Object Storage Admin role. Then, you can create an organization access policy to grant the permissions to the users. When these permissions are granted to a user, they will be able to perform the corresponding actions in the Cloud Console. For more information about organization access policies, see About organization access policies.
- All
cwobject:permissions are global operations and must specify"resources": ["*"]in the policy statement. - Cloud Console groups aren’t allowed in organization access policies. Use UIDs (from the Cloud Console) or SAML users and groups instead.
Required bucket policy permissions
To browse a bucket in the Cloud Console, the bucket’s bucket access policy must grant the read-only permissions listed in the table. If a bucket policy doesn’t grant these permissions to a principal, that principal can’t browse the bucket in the Cloud Console even when their organization access policy does.Next steps
- Navigate to the Organization Access Policies page in the Cloud Console to create an organization access policy.
- Learn more about creating organization access policies.