IssueTracker

Please provide as much information as possible. At least, this should include a description of your issue and steps to reproduce the problem. If possible please provide a summary of what steps or workarounds you have already tried, and any docs or articles you found (un)helpful.

Problem you have encountered:
I'd be interested in a permission that can potentially accomplish the following:

`gsutil stat gs://<bucket_name>/<object_location>`
Output: <stat information>
(We're able to read object metadata here)

“storage.objects.get“ is the current permission [1] required to execute `gsutil stat gs://<bucket_name>/<object_location>`, which reads the object’s metadata. However, if this permission is granted, a user is able to execute `gsutil cat gs://<bucket_name>/<object_location>` as well, which reads the object’s data.

What you expected to happen:

Is it possible to create a new permission which allows users to read object’s metadata only?

Steps to reproduce:
1. gsutil stat gs://<bucket_name>/<object_location>
2. gsutil cat gs://<bucket_name>/<object_location>

Other information (workarounds you have tried, documentation consulted, etc):
From researching our public documentation and internal knowledge base, there do not appear to be any valid workarounds at the moment.

[1] https://cloud.google.com/storage/docs/access-control/iam-gsutil