =
      client.GetBucketMetadata(bucket_name, gcs::Projection::Full());

  if (!original_metadata) {
    throw std::runtime_error(original_metadata.status().message());

  std::vector<gcs::BucketAccessControl> original_acl =
  auto it = std::find_if(original_acl.begin(), original_acl.end(),
                         [entity](gcs::BucketAccessControl const& entry) {
                           return entry.entity() == entity &&
                                  entry.role() ==

  if (it == original_acl.end()) {
    std::cout << "Could not find entity " << entity
              << " with role OWNER in bucket " << bucket_name << "\n";

  gcs::BucketAccessControl owner = *it;
  google::cloud::Status status =
      client.DeleteBucketAcl(bucket_name, owner.entity());

  if (!status.ok()) throw std::runtime_error(status.message());
  std::cout << "Deleted ACL entry for " << owner.entity() << " in bucket "
            << bucket_name << "\n";


For more information, see the Cloud Storage Go API reference documentation.

import (


// removeBucketOwner removes ACL from a bucket.
func removeBucketOwner(bucket string, entity storage.ACLEntity) error {
	// bucket := "bucket-name"
	// entity := storage.AllUsers
	ctx := context.Background()
	client, err := storage.NewClient(ctx)
	if err != nil {
		return fmt.Errorf("storage.NewClient: %v", err)
	defer client.Close()

	acl := client.Bucket(bucket).ACL()
	if err := acl.Delete(ctx, entity); err != nil {
		return fmt.Errorf("ACLHandle.Delete: %v", err)
	return nil


For more information, see the Cloud Storage Node.js API reference documentation.

 * TODO(developer): Uncomment the following lines before running the sample.
// The ID of your GCS bucket
// const bucketName = 'your-unique-bucket-name';

// The email address of the user to remove
// const userEmail = 'user-email-to-remove';

// Imports the Google Cloud client library
const {Storage} = require('@google-cloud/storage');

// Creates a client
const storage = new Storage();

async function removeBucketOwner() {
  // Removes the user from the access control list of the bucket. You can use
  // deleteAllUsers(), deleteDomain(), deleteProject(), deleteGroup(), and
  // deleteAllAuthenticatedUsers() to remove access for different types of entities.
  await storage.bucket(bucketName).acl.owners.deleteUser(userEmail);

  console.log(`Removed user ${userEmail} from bucket ${bucketName}.`);



For more information, see the Cloud Storage PHP API reference documentation.

use Google\Cloud\Storage\StorageClient;

 * Delete an entity from a bucket's default ACL.
 * @param string $bucketName The name of your Cloud Storage bucket.
 * @param string $entity The entity for which to update access controls.
function delete_bucket_acl($bucketName, $entity)
    // $bucketName = 'my-bucket';
    // $entity = '';

    $storage = new StorageClient();
    $bucket = $storage->bucket($bucketName);
    $acl = $bucket->acl();
    printf('Deleted %s from gs://%s ACL' . PHP_EOL, $entity, $bucketName);


For more information, see the Cloud Storage Python API reference documentation.

from import storage

def remove_bucket_owner(bucket_name, user_email):
    """Removes a user from the access control list of the given bucket."""
    # bucket_name = "your-bucket-name"
    # user_email = ""

    storage_client = storage.Client()
    bucket = storage_client.bucket(bucket_name)

    # Reload fetches the current ACL from Cloud Storage.

    # You can also use `group`, `domain`, `all_authenticated` and `all` to
    # remove access for different types of entities.

    print("Removed user {} from bucket {}.".format(user_email, bucket_name))


For more information, see the Cloud Storage Ruby API reference documentation.

# project_id  = "Your Google Cloud project ID"
# The ID of your GCS bucket
# bucket_name = "your-unique-bucket-name"
# email       = "Google Cloud Storage ACL Entity email"

require "google/cloud/storage"

storage =
bucket  = storage.bucket bucket_name

bucket.acl.delete email

puts "Removed ACL permissions for #{email} from #{bucket_name}"

What's next

To search and filter code samples for other Google Cloud products, see the Google Cloud sample browser.