v5.18.0/website/docs/r/storage_bucket_access_control.html.markdown - terraform-provider-google-beta - Git at Google

 ---
 # ----------------------------------------------------------------------------
 #
 #     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
 #
 # ----------------------------------------------------------------------------
 #
 #     This file is automatically generated by Magic Modules and manual
 #     changes will be clobbered when the file is regenerated.
 #
 #     Please read more about how to change this file in
 #     .github/CONTRIBUTING.md.
 #
 # ----------------------------------------------------------------------------
 subcategory: "Cloud Storage"
 description: |-
   Bucket ACLs can be managed authoritatively using the
   [`storage_bucket_acl`](https://registry.
 ---

 # google\_storage\_bucket\_access\_control

 Bucket ACLs can be managed authoritatively using the
 [`storage_bucket_acl`](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_acl)
 resource. Do not use these two resources in conjunction to manage the same bucket.

 The BucketAccessControls resource manages the Access Control List
 (ACLs) for a single entity/role pairing on a bucket. ACLs let you specify who
 has access to your data and to what extent.

 There are three roles that can be assigned to an entity:

 READERs can get the bucket, though no acl property will be returned, and
 list the bucket's objects.  WRITERs are READERs, and they can insert
 objects into the bucket and delete the bucket's objects.  OWNERs are
 WRITERs, and they can get the acl property of a bucket, update a bucket,
 and call all BucketAccessControls methods on the bucket.  For more
 information, see Access Control, with the caveat that this API uses
 READER, WRITER, and OWNER instead of READ, WRITE, and FULL_CONTROL.


 To get more information about BucketAccessControl, see:

 * [API documentation](https://cloud.google.com/storage/docs/json_api/v1/bucketAccessControls)
 * How-to Guides
     * [Official Documentation](https://cloud.google.com/storage/docs/access-control/lists)

 <div class = "oics-button" style="float: right; margin: 0 0 -15px">
   <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=storage_bucket_access_control_public_bucket&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
     <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
   </a>
 </div>
 ## Example Usage - Storage Bucket Access Control Public Bucket


 ```hcl
 resource "google_storage_bucket_access_control" "public_rule" {
   bucket = google_storage_bucket.bucket.name
   role   = "READER"
   entity = "allUsers"
 }

 resource "google_storage_bucket" "bucket" {
   name     = "static-content-bucket"
   location = "US"
 }
 ```

 ## Argument Reference

 The following arguments are supported:


 * `bucket` -
   (Required)
   The name of the bucket.

 * `entity` -
   (Required)
   The entity holding the permission, in one of the following forms:
     user-userId
     user-email
     group-groupId
     group-email
     domain-domain
     project-team-projectId
     allUsers
     allAuthenticatedUsers
   Examples:
     The user liz@example.com would be user-liz@example.com.
     The group example@googlegroups.com would be
     group-example@googlegroups.com.
     To refer to all members of the Google Apps for Business domain
     example.com, the entity would be domain-example.com.


 - - -


 * `role` -
   (Optional)
   The access permission for the entity.
   Possible values are: `OWNER`, `READER`, `WRITER`.


 ## Attributes Reference

 In addition to the arguments listed above, the following computed attributes are exported:

 * `id` - an identifier for the resource with format `{{bucket}}/{{entity}}`

 * `domain` -
   The domain associated with the entity.

 * `email` -
   The email address associated with the entity.


 ## Timeouts

 This resource provides the following
 [Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:

 - `create` - Default is 20 minutes.
 - `update` - Default is 20 minutes.
 - `delete` - Default is 20 minutes.

 ## Import


 BucketAccessControl can be imported using any of these accepted formats:

 * `{{bucket}}/{{entity}}`


 In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import BucketAccessControl using one of the formats above. For example:

 ```tf
 import {
   id = "{{bucket}}/{{entity}}"
   to = google_storage_bucket_access_control.default
 }
 ```

 When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), BucketAccessControl can be imported using one of the formats above. For example:

 ```
 $ terraform import google_storage_bucket_access_control.default {{bucket}}/{{entity}}
 ```
	---
	# ----------------------------------------------------------------------------
	#
	# * AUTO GENERATED CODE * Type: MMv1 ***
	#
	# ----------------------------------------------------------------------------
	#
	# This file is automatically generated by Magic Modules and manual
	# changes will be clobbered when the file is regenerated.
	#
	# Please read more about how to change this file in
	# .github/CONTRIBUTING.md.
	#
	# ----------------------------------------------------------------------------
	subcategory: "Cloud Storage"
	description: \|-
	Bucket ACLs can be managed authoritatively using the
	[`storage_bucket_acl`](https://registry.
	---

	# google\_storage\_bucket\_access\_control

	Bucket ACLs can be managed authoritatively using the
	[`storage_bucket_acl`](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_acl)
	resource. Do not use these two resources in conjunction to manage the same bucket.

	The BucketAccessControls resource manages the Access Control List
	(ACLs) for a single entity/role pairing on a bucket. ACLs let you specify who
	has access to your data and to what extent.

	There are three roles that can be assigned to an entity:

	READERs can get the bucket, though no acl property will be returned, and
	list the bucket's objects. WRITERs are READERs, and they can insert
	objects into the bucket and delete the bucket's objects. OWNERs are
	WRITERs, and they can get the acl property of a bucket, update a bucket,
	and call all BucketAccessControls methods on the bucket. For more
	information, see Access Control, with the caveat that this API uses
	READER, WRITER, and OWNER instead of READ, WRITE, and FULL_CONTROL.


	To get more information about BucketAccessControl, see:

	* [API documentation](https://cloud.google.com/storage/docs/json_api/v1/bucketAccessControls)
	* How-to Guides
	* [Official Documentation](https://cloud.google.com/storage/docs/access-control/lists)

	<div class = "oics-button" style="float: right; margin: 0 0 -15px">
	<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=storage_bucket_access_control_public_bucket&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
	<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
	</a>
	</div>
	## Example Usage - Storage Bucket Access Control Public Bucket


	```hcl
	resource "google_storage_bucket_access_control" "public_rule" {
	bucket = google_storage_bucket.bucket.name
	role = "READER"
	entity = "allUsers"
	}

	resource "google_storage_bucket" "bucket" {
	name = "static-content-bucket"
	location = "US"
	}
	```

	## Argument Reference

	The following arguments are supported:


	* `bucket` -
	(Required)
	The name of the bucket.

	* `entity` -
	(Required)
	The entity holding the permission, in one of the following forms:
	user-userId
	user-email
	group-groupId
	group-email
	domain-domain
	project-team-projectId
	allUsers
	allAuthenticatedUsers
	Examples:
	The user liz@example.com would be user-liz@example.com.
	The group example@googlegroups.com would be
	group-example@googlegroups.com.
	To refer to all members of the Google Apps for Business domain
	example.com, the entity would be domain-example.com.


	- - -


	* `role` -
	(Optional)
	The access permission for the entity.
	Possible values are: `OWNER`, `READER`, `WRITER`.


	## Attributes Reference

	In addition to the arguments listed above, the following computed attributes are exported:

	* `id` - an identifier for the resource with format `{{bucket}}/{{entity}}`

	* `domain` -
	The domain associated with the entity.

	* `email` -
	The email address associated with the entity.


	## Timeouts

	This resource provides the following
	[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:

	- `create` - Default is 20 minutes.
	- `update` - Default is 20 minutes.
	- `delete` - Default is 20 minutes.

	## Import


	BucketAccessControl can be imported using any of these accepted formats:

	* `{{bucket}}/{{entity}}`


	In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import BucketAccessControl using one of the formats above. For example:

	```tf
	import {
	id = "{{bucket}}/{{entity}}"
	to = google_storage_bucket_access_control.default
	}
	```

	When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), BucketAccessControl can be imported using one of the formats above. For example:

	```
	$ terraform import google_storage_bucket_access_control.default {{bucket}}/{{entity}}
	```