Stay organized with collections
Save and categorize content based on your preferences.
The BucketAccessControls resource represents the Access Control Lists (ACLs) for buckets within Cloud Storage. ACLs let you specify who has access to your data and to what extent.
There are three roles that can be assigned to an entity:
READERs can get the bucket, though no acl property will be returned, and list the bucket's objects.
WRITERs are READERs, and they can insert objects into the bucket and delete the bucket's objects.
OWNERs are WRITERs, and they can get the acl property of a bucket, update a bucket, and call all BucketAccessControls methods on the bucket.
For more information, see Access Control, with the caveat that this API uses READER, WRITER, and OWNER instead of READ, WRITE, and FULL_CONTROL.
To try out the methods for this resource, see Methods.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-28 UTC."],[],[],null,["# BucketAccessControls\n\nThe BucketAccessControls resource represents the Access Control Lists (ACLs) for buckets within Cloud Storage. ACLs let you specify who has access to your data and to what extent.\n| **Important:** The methods for this resource fail with a `400 Bad Request` response for buckets with uniform bucket-level access enabled. Use [`storage.buckets.getIamPolicy`](/storage/docs/json_api/v1/buckets/getIamPolicy) and [`storage.buckets.setIamPolicy`](/storage/docs/json_api/v1/buckets/setIamPolicy) to control access instead.\nThere are three roles that can be assigned to an entity: \n\n- `READER`s can [get](/storage/docs/json_api/v1/buckets/get) the bucket, though no `acl` property will be returned, and [list](/storage/docs/json_api/v1/objects/list) the bucket's objects.\n- `WRITER`s are `READER`s, and they can [insert](/storage/docs/json_api/v1/objects/insert) objects into the bucket and [delete](/storage/docs/json_api/v1/objects/delete) the bucket's objects.\n- `OWNER`s are `WRITER`s, and they can get the `acl` property of a [bucket](/storage/docs/json_api/v1/buckets#resource), [update](/storage/docs/json_api/v1/buckets/update) a bucket, and call all BucketAccessControls methods on the bucket.\n\nFor more information, see [Access Control](/storage/docs/accesscontrol), with the caveat that this API uses `READER`, `WRITER`, and `OWNER` instead of `READ`, `WRITE`, and `FULL_CONTROL`. \n\n\u003cbr /\u003e\n\nTo try out the methods for this resource, see [Methods](#methods).\n\nResource representations\n------------------------\n\n\u003cbr /\u003e\n\n```text\n{\n \"kind\": \"storage#bucketAccessControl\",\n \"id\": string,\n \"selfLink\": string,\n \"bucket\": string,\n \"entity\": string,\n \"role\": string,\n \"email\": string,\n \"domain\": string,\n \"entityId\": string,\n \"etag\": string,\n \"projectTeam\": {\n \"projectNumber\": string,\n \"team\": string\n }\n}\n```\n\nMethods\n-------\n\nThe methods for working with a bucket's access controls are as follows:\n\n[delete](/storage/docs/json_api/v1/bucketAccessControls/delete)\n: Permanently deletes the ACL entry for the specified entity on the specified [bucket](/storage/docs/json_api/v1/buckets).\n\n[get](/storage/docs/json_api/v1/bucketAccessControls/get)\n: Returns the ACL entry for the specified entity on the specified bucket.\n\n[insert](/storage/docs/json_api/v1/bucketAccessControls/insert)\n: Creates a new ACL entry on the specified [bucket](/storage/docs/json_api/v1/buckets#resource).\n\n[list](/storage/docs/json_api/v1/bucketAccessControls/list)\n: Retrieves ACL entries on a specified [bucket](/storage/docs/json_api/v1/buckets#resource).\n\n[patch](/storage/docs/json_api/v1/bucketAccessControls/patch)\n: Updates an ACL entry on the specified [bucket](/storage/docs/json_api/v1/buckets). This method supports [patch](/storage/docs/json_api#patch) semantics.\n\n[update](/storage/docs/json_api/v1/bucketAccessControls/update)\n: Updates an ACL entry on the specified [bucket](/storage/docs/json_api/v1/buckets#resource)."]]