Skip to main content

Creating Roles

We will create two roles containing the permissions needed to read into a bucket and write into a bucket. Each role will be assigned to a service account (will be described in the next section).

RolesPermission(s)Used by
read roleread
  • storage.buckets.get
  • storage.objects.get
Read access account (next step)
write rolewrite
  • storage.buckets.get
  • storage.objects.create
Write access account (next step)

Accessing roles creation page

  1. Click on the hamburger menu
  2. Select IAM & Admin
  3. Select Roles

menu_roles.png

Click CREATE ROLE

create_role.png

Read role

  1. Give the role a name/title
  2. Give a description for this role
  3. Give an ID for this role
  4. Select General Availability as the role launch stage
  5. Select ADD PERMISSIONS
  6. Add both following permissions in the dialog:
  • storage.buckets.get
  • storage.objects.get
  1. Click CREATE

create_role_reader.png

Write role

Repeat the same step to create a second role, with another role name and with the following permissions:

  • storage.buckets.get
  • storage.objects.create
  • storage.objects.delete