GCS 'Storage Object Viewer' role cannot view objects
Question
I am trying to give a user read access to a Google Cloud Storage bucket. The user has the "Storage Object Viewer" role
but the user cannot see the items in the bucket:
The project ID is valid andaccording to the docs the "Storage Object Viewer" role includes the storage.buckets.list permission(EDIT: This is incorrect, see https://cloud.google.com/storage/docs/access-control/iam-roles#standard-roles ).
The user can access the bucket if I give him the "Storage Object Admin" role, but then he also has write access. How do I just grant read access?
1 answers
solution1
5 ACCPTED 2022-03-29 11:45:15
According to docs , Storage Object Viewer does not have storage.buckets.list permission. it only contains the following 4 permissions (see the screenshot).
This means that the identity that has this role can only list/view objects inside a bucket and will not be allowed to list buckets and/or view bucket details.
if you need the identity to also list/view buckets, there is another predefined legacy role that you can use named Storage Legacy Bucket Reader . See here
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.