Owner Permission

240 views
Skip to first unread message

Andras Kavalecz

unread,
Jun 30, 2021, 3:10:10 PM6/30/21
to gce-discussion
Hello

I am new to Google Cloud and I have question.

I have a 3rd party service that would need me to add them to my Google Cloud Storage as a new User with "Owner" permission. (so that they can probably setup some stuff).

My question is: By giving them "Owner" permission do they will also have any access to MY GMAIL or other services that is connected with MY GMAIL account that is linked to my Google cloud Storage? ... Or can they (the new additional User with "Owner" permission) access data that is ONLY associated with the Google Cloud Storage ?

I just want to understand if my Gmail or Gmail drive is safe .... meaning that the Additional New User (with Owner permission) has no access to my Gmail/ Gdrive



Thank so much 

Andras Kavalecz

momo cloud9

unread,
Jun 30, 2021, 10:15:43 PM6/30/21
to Andras Kavalecz, gce-discussion
Hi Andras, 

When you give permissions always try to follow the "principle of least privilege "

The best method to grant access is proving granular access. 

Coming to your question if you have given access cloud storage you need not worry. 

Regards, 
Mohammed

--
© 2018 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
 
Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-dis...@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.
---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussio...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/098a2205-c9f3-4153-9e4c-224f993ac0cen%40googlegroups.com.

Shamma Nikhat (Cloud Platform Support)

unread,
Jul 2, 2021, 8:22:06 PM7/2/21
to gce-discussion
Hello,

If you want to provide only bucket permission to a user, you can use Access control lists (ACLs). It is mentioned that, You most likely want to use ACLs if you need to customize access to individual objects within a bucket, since IAM permissions apply to all objects within a bucket.

If you assign a user owner role in IAM , the user will have access to all resources in the project. 

Andras Kavalecz

unread,
Jul 4, 2021, 9:47:44 AM7/4/21
to gce-discussion
Thank you Mohammed and Shamma 

My main concern is that the new User with "Owner" permission on Google-Cloud-Storage would have access to things like my Gmail or Gmail Drives. 

But to me it sounds like that this New User with "Owner" permission would ONLY have permission on my Google-Cloud-Storage and NOT have access to my GMAIL....... Am I correct with my assumption? 

rezaizadi

unread,
Jul 10, 2021, 3:14:45 PM7/10/21
to gce-discussion

Hi , 

Granting OWNER permission allows a user to change ACLs and take control of data. You should use the OWNER permission only when you want to delegate administrative control over objects and buckets.For more detailed information please refer to “Best practices



Imran Khan

unread,
Jul 12, 2021, 12:40:26 PM7/12/21
to gce-discussion
The short answer is, NO. Making someone owner on a GCP project or for google cloud storage does not grant them access to our Gmail or other apps. 
Reply all
Reply to author
Forward
0 new messages