--- # ---------------------------------------------------------------------------- # # *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** # # ---------------------------------------------------------------------------- # # This file is automatically generated by Magic Modules and manual # changes will be clobbered when the file is regenerated. # # Please read more about how to change this file in # .github/CONTRIBUTING.md. # # ---------------------------------------------------------------------------- layout: "google" page_title: "Google: google_storage_object_access_control" sidebar_current: "docs-google-storage-object-access-control" description: |- The ObjectAccessControls resources represent the Access Control Lists (ACLs) for objects within Google Cloud Storage. --- # google\_storage\_object\_access\_control The ObjectAccessControls resources represent the Access Control Lists (ACLs) for objects within Google Cloud Storage. ACLs let you specify who has access to your data and to what extent. There are two roles that can be assigned to an entity: READERs can get an object, though the acl property will not be revealed. OWNERs are READERs, and they can get the acl property, update an object, and call all objectAccessControls methods on the object. The owner of an object is always an OWNER. For more information, see Access Control, with the caveat that this API uses READER and OWNER instead of READ and FULL_CONTROL. To get more information about ObjectAccessControl, see: * [API documentation](https://cloud.google.com/storage/docs/json_api/v1/objectAccessControls) * How-to Guides * [Official Documentation](https://cloud.google.com/storage/docs/access-control/create-manage-lists)

## Example Usage - Storage Object Access Control Public Object ```hcl resource "google_storage_object_access_control" "public_rule" { object = "${google_storage_bucket_object.object.output_name}" bucket = "${google_storage_bucket.bucket.name}" role = "READER" entity = "allUsers" } resource "google_storage_bucket" "bucket" { name = "static-content-bucket" } resource "google_storage_bucket_object" "object" { name = "public-object" bucket = "${google_storage_bucket.bucket.name}" source = "../static/img/header-logo.png" } ``` ## Argument Reference The following arguments are supported: * `bucket` - (Required) The name of the bucket. * `entity` - (Required) The entity holding the permission, in one of the following forms: * user-{{userId}} * user-{{email}} (such as "user-liz@example.com") * group-{{groupId}} * group-{{email}} (such as "group-example@googlegroups.com") * domain-{{domain}} (such as "domain-example.com") * project-team-{{projectId}} * allUsers * allAuthenticatedUsers * `object` - (Required) The name of the object to apply the access control to. * `role` - (Required) The access permission for the entity. - - - ## Attributes Reference In addition to the arguments listed above, the following computed attributes are exported: * `domain` - The domain associated with the entity. * `email` - The email address associated with the entity. * `entity_id` - The ID for the entity * `generation` - The content generation of the object, if applied to an object. * `project_team` - The project team associated with the entity Structure is documented below. The `project_team` block contains: * `project_number` - (Optional) The project team associated with the entity * `team` - (Optional) The team. ## Timeouts This resource provides the following [Timeouts](/docs/configuration/resources.html#timeouts) configuration options: - `create` - Default is 4 minutes. - `update` - Default is 4 minutes. - `delete` - Default is 4 minutes. ## Import ObjectAccessControl can be imported using any of these accepted formats: ``` $ terraform import google_storage_object_access_control.default {{bucket}}/{{object}}/{{entity}} ``` -> If you're importing a resource with beta features, make sure to include `-provider=google-beta` as an argument so that Terraform uses the correct provider to import your resource.