This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Permission to access private bucket contents treated as a domain link

Posted on 09-17-2023 03:52 AM
omar115
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

i have a bucket which treated as a domain link (e.g. example.com). The bucket is under Uniform Access category and in the permissions it is provided the emails of authenticated users of that bucket. The problem is whenever i hit the url in the search bar it gave me access denied because it didn't identify me as a valid user thought my email (e.g PII Removed by Staff)  is inside the bucket permissions tab as StorageObjectViewer. 

I already created a form that takes user email and sends a post request to a cloud function which identify the user as a valid one and sends True as a flag. But getting the contents inside bucket is not working, it showing Access Denied i think it might be for authenticated access there are separate urls for bucket contents.

How to give access to the valid users to get the contents of the buckets ? What are the available approaches for this ?

1 2 284
Topic Labels
2 REPLIES 2

Posted on --/--/---- --:-- AM
christianpaula
Staff
Reply posted on --/--/---- --:-- AM

Hi @omar115,

Welcome to Google Cloud Community!

Giving authorized users permission to have the contents of private buckets treated as domain links can be done in one of two ways:

1. Using a Cloud Function: This method entails building a Cloud Function that authenticates users and produces signed URLs that grant them temporary access to the bucket's contents.

2. Creating a Cloud Identity and Access Management (IAM) Service Account and allowing it access to the bucket's contents constitutes this method. The credentials for the service account can then be given to authorised users. The authorised users can then directly access the bucket's contents using the service account credentials.

Your particular needs will determine the best course of action for you. Use the Cloud Function strategy if you require a high degree of control over who has access to the bucket's contents and when. Use the Cloud IAM service account technique if you require a more straightforward strategy.

Thanks!

Posted on --/--/---- --:-- AM
omar115
Bronze 3
Bronze 3
In response to christianpaula
Reply posted on --/--/---- --:-- AM

Thank you for your reply. I need to know another thing. Lets consider this scenario:

- the domain bucket is Uniform Access Layer and Private. I added allauthenticatedUsers in the permissions tab. Now, I want that people whoever can authenticate with Google can access to this website. For example, we verify with our google account and then enter into console. Is this possible to implement this ? How does google know that person is authenticated and get access to the whole bucket ? Can we achieve that for storage ?