A RetroSearch Logo

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Search Query:

Showing content from https://cloud.google.com/storage/docs/using-uniform-bucket-level-access below:

Use uniform bucket-level access | Cloud Storage

Skip to main content Use uniform bucket-level access

Stay organized with collections Save and categorize content based on your preferences.

Overview

This page shows you how to enable, disable, and check the status of uniform bucket-level access on a bucket in Cloud Storage.

Required roles

To get the permissions that you need to set and manage uniform bucket-level access on a bucket, ask your administrator to grant you the Storage Admin (roles/storage.admin) role on the bucket. This predefined role contains the permissions required to set and manage uniform bucket-level access. To see the exact permissions that are required, expand the Required permissions section:

Required permissions

You might also be able to get these permissions with custom roles.

For information about granting roles on buckets, see Use IAM with buckets.

Check for ACL usage

Before you enable uniform bucket-level access, use Cloud Monitoring to ensure your bucket is not using ACLs for any workflows. For more information, see Check object ACL usage.

Console

To view the metrics for a monitored resource by using the Metrics Explorer, do the following:

  1. In the Google Cloud console, go to the leaderboard Metrics explorer page:

    Go to Metrics explorer

    If you use the search bar to find this page, then select the result whose subheading is Monitoring.

  2. In the toolbar of the Google Cloud console, select your Google Cloud project. For App Hub configurations, select the App Hub host project or the app-enabled folder's management project.
  3. In the Metric element, expand the Select a metric menu, enter ACLs usage in the filter bar, and then use the submenus to select a specific resource type and metric:
    1. In the Active resources menu, select GCS Bucket.
    2. In the Active metric categories menu, select Authz.
    3. In the Active metrics menu, select ACLs usage.
    4. Click Apply.
    The fully qualified name for this metric is storage.googleapis.com/authz/acl_operations_count..
  4. Configure how the data is viewed. For example, to view your data by the ACL operation, for the Aggregation element, set the first menu to Sum and the second menu to acl_operation.

    For more information about configuring a chart, see Select metrics when using Metrics Explorer.

See storage for a complete list of metrics available for Cloud Storage. For information about time series, see Metrics, time series, and resources.

JSON API

  1. Have gcloud CLI installed and initialized, which lets you generate an access token for the Authorization header.

  2. Use cURL to call the Monitoring JSON API:

    curl \
'https://monitoring.googleapis.com/v3/projects/PROJECT_ID/timeSeries?filter=metric.type%20%3D%20%22storage.googleapis.com%2Fauthz%2Facl_operations_count%22&interval.endTime=END_TIME&interval.startTime=START_TIME' \
--header 'Authorization: Bearer $(gcloud auth print-access-token)' \
--header 'Accept: application/json'

    Where:

If the request returns an empty object {}, there is no recent ACL usage for your project.

Set uniform bucket-level access Note: There are several requirements that must be met before you can disable uniform bucket-level access. To review the requirements, see Requirements for disabling uniform bucket-level access. Console
  1. In the Google Cloud console, go to the Cloud Storage Buckets page.

    Go to Buckets

  2. In the list of buckets, click the name of the bucket for which you want to enable or disable uniform bucket-level access.

  3. Select the Permissions tab near the top of the page.

  4. In the field named Access Control, click the Switch to link.

  5. In the menu that appears, select Uniform or Fine-grained.

  6. Click Save.

To learn how to get detailed error information about failed Cloud Storage operations in the Google Cloud console, see Troubleshooting.

Command line

Use the gcloud storage buckets update command:

gcloud storage buckets update gs://BUCKET_NAME --STATE

Where:

Client libraries C++

For more information, see the Cloud Storage C++ API reference documentation.

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries.

The following sample enables uniform bucket-level access on a bucket:

The following sample disables uniform bucket-level access on a bucket:

C#

For more information, see the Cloud Storage C# API reference documentation.

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries.

The following sample enables uniform bucket-level access on a bucket:

The following sample disables uniform bucket-level access on a bucket:

Go

For more information, see the Cloud Storage Go API reference documentation.

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries.

The following sample enables uniform bucket-level access on a bucket:

The following sample disables uniform bucket-level access on a bucket:

Java

For more information, see the Cloud Storage Java API reference documentation.

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries.

The following sample enables uniform bucket-level access on a bucket:

The following sample disables uniform bucket-level access on a bucket:

Node.js

For more information, see the Cloud Storage Node.js API reference documentation.

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries.

The following sample enables uniform bucket-level access on a bucket:

The following sample disables uniform bucket-level access on a bucket:

PHP

For more information, see the Cloud Storage PHP API reference documentation.

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries.

The following sample enables uniform bucket-level access on a bucket:

The following sample disables uniform bucket-level access on a bucket:

Python

For more information, see the Cloud Storage Python API reference documentation.

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries.

The following sample enables uniform bucket-level access on a bucket:

The following sample disables uniform bucket-level access on a bucket:

Ruby

For more information, see the Cloud Storage Ruby API reference documentation.

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries.

The following sample enables uniform bucket-level access on a bucket:

The following sample disables uniform bucket-level access on a bucket:

REST APIs View uniform bucket-level access status Console
  1. In the Google Cloud console, go to the Cloud Storage Buckets page.

    Go to Buckets

  2. Click the name of the bucket whose status you want to view.

  3. Click the Configuration tab.

    The uniform bucket-level access status for the bucket is found in the Access control field.

To learn how to get detailed error information about failed Cloud Storage operations in the Google Cloud console, see Troubleshooting.

Command line

Use the gcloud storage buckets describe command with the --format flag:

gcloud storage buckets describe gs://BUCKET_NAME --format="default(uniform_bucket_level_access)"

Where BUCKET_NAME is the name of the relevant bucket. For example, my-bucket.

If successful, the response looks like:

uniform_bucket_level_access: true
Client libraries C++

For more information, see the Cloud Storage C++ API reference documentation.

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries.

C#

For more information, see the Cloud Storage C# API reference documentation.

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries.

Go

For more information, see the Cloud Storage Go API reference documentation.

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries.

Java

For more information, see the Cloud Storage Java API reference documentation.

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries.

Node.js

For more information, see the Cloud Storage Node.js API reference documentation.

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries.

PHP

For more information, see the Cloud Storage PHP API reference documentation.

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries.

Python

For more information, see the Cloud Storage Python API reference documentation.

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries.

Ruby

For more information, see the Cloud Storage Ruby API reference documentation.

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries.

REST APIs JSON API

  1. Have gcloud CLI installed and initialized, which lets you generate an access token for the Authorization header.

  2. Use cURL to call the JSON API with a GET Bucket request that includes the desired fields:

    curl -X GET -H "Authorization: Bearer $(gcloud auth print-access-token)" \
"https://storage.googleapis.com/storage/v1/b/BUCKET_NAME?fields=iamConfiguration"

    Where BUCKET_NAME is the name of the relevant bucket. For example, my-bucket.

    If the bucket has uniform bucket-level access enabled, the response looks like the following example:

    {
  "iamConfiguration": {
      "uniformBucketLevelAccess": {
        "enabled": true,
        "lockedTime": "LOCK_DATE"
      }
    }
  }
XML API

The XML API cannot be used to work with uniform bucket-level access. Use one of the other Cloud Storage tools, such as the gcloud CLI, instead.

What's next

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-07-02 UTC.

[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-07-02 UTC."],[],[]]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4