2018-01-25 19:29:49 +00:00
---
layout: "google"
page_title: "Google: google_storage_default_object_acl"
sidebar_current: "docs-google-storage-default-object-acl"
description: |-
Creates a new default object ACL in Google Cloud Storage.
---
# google\_storage\_default\_object\_acl
Creates a new default object ACL in Google Cloud Storage service (GCS). For more information see
2018-10-30 00:40:56 +00:00
-> Note that for each object, its creator will have the `"OWNER"` role in addition
to the default ACL that has been defined.
For more information see
2018-01-25 19:29:49 +00:00
[the official documentation ](https://cloud.google.com/storage/docs/access-control/lists )
and
[API ](https://cloud.google.com/storage/docs/json_api/v1/defaultObjectAccessControls ).
2018-10-30 00:40:56 +00:00
-> Want fine-grained control over default object ACLs? Use `google_storage_default_object_access_control`
to control individual role entity pairs.
2018-01-25 19:29:49 +00:00
## Example Usage
Example creating a default object ACL on a bucket with one owner, and one reader.
```hcl
resource "google_storage_bucket" "image-store" {
name = "image-store-bucket"
location = "EU"
}
resource "google_storage_default_object_acl" "image-store-default-acl" {
bucket = "${google_storage_bucket.image-store.name}"
role_entity = [
"OWNER:user-my.email@gmail.com",
"READER:group-mygroup",
]
}
```
## Argument Reference
* `bucket` - (Required) The name of the bucket it applies to.
* `role_entity` - (Required) List of role/entity pairs in the form `ROLE:entity` . See [GCS Object ACL documentation ](https://cloud.google.com/storage/docs/json_api/v1/objectAccessControls ) for more details.
## Attributes Reference
Only the arguments listed above are exposed as attributes.