How to give service account only access to one bucket ? If you just in case wanna give another 3rd party service access to your private bucket?
The problem is by default (service account) has access to all buckets and I've no idea how to restrict it to only one bucket only.
Is it possible to achieve this from dashboard or only console? If it is possible from dashboard then I would like to know the steps of that.
Thank you.
Edit **
I have 3 buckets and when I create a service account with (Object Viewer) permission it automatically gets added to all 3 of them and when I try to delete it from permission of any of bucket I don't want it to have access to, I get this message saying (Member is inherited from another policy and cannot be deleted.)
If you go to the Google Cloud Storage Console , you'll find a list of buckets for your GCP project. Click on the three vertical dots to the right of the relevant project, and choose "Edit bucket permissions". You can then use "Add member" to give appropriate permissions to the relevant service account.
You need to create an IAM entry and restrict access by specifying a condition .
For example, if I want the user user.email@domain.ext
to access the bucket b_1
with the permission Storage Object Admin
b_1
user.email@domain.ext
Resource
> Name
is
or Starts With
, etc..projects/<your_project>/buckets/b_1
Resource
> Type
and select storage.googleapis.com/Bucket
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.