Reputation: 6883
Google Cloud Bucket with permission for just my user
I have Google Cloud project shared with few collages and few service accounts. I have Owner permission on the GCP project.
I want to create a Google Cloud Storage Bucket that only me will have access to it. So, the other users and service accounts in the projects will can't see it.
I created a new Google Cloud bucket (permission: Uniform) and went into the "Permission" sections. This list was already filled with inherits permissions. Since I want that only me will have access into this bucket:
- I was added my self as Storage Admin
- I removed the permissions for
Owner,EditorandViewerfor this repository.
Now I have list with all the service accounts in the project. Unfortunately, Google not allowing me to remove the access of those service accounts:
How to revoke account to those service-accounts to this bucket?
Upvotes: 1
Views: 524
Answers (1)
Reputation: 1028
These are inherited access which cannot be removed at bucket level.
Roles are always inherited, and there is no way to explicitly remove a permission for a lower-level resource that is granted at a higher level in the resource hierarchy.
As a principle of least priviledge grant minimum scope to the service accounts.
Upvotes: 1
Related Questions
- How to set access permissions of google cloud storage bucket folder
- Authorize Google Cloud Platform Service Account to Access Only One Google Cloud Storage Bucket
- How to give service account only access to one bucket (Google Cloud)?
- Google Cloud: how to add role for service user to an individual bucket?
- GCS limit bucket access to an existing service account
- Create bucket for public access with service account
- Making a Cloud Storage bucket accessible only by a certain service account
- Google Cloud Platform creating custom IAM role and limiting access to a storage bucket
- Is it possible to share a bucket only with another user in another Google cloud account
- Give Full access control to a user on a cloud storage bucket