Hi @arigi-sent, 

Welcome to Google Cloud Community! 

It's possible the "Storage Admin" and "Storage Object Admin" roles were not applied where you think they were.

• Wrong Project - Verify that you are in the same project where you have the necessary roles assigned for the bucket. It's a common mistake to be working in one project context (ex. in the Cloud Shell) while trying to access a resource in another.
• Wrong Level - The roles might have been assigned to a different bucket, not to the project or the specific bucket you are attempting to access.

To Check Roles:

1. Go to the IAM & Admin > IAM page in the Google Cloud Console.
2. Make sure you are viewing the correct project (the name is at the top left of the page).
3. Find your user principal (ex. your email address) in the list.
4. Verify that the "Storage Admin" (roles/storage.admin) role is listed there, under that project.
   
   

The error message “Ask an object owner to grant you 'storage.objects.get' permission.” might be failing because the object's specific ACL does not grant you READER permission.

Here is the possible cause of IAM permission error:
1. Check Bucket Access Control - Navigate to your bucket in the Cloud Console, go to the Permissions tab, and check if Access Control is "Uniform" or "Fine-grained". 

Google Cloud Storage has two permission models for a bucket:

• Uniform bucket-level access - This is the modern approach. Only IAM roles (like the ones you have “Storage Object Admin”) are used to control access and manage permissions. See the IAM roles for Cloud Storage.
• Fine-grained bucket-level access- This model uses both IAM roles and legacy Access Control Lists (ACLs). In this mode, you can set permissions on a per-object basis.
  
  

Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.