Creating and Managing GCP Storage Bucket Roles and ACLs

45 minutes
  • 4 Learning Objectives

About this Hands-on Lab

Google Cloud Storage makes it possible to control who has access to the files stored in it’s buckets in a number of ways. Generally, you can choose to allow uniform permissions to be applied at the bucket level, the default option. Or, you can opt to use the fine-grained permission control option, which allows you to specify permissions and accessibility for each object in the bucket individually. In this Hands-On Lab, I’ll show you how to set up buckets, populate them with files from a repository, and then set the permissions as desired.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Create Cloud Storage buckets.
  1. Activate the Cloud Shell.
  2. Create the first bucket for uniform access, with a unique name:
    gsutil mb gs://[BUCKET_NAME]/
  3. Create a second bucket for fine-grained access, with a unique name:
    gsutil mb gs://[BUCKET_NAME]/
Retrieve the working files.
  1. Clone an existing repo:
    git clone
  2. Change directories with the following command:
    cd content-gc-iam-deepdive/
  3. Copy the appropriate files from your Cloud Shell to your buckets with the following commands:
    gsutil -m cp -r fine-grained-access/ gs://[BUCKET_NAME]/
    gsutil -m cp -r uniform-access/
  4. Confirm the copy by returning to the Cloud Storage Browser and refreshing the buckets.
Set the fine-grained permissions.
  1. From the Cloud Storage Browser page, open the fine-grained-access bucket.
  2. To the right of one of the images, select the Action (3-dot) menu, and choose Edit Permissions.
  3. When the Edit Permissions dialog appears, click + Add Item.
  4. In the Entity column, select Public.
  5. In the Name column, enter allUsers.
  6. In the Access column, choose Reader.
  7. Click Save.
Set the uniform permissions.
  1. Return to the Cloud Storage Browser page.
  2. To the right of the uniformed-access, select the Action (3-dot) menu and choose Edit Bucket Permissions.
  3. In the Permissions tab, select Edit.
  4. When the Edit Access Control dialog opens, choose the Uniform option.
  5. Check the Add project ACLs to the bucket IAM policy checkbox.
  6. Click Save.
  7. Click Add Member.
  8. In the New Members field, enter allUsers.
  9. In the Role field, choose Storage then Storage Object Viewer.
  10. Click Save.
  11. Open the bucket.
  12. From any image, select the link in the Public Access column.

Additional Resources

You've been placed in charge of Cloud Storage access for a new project. In order for you to fully understand how access works, you've been directed to create two storage buckets: one for fine-grained access control and another that grants uniform access. You'll need to retrieve and populate the buckets with files for testing. Then you'll set up one bucket so that it has fine-grained control where only one object is generally viewable, and the other bucket is set for uniform access so that all objects share the same permissions.

You'll need to accomplish the following steps to complete your task:

  1. Create Cloud Storage buckets for files.
  2. Retrieve working files.
  3. Set object-level permissions
  4. Set bucket-level permissions

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?