service account does not have storage.objects.get access for Google Cloud Storage

The problem was apparently that the service account was associated with too many roles, perhaps as a results of previous configuration attempts.

These steps resolved the issue:

  • removed all (three) roles for the offending service account (member) my_sa under IAM & Admin / IAM
  • deleted my_sa under IAM & Admin / Service accounts
  • recreated my_sa (again with role Storage / Storage Admin)

Effects are like this:

  • my_sa shows up with one role (Storage Admin) under IAM & Admin / IAM
  • my_sa shows up as member under Storage / Browser / my_bucket / Edit bucket permissions

It's worth to note, that you need to wait a minute or something for permissions to be working in case you just assigned them. At least that's what happened to me after:

gcloud projects add-iam-policy-binding xxx --member
"serviceAccount:[email protected]" --role "roles/storage.objectViewer"

Tags:

Python

Google Cloud Platform

Google Cloud Storage

Service Accounts

Related

Cannot set a property of cognito userpool client via cloudformation Kubernetes : dial tcp 127.0.0.1:8080: connect: connection refused perl6 grammar , not sure about some syntax in an example What is the appropriate replacement of deprecated getSupportLoaderManager()? How to create a Snackbar like in the material documentation? How to set API path in vue.config.js for production? How do I install the Nuget provider for PowerShell on a unconnected machine so I can install a nuget package from the PS command line? Provide function dependency using Dagger 2 How can I get Xcode working on my Mac Sierra (10.12.6) Does Edge/Safari have a limit on Indexeddb size? pip install FileNotFoundError: [Errno 2] No such file or directory: Cloud Firestore Security Rules allow write only from Firebase function

Recent Posts