Skip to main content
This table lists the permissions required to perform CoreWeave AI Object Storage actions in the Cloud Console. Object Storage Admins already have these permissions by default. This reference is for granting specific permissions to non-admin users. To grant these permissions to users, you need the Object Storage Admin role. Then, you can create an organization access policy to grant the permissions to the users. When these permissions are granted to a user, they will be able to perform the corresponding actions in the Cloud Console. For more information about organization access policies, see About organization access policies.
  • All cwobject: permissions are global operations and must specify "resources": ["*"] in the policy statement.
  • Cloud Console groups aren’t allowed in organization access policies. Use UIDs (from the Cloud Console) or SAML users and groups instead.

Required bucket policy permissions

To browse a bucket in the Cloud Console, the bucket’s bucket access policy must grant the read-only permissions listed in the table. If a bucket policy doesn’t grant these permissions to a principal, that principal can’t browse the bucket in the Cloud Console even when their organization access policy does.

Next steps

Last modified on June 12, 2026