IssueTracker

This will create a feature request which anybody can view and comment on.

Please describe your requested enhancement. Good feature requests will solve common problems or enable new use cases.

What you would like to accomplish: To create a global policy at organization/project level that will take care of the access control with a condition like “Allow any serviceaccount to manage any bucket when the serviceaccount’s tag matches with bucket’s tag”.


How this might work: Time saving because if any customer creates thousands of buckets and services accounts and they want to have a general policy with a condition that allows them to have any service account manage any bucket when the service account's tag matches with the bucket's tag.


If applicable, reasons why alternative solutions are not sufficient: Creating a YAML or JASON file everytime they want to to have any service account manage any bucket when the service account's tag matches with the bucket's tag is very time consuming.


Other information (workarounds you have tried, documentation consulted, etc):
https://g3doc.corp.google.com/company/gfw/support/cloud/products/auth/conditions.md#conditions-usage-limitations
https://g3doc.corp.google.com/company/gfw/support/cloud/playbooks/auth/iam-limits-increase.md?cl=head
https://cloud.google.com/iam/quotas#limits
https://cloud.google.com/iam/docs/conditions-overview#syntax_overview
https://g3doc.corp.google.com/company/gfw/support/cloud/playbooks/auth/iam-limits-increase.md?cl=head