0

I need to view a gcloud bucket with my service account which has a Owner role.

I followed the advice (How do I grant a specific permission to a Cloud IAM service account using the gcloud CLI?) on creating a custom role called BucketViewer, that has the storage.buckets.get permission and assigning it to my service account and the project.

Now, when I try to view the buckets metadata (as described here: https://cloud.google.com/storage/docs/getting-bucket-information#get-bucket-size-cli) :

gsutil ls -L -b gs://bucketname

It still returns the error:

my_service@account.com does not have storage.buckets.get access to the Google Cloud Storage bucket.

I am glad for any help.

NicoElisa
  • 1
  • 1
  • Did you try to give Storage Legacy Bucket Reader (roles/storage.legacyBucketReader) to your service account https://cloud.google.com/storage/docs/access-control/iam-roles#legacy-roles? – Atalyk Jul 28 '22 at 10:50
  • On which resource did you grant the permission? On the project? of the bucket? – guillaume blaquiere Jul 28 '22 at 12:50
  • Thank you for your reply! I just tried it via : gsutil iam ch user:my@user_name.com:storage.legacyBucketWriter gs://bucketname and got another interesting error: `my@user_name.com does not have storage.buckets.getIamPolicy access to the Google Cloud Storage bucket` Does this mean I need to get access granted in order to change permissions as such? PS: I noticed I am a 'user' and not a 'service account', if that changes anything.. – NicoElisa Jul 28 '22 at 12:59
  • **@guillaumeblaquiere**: I granted the permission on the project. Is there a way to specify it for the bucket? The comment I used was this one: `gcloud projects add-iam-policy-binding example-project-id-1 \ --member='user:test-proj1@example.domain.com' \ --role='projects/example-project-id-1/roles/bucketViewer'` – NicoElisa Jul 28 '22 at 13:08

0 Answers0