0

I am trying to host a static web page with google. When I go to my domain (i.e.,www.example.com), I receive this error:

<Error>
<Code>AccessDenied</Code>
<Message>Access denied.</Message>
<Details>
Anonymous caller does not have storage.objects.get access to www.example.com/index.html.
</Details>
</Error>

I am using uniform storage. I tried the following command after logging into gsutil with "gcloud auth login" to try to make the bucket public:

gsutil acl ch -u AllUsers:R gs://www.example.com

(I have also tried with a '/' at the end)

These both give me the error:

Failed to set acl for gs://www.example.com/. Please ensure you have OWNER-role access to this resource.

I have also tried the same command with '...gs://www.example.com/* and gs://www.example.com/** at the end. These produce a slightly different error:

Failed to set acl for gs://www.jpdgallery.com/[first file in bucket]. Please ensure you have OWNER-role access to this resource.

The user I am using is the only one on the apps account. That user has the following project rights:

  • Owner
  • Storage Admin
  • Storage Object Admin
  • Storage Object Creator
  • Storage Object Viewer

The user also has the following bucket rights:

  • Storage Admin
  • Storage Legacy Bucket Owner
  • Storage Legacy Bucket Reader
  • Storage Legacy Object Owner
  • Storage Legacy Object Reader
  • Storage Object Admin
  • Storage Object Creator
  • Storage Object Viewer

This similar post did not seem to address the issue:

Google Cloud Storage ACL confusion

Jake Durell
  • 169
  • 1
  • 12
  • 1
    When you go to the storage browser, you click on the bucket line (not the name!!) and open the right info panel. What is the right that you can see on this bucket? especially when you filter on owner or admin ? – guillaume blaquiere Nov 29 '19 at 09:55
  • 2
    Regardless of the permission error, if you're using uniform bucket-level access as you say, applying ACLs would be disabled as per the [documentation](https://cloud.google.com/storage/docs/uniform-bucket-level-access). Instead you would you have to make the bucket public through Cloud IAM, with i.e `gsutil iam ch allUsers:objectViewer gs://[BUCKET_NAME]` as mentioned [here](https://cloud.google.com/storage/docs/access-control/making-data-public#buckets). – Maxim Nov 29 '19 at 10:24
  • @guillaumeblaquiere I see the permissions as listed in my questions. @ – Jake Durell Nov 29 '19 at 12:21
  • @Maxim Thank you! I tried looking through the docs, but didn't stumble across that bit. That worked right away. Thank you for pointing it out. – Jake Durell Nov 29 '19 at 12:22

0 Answers0