Google Cloud Storage is a robust, high-performance
service that enables developers and businesses to use Google’s infrastructure to power their
data. Today, we’re announcing a new feature that makes it even easier to control and share
your data.
Per-Bucket Default Object ACLs
Customers building a wide variety of applications have asked us for an easier
mechanism to control the permissions granted on newly created objects. Now you can define your
access control policy for a bucket once by specifying a Default
Object ACL for any bucket, and we’ll automatically apply that ACL to any object
without an explicitly defined ACL. You can always override the default by providing a canned
ACL when you upload the object or by updating the object’s ACL afterwards. This mechanism
simplifies wide variety of use cases, including data sharing, controlled-access data sets and
corporate drop-boxes.
New buckets without Default
ACLs
After analyzing how customers use our service, we’ve
also decided to make a few small changes to the behavior of buckets that have no explicit
default object ACL. Effective today, new buckets are created with an implied project-private
default object ACL. In other words, project editors and owners will have FULL_CONTROL access
to new objects, and project viewers will have READ access to them. This change better aligns
the default behavior with how our customers use storage. You can change a bucket’s default
object ACL at any time after creating the bucket.
Existing buckets have
an effective default object ACL of "private", and they will continue to work as they always
have until and unless you specify a new default object ACL for them.
Navneet Joneja loves being at the forefront of the next generation
of simple and reliable software infrastructure, the foundation on which next-generation
technology is being built. When not working, he can usually be found dreaming up new ways to
entertain his intensely curious one-year-old.