What is the function of roles Storage Admin in Cloud IAM roles for cloud storage?

Cloud Data Access

Also available as:

  • Contents

​Modify GCS Bucket Permissions

You or your GCP admin must set the bucket permissions so that your service account has access to the bucket that you want to access from the cluster. Storage Object Admin is the minimum role required to access the cluster. Example steps are described below.

Steps

  1. In the Google Cloud Platform web console, navigate to Storage Browser.

  2. Find the bucket for which you want to edit permissions.

  3. Click the

    and select Edit bucket permissions:

  4. In the Permissions tab set the bucket-level permissions:

    • Click on Add members and enter the service account that you want to use to access the bucket.

    • Under Roles, select Storage Object Admin or another role that allows accessing the bucket. For more information, refer to Cloud Storage IAM Roles in GCP documentation.

    • When done, click Add.

After performing these steps, the bucket-level permissions will be updated.

Specific permissions are required for the Google Cloud Storage Connector to access buckets. This set of permissions is the combination of the permissions associated with the existing Google Cloud IAM Role called "Storage Object Admin" and the Google Cloud IAM Permission called "storage.buckets.get".

  1. In the Google Cloud Platform web console, navigate to IAM & admin > Roles
  2. Click on +Create Role.
  3. Provide the following:
    • Enter a title under Title
    • Enter the ID under ID
    • Under Role launch stage select General Availability
  4. Click on Add Permissions and add the following permissions:
    • storage.bucket.get
    • storage.objects.create
    • storage.objects.delete
    • storage.objects.get
    • storage.objects.getIamPolicy
    • storage.objects.list
    • storage.objects.setIamPolicy
    • storage.objects.update


  5. Once done adding permissions, click on Create.

After performing these steps, a new role will be created.

Enable storage of pending documents in your secure cloud storage. That way, the user’s computer does not need to be online to release print later and print anywhere documents. However, a Printix Client still needs to be online on the printer’s network to release the documents.

Create role

  1. Open a new browser window and sign in to Google Cloud Platform (console.cloud.google.com), using your work account credentials.
  2. In Google Cloud Platform select the Navigation menu and select IAM & admin, and then Roles.
  3. On the Roles blade, select Create role.
  4. In Create role:
    • In Title enter the name of the role. For example: printix storage
    • In Role launch stage select General availability.
  1. Select Add permissions

  1. In Filter type storage.objects and press Enter.
  2. Select the Permissions:
    • storage.objects.create
    • storage.objects.delete
    • storage.objects.get
    • storage.objects.list
  1. Select Add.
  2. Select Create.

Create service account

  1. In Google Cloud Platform select the Navigation menu and select IAM & admin, and then Service accounts.
  2. On the Service accounts blade, select Create service account.
  3. In Service account details:
    • In Service account name enter the name of the service account. For example: printix
    • Optionally in Service account description enter for example: printix cloud storage service account.
  1. Select Create.
  2. In Grant this service account access to project:
    • In Role select the role you created in step 4 (printix storage).
  1. Select Continue.
  1. In Grant users access to this service account:
    • Select Create key. As Key type select JSON and select Create.
      The private key is saved to your computer and you need to paste the content of it in step 28.
  1. Select Done.

Create storage bucket

  1. In Google Cloud Platform select the Navigation menu select Storage.
  2. On the Browser blade, select Create bucket.
  3. Enter your bucket information and select Continue to complete each step:
    • Specify a Name, subject to the bucket name requirements. Enter for example: printix-cloud-storage. You need to enter the name in step 27.
    • As Default storage class for the bucket select Standard. Next, select a Location where the bucket data will be permanently stored.
    • Leave Access control model at Set object-level and bucket-level permissions.
    • Optionally in Advanced settings, you can add bucket labels, set a retention policy, and choose an encryption method. Leave Encryption at Google managed keys.
  1. Select Create.
  2. On the Bucket details pane, select Permissions.
  3. Select Add members.
    • In New members add the service account you created in step 4 (Example: printix).
    • Select roles. Scroll to Storage and then select Storage Object Creator.
    • Select Add another role. Scroll to Storage and then select Storage Object Viewer.
    • Select Save.
  1. In Printix Administrator select Menu
    , Settings
  2. Select the Cloud storage
    tab.
  3. Select Google Cloud Storage.
  4. In Name enter the bucket name you entered in step 20 (Example: printix-cloud-storage).
  5. In Key paste the content from your Google JSON Key File created in step 16.
  6. Select Add cloud storage.
  7. Optionally check type of pending documents you want to store.

See also:

  • Which documents go via the cloud?

What is role of storage in cloud?

Cloud storage is a cloud computing model that enables storing data and files on the internet through a cloud computing provider that you access either through the public internet or a dedicated private network connection.

What are the three types of roles in cloud IAM?

Choose the most appropriate roles For production environments: Basic roles, including Owner ( roles/owner ), Editor ( roles/editor ), and Viewer ( roles/viewer ). Basic roles include thousands of permissions across all Google Cloud services.

What is the job of a IAM role?

An IAM role is an IAM identity that you can create in your account that has specific permissions. An IAM role is similar to an IAM user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS.

Where are IAM roles stored?

IAM Policy Policies are stored on AWS in JSON format and are attached to resources as identity-based policies. You can attach an IAM policy to different entities such as an IAM group, user, or role.