BucketAccessControls

The BucketAccessControls resource represents the Access Control Lists (ACLs) for buckets within Cloud Storage. ACLs let you specify who has access to your data and to what extent.

There are three roles that can be assigned to an entity:
  • READERs can get the bucket, though no acl property will be returned, and list the bucket's objects.
  • WRITERs are READERs, and they can insert objects into the bucket and delete the bucket's objects.
  • OWNERs are WRITERs, and they can get the acl property of a bucket, update a bucket, and call all BucketAccessControls methods on the bucket.
For more information, see Access Control, with the caveat that this API uses READER, WRITER, and OWNER instead of READ, WRITE, and FULL_CONTROL.

To try out the methods for this resource, see Methods.

Resource representations

{
  "kind": "storage#bucketAccessControl",
  "id": string,
  "selfLink": string,
  "bucket": string,
  "entity": string,
  "role": string,
  "email": string,
  "domain": string,
  "entityId": string,
  "etag": string,
  "projectTeam": {
    "projectNumber": string,
    "team": string
  }
}
Property nameValueDescriptionNotes
bucketstringThe name of the bucket.
domainstringThe domain associated with the entity, if any.
emailstringThe email address associated with the entity, if any.
entitystringThe entity holding the permission, in one of the following forms:
  • user-email
  • group-groupId
  • group-email
  • domain-domain
  • project-team-projectId
  • allUsers
  • allAuthenticatedUsers
Examples:
writable
entityIdstringThe ID for the entity, if any.
etagstringHTTP 1.1 Entity tag for the access-control entry.
idstringThe ID of the access-control entry.
kindstringThe kind of item this is. For bucket access control entries, this is always storage#bucketAccessControl.
projectTeamobjectThe project team associated with the entity, if any.
projectTeam.projectNumberstringThe project number.
projectTeam.teamstringThe team.

Acceptable values are:
  • "editors"
  • "owners"
  • "viewers"
rolestringThe access permission for the entity.

Acceptable values are:
  • "OWNER"
  • "READER"
  • "WRITER"
writable

Methods

The methods for working with a bucket's access controls are as follows:

delete
Permanently deletes the ACL entry for the specified entity on the specified bucket.
get
Returns the ACL entry for the specified entity on the specified bucket.
insert
Creates a new ACL entry on the specified bucket.
list
Retrieves ACL entries on a specified bucket.
Updates an ACL entry on the specified bucket. This method supports semantics.
update
Updates an ACL entry on the specified bucket.