Assigned
Status Update
No update yet.
Comments
ka...@google.com
ka...@google.com
Thanks for the report. I will route this to the appropriate internal team and update this when I hear back from them.
Description
Please provide as much information as possible. At least, this should include a description of your issue and steps to reproduce the problem. If possible please provide a summary of what steps or workarounds you have already tried, and any docs or articles you found (un)helpful.
Problem you have encountered:
Customer noticed projects viewers of the project has Storage Legacy Object Reader role.
Which made customer's developers which were assigned to projects viewers can download the object from the GCS bucket. This is not the customer's expected behavior. Custom can created a custom role to avoid such issue. But customers consider it would be nice if gcp could provide predefined roles for GCS.
What you expected to happen:
Customer would like GCP could have the following predefined roles:
1. a new predefined role likes roles/storage.objectViewer but without storage.objects.get permission [1]
2. a new predefined role roles/storage.bucketViewer which can only get bucket information and list buckets.
[1]