google-cloud-platformgoogle-cloud-storagereadonlygoogle-cloud-consolemeteor-slingshot

Allow Public Read access on a GCS bucket?


I am trying to allow anonymous (or just from my applications domain) read access for files in my bucket.

When trying to read the files I get

```

<Error>
    <Code>AccessDenied</Code>
    <Message>Access denied.</Message>
    <Details>
        Anonymous users does not have storage.objects.get access to object.
    </Details>
</Error>

```

I also tried to add a domain with the object default permissions dialog in the google cloud console. that gives me the error "One of your permissions is invalid. Make sure that you enter an authorized id or email for the groups and users and a domain for the domains"

I have also looked into making the ACL for the bucket public-read. My only problem with this is that it removes my ownership over the bucket. I need to have that ownership since I want to allow uploading from a specific Google Access Id.


Solution

  • You can use gsutil to make new objects created in the bucket publicly readable without removing your ownership. To make new objects created in the bucket publicly readable:

    gsutil defacl ch -u AllUsers:R gs://yourbucket

    If you have existing objects in the bucket that you want to make publicly readable, you can run:

    gsutil acl ch -u AllUsers:R gs://yourbucket/**