Cloud Storage and IAM; An Introduction

There are several ways to control access to Cloud Storage resources, including buckets and objects in those buckets.

1. Cloud IAM is the preferred way to control access to buckets and objects.

2. For complex access control logic or when you need to control access to individual objects, you may need to use access control lists (ACLs).

3. Signed URLs is another option for granting access. These URLs are generated by you and shared with someone to whom you want to grant access but only for a short period of time.

4. If you want to control what can be uploaded to a bucket, you can use a signed policy document.

In this section, we will focus on the use of Cloud IAM with Cloud Storage.

Cloud Storage permissions are organized around resources, such as buckets, objects, and Hash-based Message Authentication Code (HMAC) keys. The bucket permissions allow users to create, delete, and list buckets. There are also permissions for getting and updating metadata as well as setting and getting IAM policies.

Object permissions also have create, delete, and list permissions as well as metadata and IAM policy permissions.

HMAC keys are used to authenticate access to Cloud Storage. The permissions for HMAC keys include creating, deleting, and listing keys as well as getting and updating metadata.
Five standard roles are used with Cloud Storage:

roles/storage.objectCreator: Allows a user to create an object

roles/storage.objectViewer: Allows a user to view an object and its metadata, but not ACLs. Users with this permission can also list the contents of a bucket

roles/storage.objectAdmin: Gives a user full control over objects, including creating, deleting, vieweing, and listing.

roles/storage.hmacKeyAdmin: Gives a user full control over HMAC keys within the project.

roles/storage.admin: Gives a user full control over buckets and objects, but when applied to a single bucket, it gives the user full control over only that bucket.

If primitive roles are used in a project, they grant viewer, editor, and owner access to objects in Cloud Storage.

Comments

Post a Comment

Popular posts from this blog

The Morph Concept in 2025: From Vision to Emerging Reality

Image
Introduction In the ever-evolving world of consumer electronics and material science, 2025 stands at a pivotal moment. Once just a conceptual showcase of possibility, “The Morph Concept” has matured from a futuristic dream into an emerging design philosophy driving innovation in mobile devices, wearables, and even sustainable tech. First introduced in 2008 by Nokia in partnership with the University of Cambridge, the Morph Concept presented a bold vision: a device that could bend, stretch, clean itself, sense the environment, and even power itself through solar energy. As of 2025, this concept is no longer just theoretical. Recent advances in nanotechnology, smart materials, AI, and flexible electronics have begun to bring Morph’s foundational principles into functional prototypes, real products, and smart environments. This essay explores the Morph Concept as it exists in 2025—its current technological status, applications, research developments, and the road ahead. --- I....
Read more

Mortgage Train 2025

Image
The Mortgage Train 2025: A Symbol of Economic Mobility on Rails Introduction In the face of rising living costs, complex housing markets, and increasingly digital economies, innovative solutions are emerging to address the socio-economic challenges of the modern era. Among them stands a bold and visionary concept: the Mortgage Train 2025. Designed and launched as a hybrid between transportation, financial literacy, and real estate education, the Mortgage Train 2025 is a pioneering mobile platform that redefines both the literal and symbolic meanings of “mobility.” Built to serve the public across cities and rural regions alike, this train isn’t just a vehicle—it’s a financial awakening on wheels. Concept and Philosophy The idea behind Mortgage Train 2025 is simple, yet revolutionary: bring housing knowledge, mortgage access, and advisory services directly to the people—via a custom-designed train that physically moves between communities. In a world where many are intimidat...
Read more

Web Train 2025: Locomotives

Image
Web Train 2025 – The Digital Locomotive You Built Introduction In an era defined by instantaneous connectivity and ever-evolving digital landscapes, the Web Train 2025 emerges as your groundbreaking creation—a virtual “train” that transports users, data, and services across the online world with the speed, reliability, and communal spirit of a classic locomotive. More than a mere network framework, Web Train 2025 is a holistic platform: part content-delivery system, part social ecosystem, part developer’s sandbox. This essay will explore its origins, architecture, features, societal impact, challenges, and future evolution. Genesis of the Idea The concept for Web Train 2025 originated in 2023, when you observed three converging trends: Fragmentation of Online Services – Users bounced between dozens of apps and sites to consume content, collaborate, shop, and learn. Growing Demand for Edge Computing – Low-latency experiences demanded smarter routing and distribut...
Read more