Stay organized with collections Save and categorize content based on your preferences.
This page provides an overview of managed folders in Cloud Storage. Managed folders are a type of folder on which you can grant IAM roles, so you have more fine-grained access control over specific groups of objects within a bucket. Managed folders exist as resources within Cloud Storage and are different from simulated folders, which operate with a flat namespace.
IAM for managed foldersWhen you apply an IAM policy on a managed folder, the access granted in the policy also applies to any object within that bucket that has the managed folder's name as a prefix. For example, if you grant a principal the Storage Object Viewer (roles/storage.objectViewer) role on a managed folder named example-bucket/example-managed-folder/, the principal can view any object within example-managed-folder (such as example-bucket/example-managed-folder/example-object.txt). When you nest managed folders, the permissions granted through IAM policies are applied additively.
Managed folders can only be created in buckets that have uniform bucket-level access enabled.
Read the following pages for more information about managed folders:
ManagedFolder reference page for the JSON API
The name you give to a managed folder must meet the following requirements:
Managed folder names can contain any sequence of valid Unicode characters, of length 1-1024 bytes when UTF-8 encoded.
Managed folder names cannot contain Carriage Return or Line Feed characters.
Managed folder names must end with /. At most, a managed folder name can have 15 /s. In other words, managed folders can be nested up to 15 levels deep.
Managed folder names cannot start with .well-known/acme-challenge/.
Managed folders cannot be named . or ...
It is strongly recommended that you avoid the following in your managed folder names:
Control characters that are illegal in XML 1.0 (#x7Fâ#x84 and #x86â#x9F): these characters cause XML listing issues when you try to list your managed folders.
The [, ], *, or ? characters: the Google Cloud CLI interprets these characters as wildcards, so including them in managed folder names can make it difficult or impossible to perform wildcard operations with the tool. Additionally, * and ? are not valid characters for file names in Windows.
Sensitive or personally identifiable information (PII): managed folder names are more broadly visible than object data. For example, managed folder names appear in URLs for the object and when listing objects in a bucket.
When working with managed folders, note the following considerations:
Managed folders can be created in place of simulated folders, which means that you can create a managed folder and name it after an object's prefix, as long as there isn't already a managed folder using that name. For example, you can create a managed folder named my-folder/, even if you have an existing object named my-folder/object.txt. Note that the IAM policy on the managed folder my-folder/ will then apply to all objects that has my-folder/ as a name prefix.
You can create child managed folders before the parent managed folder is created. For example, you can create a managed folder named my-folder-A/my-folder-B/ without first creating a managed folder named my-folder-A/.
By default, you can't delete a non-empty managed folder that contains objects or other child managed folders. You can bypass this rule when using the allowNonEmpty parameter in a Delete ManagedFolder JSON API request.
Managed folder names are visible in error messages and Cloud Audit Logs when a request to delete a folder that has a managed folder at the same path fails, even without explicit storage.managedFolders.get or storage.managedFolders.list permissions.
Learn about simulated folders.
Upload objects to a Cloud Storage bucket.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-10-02 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-10-02 UTC."],[],[]]
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.5