Make data public

This folio shows you how to make objects you own readable to anybody on the public internet. To learn how to access information that has been made public, see Accessing Public Data.

When an object is shared publicly, whatever user with knowledge of the object URI tin access the object for as long as the object is public.

Prerequisites

Prerequisites tin vary based on the tool used:

Console

In society to consummate this guide using the Google Deject Console, you must have the proper IAM permissions. If the objects or buckets you want to admission exist in a project that you did not create, y'all might need the project owner to give you a role that contains the necessary permissions.

For a list of permissions required for specific actions, see IAM permissions for the Google Cloud Console.

For a list of relevant roles, see Cloud Storage roles. Alternatively, yous can create a custom role that has specific, limited permissions.

Control line

In order to complete this guide using a control-line utility, you must have the proper IAM permissions. If the objects or buckets yous want to admission be in a project that you lot did not create, y'all might need the project possessor to give y'all a role that contains the necessary permissions.

For a listing of permissions required for specific deportment, see IAM permissions for gsutil commands.

For a list of relevant roles, see Cloud Storage roles. Alternatively, you can create a custom role that has specific, limited permissions.

Lawmaking samples

In guild to complete this guide using the Cloud Storage client libraries, you must accept the proper IAM permissions. If the objects or buckets yous want to access exist in a project that you did non create, you might need the projection owner to requite you a role that contains the necessary permissions. Unless otherwise noted, customer library requests are made through the JSON API.

For a list of permissions required for specific actions, see IAM permissions for JSON methods.

For a list of relevant roles, run across Cloud Storage roles. Alternatively, you lot tin can create a custom role that has specific, limited permissions.

Residuum APIs

JSON API

In order to complete this guide using the JSON API, you lot must have the proper IAM permissions. If the objects or buckets you want to access exist in a project that you lot did not create, you might need the project owner to give you a role that contains the necessary permissions.

For a list of permissions required for specific actions, see IAM permissions for JSON methods.

For a listing of relevant roles, see Cloud Storage roles. Alternatively, you tin create a custom role that has specific, limited permissions.

Make private objects publicly readable

To make individual objects readable to anybody on the public internet:

Console

  1. In the Google Deject Console, go to the Deject Storage Browser folio.

    Get to Browser

  2. Click on the name of the bucket that contains the object you want to make public, and navigate to the object if information technology'due south in a subdirectory.

  3. Click the more actions carte () associated with the object that y'all desire to make public.

  4. Select Edit admission from the drop-downward bill of fare.

  5. In the overlay that appears, click the + Add entry button.

  6. Add a permission for allUsers.

    • Select Public for the Entity.
    • Select allUsers for the Proper noun.
    • Select Reader for the Admission.
  7. Click Save.

Once public access has been granted, Re-create URL appears in the public admission column. You lot can click this push button to get the public URL for the object.

To acquire how to get detailed error information virtually failed operations in the Deject Storage browser, run into Troubleshooting.

Control line

Use the gsutil acl ch control:

gsutil acl ch -u AllUsers:R gs://BUCKET_NAME/OBJECT_NAME                      

Where:

  • BUCKET_NAME is the name of the bucket containing the object you want to make public. For example, my-bucket.
  • OBJECT_NAME is the name of the object yous want to make public. For example, pets/canis familiaris.png.

If successful, the response looks like the following case:

Updated ACL on gs://my-bucket/pets/dog.png

Code samples

Residue APIs

JSON API

  1. Get an authorization access token from the OAuth two.0 Playground. Configure the playground to use your ain OAuth credentials. For instructions, see API authentication.
  2. Create a JSON file that contains the following information:

    {   "entity": "allUsers",   "role": "READER" }
  3. Use roll to phone call the JSON API with an Insert ACL request:

    curl -X POST --data-binary @JSON_FILE_NAME                                \   -H "Authorization: Bearer                                OAUTH2_TOKEN" \   -H "Content-Type: application/json" \   "https://storage.googleapis.com/storage/v1/b/BUCKET_NAME/o/OBJECT_NAME/acl"

    Where:

    • JSON_FILE_NAME is the path for the file that yous created in Stride 2.
    • OAUTH2_TOKEN is the admission token you lot created in Step ane.
    • BUCKET_NAME is the name of the bucket containing the object y'all desire to brand public. For example, my-bucket.
    • OBJECT_NAME is the URL-encoded name of the object yous want to make public. For example, pets/dog.png, URL-encoded every bit pets%2Fdog.png.

XML API

  1. Become an authorization access token from the OAuth ii.0 Playground. Configure the playground to use your own OAuth credentials. For instructions, run across API authentication.
  2. Create a XML file that contains the following information:

    <AccessControlList>   <Entries>     <Entry>       <Scope type="AllUsers"/>       <Permission>READ</Permission>     </Entry>   </Entries> </AccessControlList>
  3. Use coil to phone call the XML API with a Fix Object ACL request:

    curl -X PUT --data-binary @XML_FILE_NAME                                \   -H "Authorization: Bearer                                OAUTH2_TOKEN" \   "https://storage.googleapis.com/BUCKET_NAME/OBJECT_NAME?acl"

    Where:

    • XML_FILE_NAME is the path for the file that you lot created in Step ii.
    • OAUTH2_TOKEN is the admission token you created in Stride 1.
    • BUCKET_NAME is the name of the bucket containing the object you want to make public. For instance, my-bucket.
    • OBJECT_NAME is the URL-encoded name of the object you want to make public. For example, pets/dog.png, URL-encoded equally pets%2Fdog.png.

Make all objects in a bucket publicly readable

To make all objects in a saucepan readable to everyone on the public net:

Console

  1. In the Google Cloud Console, go to the Cloud Storage Browser page.

    Go to Browser

  2. In the list of buckets, click on the name of the bucket that y'all want to make public.

  3. Select the Permissions tab near the top of the page.

  4. In the Permissions department, click the + Add button.

    The Add principals dialog box appears.

  5. In the New principals field, enter allUsers.

  6. In the Select a role drop down, enter Storage Object Viewer in the filter box and select the Storage Object Viewer from the filtered results.

  7. Click Save.

  8. Click Let public access.

Once public access has been granted, Copy URL appears for each object in the public access cavalcade. You tin can click this button to go the public URL for the object.

To learn how to get detailed fault information about failed operations in the Cloud Storage browser, see Troubleshooting.

Control line

Utilize the gsutil iam ch command:

gsutil iam ch allUsers:objectViewer gs://BUCKET_NAME                      

Where BUCKET_NAME is the name of the bucket whose objects yous desire to make public. For example, my-bucket.

Code samples

REST APIs

JSON API

  1. Get an authorization access token from the OAuth 2.0 Playground. Configure the playground to use your own OAuth credentials. For instructions, see API hallmark.
  2. Create a JSON file that contains the following data:

    {   "bindings":[     {       "function": "roles/storage.objectViewer",       "members":["allUsers"]     }   ] }
  3. Employ gyre to call the JSON API with a PUT Bucket request:

    ringlet -X PUT --data-binary @JSON_FILE_NAME                                \   -H "Potency: Bearer                                OAUTH2_TOKEN" \   -H "Content-Blazon: application/json" \   "https://storage.googleapis.com/storage/v1/b/BUCKET_NAME/iam"

    Where:

    • JSON_FILE_NAME is the path for the file that you lot created in Step 2.
    • OAUTH2_TOKEN is the admission token you created in Stride 1.
    • BUCKET_NAME is the name of the saucepan whose objects y'all want to make public. For instance, my-bucket.

XML API

Making all objects in a bucket publicly readable is not supported by the XML API. Use gsutil or the JSON API instead.

What's next

  • Access data that has been fabricated public.
  • Acquire about more admission command options for your buckets and objects.