Provided a user with IAM role as "Storage Object Creator", But the user cannot access google storage … may i know why ?
1 Answers
Hello Venkatesh,
IAM Policy permissions are explicit; since you granted the creator Role, the user can create objects in the storage bucket. To view the items, the user would also need the storage viewer role in the project.
Here is a good example: say you want to give a user permission to read objects in any bucket but create objects only in one specific bucket. To achieve this, give the user the Storage Object Viewer role at the project level, thus allowing the user to read any object stored in any bucket in your project, and give the user the Storage Object Creator role at the bucket level for a specific bucket, thus allowing the user to create objects only in that bucket.
Here’s a link: https://cloud.google.com/storage/docs/access-control/iam#project-level_roles_vs_bucket-level_roles