Cloud Storage Role

Question 1

Storage Object Creator

Answer 1

roles/storage.objectCreator

Allows users to create objects. Does not give permission to view, delete, or replace objects.

Question 2

Storage Object Viewer

Answer 2

roles/storage.objectViewer
Grants access to view objects and their metadata, excluding ACLs.
Can also list the objects in a bucket.

Question 3

Storage Object Admin

Answer 3

roles/storage.objectAdmin

Grants full control over objects, including listing, creating, viewing, and deleting objects.

Question 4

Storage HMAC Key Admin

Answer 4

roles/storage.hmacKeyAdmin

Full control over HMAC keys in a project. This role can only be applied to a project.

Question 5

Storage Admin

Answer 5

roles/storage.admin
Grants full control of buckets and objects.
When applied to an individual bucket, control applies only to the specified bucket and objects within the bucket.

Question 6

Viewer (roles/viewer)

Answer 6

Grants permission to list buckets in the project; view bucket metadata when listing (excluding ACLs); and list and get HMAC keys in the project.

Question 7

Editor (roles/editor)

Answer 7

Grants permission to create, list, and delete buckets in the project; view bucket metadata when listing (excluding ACLs); and control HMAC keys in the project.

Question 8

Owner (roles/owner)

Answer 8

Grants permission to create, list, and delete buckets in the project; view bucket metadata when listing (excluding ACLs); and control HMAC keys in the project.

Within Google Cloud more generally, principals with this role can perform administrative tasks such as changing principals’ roles for the project or changing billing.