Create a bucket storage.buckets.create storage.buckets.enableObjectRetention¹ Attach a tag to a bucket storage.buckets.createTagBinding List or filter buckets No additional permissions List tags directly attached to a bucket storage.buckets.listTagBindings List both inherited tags and tags directly attached to a bucket storage.buckets.listEffectiveTags View the following bucket information:

• Location, replication status, and default storage class
• Protection settings
• Bucket labels
• Object lifecycle policies
• Public access prevention status
• Uniform bucket-level access status
• Autoclass status
• Website configuration

storage.buckets.get Change the following bucket settings:

• Protection settings
• Default storage class
• Bucket labels
• Object lifecycle policies
• Uniform bucket-level access status
• Autoclass status
• Website configuration
• Object retention configurations

storage.buckets.get
storage.buckets.update
storage.buckets.enableObjectRetention¹ Enable the Requester Pays feature storage.buckets.get
storage.buckets.update Disable the Requester Pays feature storage.buckets.get
storage.buckets.update
resourcemanager.projects.createBillingAssignment³ Change the public access prevention setting storage.buckets.get
storage.buckets.setIamPolicy
storage.buckets.update Change bucket permissions storage.buckets.get
storage.buckets.getIamPolicy
storage.buckets.setIamPolicy
storage.buckets.update Delete an empty bucket storage.buckets.delete
storage.objects.list Delete a non-empty bucket storage.buckets.delete
storage.objects.delete
storage.objects.list Detach a tag from a bucket storage.buckets.deleteTagBinding Create a folder storage.folders.create Get the metadata of a folder storage.folders.get List folders storage.folders.list Rename folders storage.folders.rename (for the source bucket)
storage.folders.create (for the destination bucket) Delete folders storage.folders.delete Upload an object or folder of objects storage.objects.create
storage.objects.delete²
storage.objects.setRetention⁴ View the details for an object⁵ storage.objects.get
storage.objects.list View the version history of an object storage.objects.get
storage.objects.list Download an object⁵ or folder of objects storage.objects.get
storage.objects.list List objects in a bucket, including noncurrent objects and soft-deleted objects storage.objects.list Determine if an object is publicly accessible⁵ storage.buckets.getIamPolicy
storage.objects.list
storage.objects.getIamPolicy⁷ Rename an object or restore a noncurrent version of an object storage.objects.create
storage.objects.delete
storage.objects.get
storage.objects.list
storage.objects.getIamPolicy⁷
storage.objects.setIamPolicy⁷ Copy an object storage.objects.create (for the destination bucket)
storage.objects.delete² (for the destination bucket)
storage.objects.get (for the source object)
storage.objects.list (for the source bucket and destination bucket)
storage.objects.getIamPolicy^7,8 (for the source object)
storage.objects.setIamPolicy^7,8 (for the destination bucket) Move an object storage.objects.create (for the destination bucket)
storage.objects.delete² (for the destination bucket)
storage.objects.delete (for the source bucket)
storage.objects.get (for the source object)
storage.objects.list (for the source bucket and destination bucket)
storage.objects.getIamPolicy^7,8 (for the source object)
storage.objects.setIamPolicy^7,8 (for the destination bucket) View an object's access permissions^5,6 storage.objects.get
storage.objects.list
storage.objects.getIamPolicy Edit an object's access permissions^5,6 storage.objects.get
storage.objects.list
storage.objects.getIamPolicy
storage.objects.setIamPolicy
storage.objects.update Edit an object's metadata⁵ storage.objects.get
storage.objects.list
storage.objects.update Add, change, or remove a retention configuration on an object⁵ storage.objects.get
storage.objects.list
storage.objects.update
storage.objects.setRetention
storage.objects.overrideUnlockedRetention⁹ Add or remove a hold on an object⁵ storage.objects.get
storage.objects.list
storage.objects.update Delete an object⁵, a noncurrent version of an object, or a folder of objects storage.objects.delete
storage.objects.list Restore a deleted object storage.objects.create
storage.objects.delete²
storage.objects.list
storage.objects.restore Bulk restore deleted objects storage.objects.create
storage.objects.delete¹⁰
storage.objects.restore
storage.buckets.restore
storage.objects.setIamPolicy^7,11 View the name of a project's Cloud Storage service agent resourcemanager.projects.get View the service account HMAC keys for a project resourcemanager.projects.get
storage.hmacKeys.list Create an HMAC key for a service account resourcemanager.projects.get
storage.hmacKeys.list
storage.hmacKeys.create Disable or re-enable an HMAC key for a service account resourcemanager.projects.get
storage.hmacKeys.list
storage.hmacKeys.update Delete an HMAC key for a service account resourcemanager.projects.get
storage.hmacKeys.list
storage.hmacKeys.delete Create, view, or delete an HMAC key for the user account you are logged in as resourcemanager.projects.get Configure, update or disable the Storage Intelligence configuration on a project, a folder or an organization storage.intelligenceConfigs.update View the Storage Intelligence configuration on a project, a folder or an organization storage.intelligenceConfigs.get Create a cache using Anywhere Cache storage.anywhereCaches.create List a cache using Anywhere Cache storage.anywhereCaches.list Update a cache using Anywhere Cache storage.anywhereCaches.update Pause a cache using Anywhere Cache storage.anywhereCaches.pause Resume a cache using Anywhere Cache storage.anywhereCaches.resume Get the metadata of a cache using Anywhere Cache storage.anywhereCaches.get Disable a cache using Anywhere Cache storage.anywhereCaches.disable