GCP storage refusing me access to a bucket on Cloud Storage even though I apparently have the necessary permissions

user32882

10/14/22, 5:06 PM

A colleague of mine has created a google cloud platform project for which we would like to use the Cloud Storage product. They have made me co-owner and storage admin in the IAM permissions. According to the google docs a storage admin has storage.objects.* permissions so I should be able to get bucket objects.

I wrote a simple python script to download some content as follows (pseudocode only):

storage_client = storage.Client()
bucket = storage_client.bucket(BUCKET_NAME)
blob = bucket.blob(source_blob_name)
blob.download_to_filename(destination_file_name)

However, the last line throws an error:

google.api_core.exceptions.Forbidden: 403 GET does not have storage.objects.get access to the Google Cloud Storage object.

I've checked my permissions again and again in the cloud console, and also made sure that my GOOGLE_APPLICATION_CREDENTIALS environment variable is defined. Why is GCP refusing me access to this bucket and how can I fix this?

320

1 + 1

permissions

python

google-cloud-storage

google-cloud-platform

John Hanley

10/14/22, 8:56 PM

Because the service account defined by `GOOGLE_APPLICATION_CREDENTIALS` does not have the required role.

Score:0

Server

Chandra

10/14/22, 7:42 PM

Here the permission granted to the service account got applied not the permission given to you.

We create a JSON key using the service account and give the path of the key to GOOGLE_APPLICATION_CREDENTIALS.

I guess may be the service account got deleted or the service account doesn't have proper permission.

May be you can try re creating service account and JSON key from it and give proper permission to it.

docs for reference.

NOTE : In the docs owner role given to service account which gives more permission than required to service account. You can change the role according to your need.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: GCP storage refusing me access to a bucket on Cloud Storage even though I apparently have the necessary permissions

TH: พื้นที่เก็บข้อมูล GCP ปฏิเสธไม่ให้ฉันเข้าถึงบัคเก็ตบน Cloud Storage แม้ว่าฉันจะมีสิทธิ์ที่จำเป็นก็ตาม

RO: Stocarea GCP îmi refuză accesul la o găleată pe Cloud Storage, chiar dacă se pare că am permisiunile necesare

RU: Хранилище GCP отказывает мне в доступе к корзине в облачном хранилище, хотя у меня, по-видимому, есть необходимые разрешения

VI: Bộ nhớ GCP từ chối cho tôi quyền truy cập vào bộ chứa trên Cloud Storage mặc dù rõ ràng tôi có các quyền cần thiết

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.