DefaultObjectAccessControls: insert

Creates a new default object ACL entry on the specified bucket.

Required permissions

To use this method, the authenticated user must have the following IAM permissions for the bucket:

  • storage.buckets.get
  • storage.buckets.getIamPolicy
  • storage.buckets.setIamPolicy
  • storage.buckets.update

Request

HTTP request

POST https://storage.googleapis.com/storage/v1/b/bucket/defaultObjectAcl

In addition to standard query parameters, the following query parameters apply to this method.

To see an example of how to include query parameters in a request, see the JSON API Overview page.

Parameters

Parameter name Value Description
Path parameters
bucket string Name of a bucket.

Request body

In the request body, supply a DefaultObjectAccessControls resource with the following properties:

Property name Value Description Notes
Required Properties
entity string The entity holding the permission, in one of the following forms:
  • user-email
  • group-groupId
  • group-email
  • domain-domain
  • project-team-projectId
  • allUsers
  • allAuthenticatedUsers
Examples:
  • The user liz@example.com would be user-liz@example.com.
  • The group example@googlegroups.com would be group-example@googlegroups.com.
  • To refer to all members of the domain example.com, the entity would be domain-example.com.
 writable
role string The access permission for the entity.

Acceptable values are:
  • "OWNER"
  • "READER"
 writable

Response

If successful, this method returns a DefaultObjectAccessControls resource in the response body.

Try it!

Use the APIs Explorer below to call this method on live data and see the response.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025年10月24日 UTC.