Make a bucket read only for a principal

prasnuts · 07-24-2024 07:04 AM

Hi all,

I would like to make a bucket read only for a principal.
The principal should not be able to upload files or folders, or create folders inside the bucket and should not be able to delete any of the objects.

Here's what I did.

I created a role that has only the following permissions and assigned that role to the principal.

When I test with the principal's account:
I see that the principal can't create any buckets:

But can upload files/folders and create folders:

and can have the ability to edit metadata and delete the files.

What am I doing wrong?
How can I make a bucket only readable and downloadable to a principal?

Thanking you in advance for your help,

jaia

Hello,

Thank you for contacting the Google Cloud Community.
I would suggest you to give the role of Storage Object Viewer and revoke all the other permissions.

Regards,
Jai Ade

prasnuts

Hi Jai,

Thank you for your reply.

After only assigning the role of Storage Object Viewer, the upload files/folders and create folders options are still enabled.

But I realized that when you perform the actions, you get an error. Consequently, the user can't perform the actions.

Maybe it is a UI bug, is it worth creating a ticket for that?

Warm regards,
Prasad