Permissions for @turbot/gcp-storage
Taking a look at permissions and associated grant levels for each permission for Storage:
Permission | Grant Level | Help |
---|---|---|
storage.buckets.create | Operator | Create new buckets in a project. |
storage.buckets.delete | Operator | Delete buckets. |
storage.buckets.get | Metadata | Read bucket metadata excluding IAM policies. |
storage.buckets.getIamPolicy | Metadata | Read bucket IAM policies. |
storage.buckets.list | Metadata | List buckets in a project. Also read bucket metadata excluding IAM policies when listing. |
storage.buckets.setIamPolicy | Admin | Update bucket IAM policies. |
storage.buckets.update | Operator | Update bucket metadata excluding IAM policies. |
storage.objects.create | Operator | Add new objects to a bucket. |
storage.objects.delete | Operator | Admin can delete objects. |
storage.objects.get | Metadata | Read object data and metadata excluding ACLs. |
storage.objects.getIamPolicy | Metadata | Read object ACLs returned as IAM policies. |
storage.objects.list | Metadata | List objects in a bucket. Also read object metadata excluding ACLs when listing. |
storage.objects.setIamPolicy | Admin | Update object ACLs. |
storage.objects.update | Operator | Update object metadata excluding ACLs. |