Deny policy constraints at Cloud Storage bucket level with tags [316286461]

Assigned

Feature Request

Status Update

No update yet.

Description

ar...@google.com

created issue #1

Dec 14, 2023 09:46AM

Summary:

Currently, the organization constraint 'constraints/storage.publicAccessPrevention' can be applied at org, folder or project level 1. The customer is seeking to enforce the constraint at organization level and deny it at specific Cloud Storage buckets via tags as per the documentation 2. However, this is currently not feasible as these policies can only be enforced at bucket level, not denied 3:

Note: You can only conditionally enforce organization policies using tags that are attached to Cloud Storage buckets and Google Cloud organization, folder, and project 
resources.

Then, it is necessary to 4 make sure public access prevention is disabled for its parent project to also be disabled for a specific bucket.

Expected behavior:

Customer would like to be able to deny the constraint in specific buckets so they do not inherit it from the organization using tags.

Comments

dh...@google.com <dh...@google.com> #2Dec 14, 2023 11:00AM

Assigned to gc...@google.com.

Hello,

Thanks for reaching out to us!

The Product Engineering Team has been made aware of your feature request, and will address it in due course. Though we can't provide an ETA on feature requests nor guarantee their implementation, rest assured that your feedback is always taken very seriously, as it allows us to improve our products. Thank you for your trust and continued support to improve Google Cloud Platform products.

In case you want to report a new issue, please do not hesitate to create a new [Issue Tracker] 1 thread describing your issue. Once again, thank you for the suggestions.

Thanks and Regards,
Onkar Mhetre
Google Cloud Support

Issue 316286461

Description

Summary:

Expected behavior:

Issue summary

Comments

dh...@google.com <dh...@google.com> #2Dec 14, 2023 11:00AM

Add comment

Issue metadata