Change theme
Help
Press space for more information.
Show links for this issue (Shortcut: i, l)
Copy issue ID
Previous Issue (Shortcut: k)
Next Issue (Shortcut: j)
Sign in to use full features.
Vote: I am impacted
Notification menu
Refresh (Shortcut: Shift+r)
Go home (Shortcut: u)
Pending code changes (auto-populated)
View issue level access limits(Press Alt + Right arrow for more information)
Request for new functionality
View staffing
Description
What you would like to accomplish:
Being able to have the possibility to limit the access control of Google Cloud Storage resources via applying IAM roles/permissions at a directory level. For example, users being able to allow accounts access to only one specific folder from inside the GCS bucket and write/read only the files inside the folder they have been granted access to.
How this might work:
Add a feature that lets the user specify via the url path prefixes and suffixes with wildcards “gs://EXAMPLE_BUCKET/EXAMPLE_PATH/*”, to which specific folder applies the wanted IAM roles/permissions.
Other information (workarounds you have tried, documentation consulted, etc):
As described in this official documentation [1], the IAM conditions can be set up for GCS bucket names with the “startsWith” function
If applicable, reasons why alternative solutions are not sufficient:
By combining the conditions with the Storage Admin and the Object Viewer roles, the user can still be able to see folders they are not supposed to.
Further communications will be made here as well, however I cannot promise an ETA for the resolution of this request.
[1]https://cloud.google.com/iam/docs/conditions-overview#resource_attributes