Skip to content

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.
  • Labs icon Lab
  • A Cloud Guru

Creating and Managing GCP Storage Bucket Roles and ACLs

Google Cloud Storage makes it possible to control who has access to the files stored in it's buckets in a number of ways. Generally, you can choose to allow uniform permissions to be applied at the bucket level, the default option. Or, you can opt to use the fine-grained permission control option, which allows you to specify permissions and accessibility for each object in the bucket individually. In this Hands-On Lab, I'll show you how to set up buckets, populate them with files from a repository, and then set the permissions as desired.


Path Info

Clock icon Beginner
Clock icon 45m
Clock icon Mar 06, 2020

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

Table of Contents

  1. Challenge

    Create Cloud Storage buckets.

    1. Activate the Cloud Shell.
    2. Create the first bucket for uniform access, with a unique name: gsutil mb gs://[BUCKET_NAME]/
    3. Create a second bucket for fine-grained access, with a unique name: gsutil mb gs://[BUCKET_NAME]/
  2. Challenge

    Retrieve the working files.

    1. Clone an existing repo: git clone
    2. Change directories with the following command: cd content-gc-iam-deepdive/
    3. Copy the appropriate files from your Cloud Shell to your buckets with the following commands: gsutil -m cp -r fine-grained-access/* gs://[BUCKET_NAME]/ gsutil -m cp -r uniform-access/* gs://[BUCKET_NAME]/
    4. Confirm the copy by returning to the Cloud Storage Browser and refreshing the buckets.
  3. Challenge

    Set the fine-grained permissions.

    1. From the Cloud Storage Browser page, open the fine-grained-access bucket.
    2. To the right of one of the images, select the Action (3-dot) menu, and choose Edit Permissions.
    3. When the Edit Permissions dialog appears, click + Add Item.
    4. In the Entity column, select Public.
    5. In the Name column, enter allUsers.
    6. In the Access column, choose Reader.
    7. Click Save.
  4. Challenge

    Set the uniform permissions.

    1. Return to the Cloud Storage Browser page.
    2. To the right of the uniformed-access, select the Action (3-dot) menu and choose Edit Bucket Permissions.
    3. In the Permissions tab, select Edit.
    4. When the Edit Access Control dialog opens, choose the Uniform option.
    5. Check the Add project ACLs to the bucket IAM policy checkbox.
    6. Click Save.
    7. Click Add Member.
    8. In the New Members field, enter allUsers.
    9. In the Role field, choose Storage then Storage Object Viewer.
    10. Click Save.
    11. Open the bucket.
    12. From any image, select the link in the Public Access column.

The Cloud Content team comprises subject matter experts hyper focused on services offered by the leading cloud vendors (AWS, GCP, and Azure), as well as cloud-related technologies such as Linux and DevOps. The team is thrilled to share their knowledge to help you build modern tech solutions from the ground up, secure and optimize your environments, and so much more!

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Provided environment for hands-on practice

We will provide the credentials and environment necessary for you to practice right within your browser.

Guided walkthrough

Follow along with the author’s guided walkthrough and build something new in your provided environment!

Did you know?

On average, you retain 75% more of your learning if you get time for practice.

Start learning by doing today

View Plans