2

I need to setup Google Storage access for 3rd parties (public) to allow them to upload one or more files, but they shouldn't be allowed to read, list, delete or update an existing file. This structure allows anyone to upload the data to that bucket, but only the owner of the bucket can read it.

I have seen this configured with other partners in the past where I was able to upload, but can't read or rewrite those files.

Can someone help on how this can be accomplished on Google Storage bucket e.g. gs://example-bucket/ using gsutil or some other option/tool?

chicks
  • 3,639
  • 10
  • 26
  • 36
Prashant
  • 21
  • 1
  • I don't think it's possible. If you don't mind, switching to AWS S3 which supports this with bucket policy and using some other ways to sync the data to Google Storage. – wanghq Oct 19 '17 at 23:41

1 Answers1

1

The option that comes nearest to what you want to accomplish is an access control list (ACL). This is a mechanism you can use to define who has access to your buckets and objects in Google Cloud Storage, as well as what level of access they have. In Cloud Storage, you apply ACLs to individual buckets and objects. More related detail on the "Access Control Lists (ACLs)" documentation page.

George
  • 274
  • 1
  • 5
  • There is a Cloud Storage Role ([object storage creator](https://cloud.google.com/iam/docs/understanding-roles#gcs_name_short_roles)) that can be used on [Identity and Access Management](https://cloud.google.com/storage/docs/access-control/iam-roles) to only allow to create objects. This is certainly different from an [ACL](https://cloud.google.com/storage/docs/access-control/) since the role is only associated to a particular account. – Carlos Jan 22 '18 at 21:05