This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Unable to see objects in my bucket

Posted on 06-02-2022 04:54 PM
gojets204
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I have been getting the following error when trying to access objects in my bucket:

 "Additional permissions required to list objects in this bucket. Ask a bucket owner to grant you 'storage.objects.list' permission."

I am the project and bucket owner and have Storage Admin and Storage Object Admin access, but I have been unable to access any on my bucket since the bucket was restricted due to incorrectly suspected anomalous use. I filed an appeal and the bucket and project were reinstated, but I still get that error when trying to access objects in my bucket. 

 

Would be very grateful if someone could help with this. Thanks!

0 3 1,497
Topic Labels
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
JGerman23
Staff
Reply posted on --/--/---- --:-- AM

Access to data within buckets is not granted by the role roles/owner.

The Google Cloud Platform IAM Permissions Reference is the best resource for determining which built-in IAM roles can do what.

CTRL-F for storage.objects.list (or any other permission you're interested in) on that page, and the roles that give it will appear in the right-hand column. It's worth noting that project owner (roles/owner) isn't among the roles that can provide this permission.

By default, project owners, editors, and viewers are granted roles/storage.legacyBucketOwner when buckets are established. However, this permission may always be withdrawn, and many users prefer to do so in order to have more granular control over access to bucket data rather than project resources.

A bucket containing sensitive PII data is a good example. It's possible that you don't want folks who can SSH into VMs in the project to have access to that data.

0 Likes

Posted on --/--/---- --:-- AM
gojets204
Bronze 1
Bronze 1
In response to JGerman23
Reply posted on --/--/---- --:-- AM

Thank you for your reply. 

When I got to IAM Permissions Reference and searched for storage.objects.list, it shows both Storage Admin and Storage Bucket Admin as roles that have this permission. 


I have confirmed that I am listed as roles/storage.admin and roles/storage.legacyBucketOwner. But still do not have access and see the error: "Additional permissions required to list objects in this bucket. Ask a bucket owner to grant you 'storage.objects.list' permission."


Before the bucket was restricted due to incorrectly suspected anomalous use, all of my access was working fine. I am curious if there is still some restriction on this bucket by accident. I have responded to the email regarding our successful appeal but was referred to this forum. 

0 Likes

Posted on --/--/---- --:-- AM
JGerman23
Staff
In response to gojets204
Reply posted on --/--/---- --:-- AM

By any chance, did you already try to add a role of Storage > Storage Admin to yourself? It seems a bit odd that you need to do that when you already have the Owner role, which states Full access to all resources.

0 Likes
Top Labels in this Space
Top Solution Authors
View all