3

Scenario:

  1. Registered domain xyz.com with Google Apps for Business
  2. Created user infra@xyz.com, using which created a project on Google Cloud Platform
  3. Created a bucket on Google Cloud Storage
  4. Under bucket on Google Cloud Platform Console, in Edit Bucket Permissions added following 3 users under Name, with Entity = User & Access = Writer
    • user1@xyz.com (user created in the same Google Apps for Business)
    • user2@gmail.com (user created on Gmail)
    • user3@abc.com (user created on different Google Apps for Business)
  5. Users try to access the bucket using https://console.cloud.google.com/storage/browser/xyz-com/?project=xyz-com

Issue:

user1@xyz.com was able to get the bucket listing, but it failed for user2@gmail.com & user3@abc.com. Which means any user outside Google Apps for Business is unable to access the bucket in-spite of giving explicit bucket permission.

Though I read and tried for a day, could not find any solution for the issue. Please help

Vicky Mittal
  • 31
  • 1
  • 4
  • What did Google Support say about this? – EEAA Jan 05 '16 at 14:46
  • I don't have paid support (am on bronze). I guess this is the only place I can grab their attention to the issue. But if there is a better place please advice – Vicky Mittal Jan 05 '16 at 14:54
  • How is user2@gmail.com authenticating? Are they trying manually via gsutil or the cloud console? – Brandon Yarbrough Jan 05 '16 at 17:19
  • @BrandonYarbrough, Assuming the project name as _xyz-com_, users try to authenticate & browse the bucket using the URL [https://console.cloud.google.com/storage/browser/xyz-com/?project=xyz-com](https://console.cloud.google.com/storage/browser/xyz-com/?project=xyz-com). But they get `You don't have permission to see the storage section` – Vicky Mittal Jan 06 '16 at 13:07
  • Try removing the "?project=xyz-com" part. – Brandon Yarbrough Jan 06 '16 at 17:28
  • Thanks Brandon, it worked, seems silly of google to have that mentioned in the URL and silly of me to not try that out earlier. Humble request to mention it in answer, so that others do not get lost like me – Vicky Mittal Jan 08 '16 at 10:59

1 Answers1

0

Thanks Brandan Yarbrough, for the suggestion, which worked.

user1@xyz.com was able to access the bucket using the URL https://console.cloud.google.com/storage/browser/xyz-com/?project=xyz-com as it had rights to the Google Cloud Platform project xyz-com, while other users could not access it for they did not have right to the project.Thus removing ?project=xyz-com did the trick for those users.

Conclusion: always use the URL https://console.cloud.google.com/storage/browser/<bucket name>/ (without ?project=<project name>) to access the bucket

Vicky Mittal
  • 31
  • 1
  • 4