October 27, 2022 . 2 MIN READ
Uniform bucket-level access in Google Cloud Storage allows you to control access to a bucket and its objects using IAM (Identity and Access Management) only. When this feature is enabled, Access Control Lists (ACLs) are disabled, and all permissions are managed at the bucket level through IAM policies.
Cloud Storage normally supports two permission systems: IAM and ACLs.
When uniform bucket-level access is enabled, ACLs are disabled, and only IAM permissions control access to the bucket and its objects.
This simplifies permission management and helps prevent accidental data exposure.
Once enabled for 90 consecutive days, the feature cannot be disabled.
Uniform bucket-level access is recommended because it:
Simplifies permission management.
Improves security by removing ACL-related risks.
Is required for features such as:
Managed folders
Hierarchical namespace
IAM conditions on buckets
Workforce or Workload Identity Federation access
All ACL-related operations fail.
Object-level ownership and ACL permissions are removed.
Access is granted only through IAM roles at the bucket or project level.
Users who previously accessed objects using ACL permissions may lose access unless equivalent IAM roles are assigned.
Before enabling the feature on an existing bucket, you should:
Check if objects rely on ACL permissions.
Assign equivalent IAM roles.
Ensure bucket-level IAM permissions do not expose sensitive data.
Uniform bucket-level access can only be disabled if:
It has been enabled for less than 90 days.
All IAM conditions are removed.
No managed folders exist in the bucket.
The bucket is not restricted by an organization policy requiring this feature.
✅ Very short summary (2–3 lines):
Uniform bucket-level access in Google Cloud Storage disables ACLs and manages all permissions using IAM roles at the bucket level. It simplifies access control and improves security. Once enabled for 90 days, it cannot be disabled.
Reference:
https://cloud.google.com/storage/docs/uniform-bucket-level-access
