Score:0

Unable to access GCS Object with storage.objects.get

cn flag

I have a bucket with uniform permissions (no object level ACLs) and my account has the Owner role on the project which should give full access to all resources. I have even tried adding Storage Admin / Storage Object Admin / Legacy Object Owner roles and still can't access the objects in my bucket.

When I use the IAM Policy Troubleshooter it can successfully make the storage.objects.get call.

The exact error Google Cloud Console is giving me when I try to view the object

Additional permissions required to view this object's metadata: Ask an object owner to grant you 'storage.objects.get' permission (e.g., by giving your account the IAM Storage Admin role).

The objects are being created by a service account with the Storage Object Admin role and they contain custom metadata.

Score:1
cn flag

Apparently my billing account was delinquent but the Cloud Console was not telling me this. I wrote a script to access the objects through the service account to make sure the service account still had access and that's where I was given the appropriate error message regarding my account being disabled. After updating my payment method the objects were accessible via service account and user account.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.