Google Cloud Storage#

To handle who can access Datasets, the necessary Google Cloud resources/policies must be created. This includes

  • A GS Bucket

  • An Special IAM Role (Optional)

  • Linking Users to Bucket with a IAM Role

  • An ACL (Optional)

Note

For general bucket level access, it is recommended to just use IAM Policies. For object level access, Access Control Lists (ACLs) are required.

Setting up the bucket#

For instructions on creating Google Storage Buckets, follow Create Bucket.

Enter Organization#

  1. Login to Google Storage Console.

  1. Click on the Organization field in the top left. The default value is No organization.

Alternative text

  1. In the popup, Click on the drop down field to select your organization.

Alternative text

  1. Click on the ALL tab, search for your project, and click on it.

Alternative text

Create IAM Role (Optional)#

Note

This section is for creating a special IAM Role and is NOT necessary to add users. If you do not want to use a special role, skip this section.

In the Google Storage Console, search IAM in the search bar and click on IAM in the suggested entries.

Alternative text

Click on Role in the left task bar.

Alternative text

Click on Create Role to create a custom role.

Alternative text

Title the role accordingly and set the ID to be the same as the Title. Add the correct permissions:

  • Upload and Delete Access requires the Storage Object User role.

  • Download Access requires Storage Object Viewer role.

Alternative text

Note

More information about roles can be found at IAM Roles.

Create ACL (Optional)#

Upload and Delete Access requires the Owner access.

Download Access requires Reader access.

For instructions on creating ACLs, follow Create ACL.

Construct URI#

URIs are constructed as follows with examples for bucket name my_bucket:

gs://<bucket>

# Example
gs://my_bucket

Follow Configure Data Storage to add the bucket to OSMO.