google-cloud-platform terraform google-cloud-storage terraform-provider-gcp

Custom role to allow download files and disable upload files in GCS bucket

I'd like to create a custom role that only allow a group email to list and download the files. However, they're NOT ALLOWED to upload any files in specific bucket.

Which role should I use to create the custom role?

Solution

you can use the predefined role Storage Object Viewer for your use case, which has the following permissions:

resourcemanager.projects.get
resourcemanager.projects.list
storage.objects.get
Storage.objects.list

Since we already have a predefined role, you will not be required to create a custom role. If this doesn’t meet your requirements then please explain the question in detail.

If you have created a google group with the email addresses, then you might wanna look at this link.

GKE Fluent bit partial logs
Apache Beam with Dataflow: flag 'ignore_unknown_columns' for WriteToBigQuery not working
Google Speech to Text - Not Getting the transcription | SOLVED
Why does Cloud Deploy not support multiple target types in one pipeline?
CloudBuild pull status from latest run, from a specific build trigger using via CloudBuild API?
Querying the Google Patent Data on Big Query processes way too much data
Deleting a large folder from Google Cloud Storage
Cannot create a service account with permissions for Google Play Android Developer API
GCP - How do you create a URL Redirect path rule with gcloud url-maps?
API [sqladmin.googleapis.com] not enabled on project [1234].
Error uploading file to google cloud storage
Custom Service Account with KFP pipelines in Vertex AI
Not able to connect mysql with SSL enforced to app engine without connecting first in cloud shell
If the GCP pub sub Subscription Expiration is same as Subscription Message Retention will the subscription not expire
Cloud function is not triggered by pub/sub topic
Java application unable to find ADC when Workload Identity is enabled on GKE cluster
Service account with Workspace-authorized domain-wide delegation gets error "Not Authorized to access this resource/api" when running cloud function
How to download a pushed Odoo release and upload to Github
GCP authentication when testing a container in the local development environment
VPCSC and Folder in GCP
GAE: find project name by project number
Google Cloud functions v2 eventarc - How to Track User Context for Deletions in Firebase Realtime Database
Google Cloud Bigtable vs Google Cloud Datastore
Batch job submission error "Failed to process all documents", uris seem correct?
401 Unauthorized when installing Python package from Artifacts registry for Google Build
Google Cloud Storage request blocked by CORS: not allowed by Access-Control-Allow-Origin
Accessing users account with service account
Firestore exception occurred in retry method that was not classified as transient
Managed Service Provider on Google Cloud Platform
Stripe Error: No signatures found matching the expected signature for payload