Use uniform bucket-level access

Overview

This page shows you how to enable, disable, and check the status of uniform bucket-level access on a bucket in Cloud Storage.

Required roles

To get the permissions that you need to set and manage uniform bucket-level access on a bucket, ask your administrator to grant you the Storage Admin (roles/storage.admin) role on the bucket. This predefined role contains the permissions required to set and manage uniform bucket-level access. To see the exact permissions that are required, expand the Required permissions section:

Required permissions

  • storage.buckets.get
  • storage.buckets.list
    • This permission is only required if you plan on using the Google Cloud console to perform the instructions on this page.
  • storage.buckets.update

You might also be able to get these permissions with custom roles.

For information about granting roles on buckets, see Use IAM with buckets.

Check for ACL usage

Before you enable uniform bucket-level access, use Cloud Monitoring to ensure your bucket is not using ACLs for any workflows. For more information, see Check object ACL usage.

Console

To view the metrics for a monitored resource by using the Metrics Explorer, do the following:

  1. In the Google Cloud console, go to the  Metrics explorer page:

    Go to Metrics explorer

    If you use the search bar to find this page, then select the result whose subheading is Monitoring.

  2. In the toolbar of the Google Cloud console, select your Google Cloud project. For App Hub configurations, select the App Hub host project or the app-enabled folder's management project.
  3. In the Metric element, expand the Select a metric menu, enter ACLs usage in the filter bar, and then use the submenus to select a specific resource type and metric:
    1. In the Active resources menu, select GCS Bucket.
    2. In the Active metric categories menu, select Authz.
    3. In the Active metrics menu, select ACLs usage.
    4. Click Apply.
    The fully qualified name for this metric is storage.googleapis.com/authz/acl_operations_count..

  4. To add filters, which remove time series from the query results, use the Filter element.

  5. Configure how the data is viewed. For example, to view your data by the ACL operation, for the Aggregation element, set the first menu to Sum and the second menu to acl_operation.

    For more information about configuring a chart, see