We are just trying to use gsutil from the command line to download some DCM data from the Google Cloud Platform:
gsutil -m cp -R gs://dcdt_-dcm_account75701/dcm_account75701_activity_201803* C:\Users\[omissis]\Desktop\ImprData
We are getting the error below, looks like an access issue, but we have made sure that all the correct access has been given in the cloud console.
AccessDeniedException: 403 [omissis] does not have storage.objects.list access to dcdt_-dcm_account75701.
CommandException: 1 file/object could not be transferred
Does anyone know what this might be?
Best Answer
It looks like you are copying multiple objects using a wildcard:
For this to work, you need to grant your user also the storage.objects.list privilege, not just the storage.objects.get privilege.
To verify this is the case, replace
dcm_account75701_activity_201803*with the full name of one of the objects in thedcdt_-dcm_account75701bucket.EDIT: notice that
storage.buckets.listandstorage.objects.listare two distinct privileges. The former allows you to list all buckets belonging to your project, the latter (which you are missing) allows you to list the objects inside the bucket.According to the user guide:
https://cloud.google.com/storage/docs/access-control/iam-roles
being an Owner grants you the storage.buckets.* privileges, not the storage.objects.* privileges. You might want to grant the storage.objectAdmin role to your user.