The error service account does not have storage.objects.get access for Google Cloud Storage occurs when the service account is missing the necessary IAM permissions to read objects from a Cloud Storage bucket.
To fix this error, follow these steps to grant the required permissions to the service account:
- Go to the Google Cloud Console: https://console.cloud.google.com/
- Select your project from the project drop-down menu at the top of the page.
- Navigate to the “IAM & Admin” page by clicking on the navigation menu (three horizontal lines) at the top left corner, then select “IAM & Admin” > “IAM”.
- Locate the service account you want to grant permissions. You can search for the service account email in the search bar or scroll through the list of members.
- Click the pencil icon next to the service account to edit its permissions.
- Next, click on “ADD ANOTHER ROLE” and search for the appropriate role that includes the
storage.objects.getpermission. Some common roles include:
roles/storage.objectViewer: Allows read-only access to objects in Cloud Storage.
roles/storage.objectAdmin: Allows complete control of objects in Cloud Storage.
roles/storage.admin: Allows full control of Cloud Storage resources, including objects and buckets.
- Select the desired role and click “SAVE” to apply the changes.
Now, the service account should have the necessary permissions to access objects in Google Cloud Storage.
Remember that the changes may take a few minutes to propagate fully.
Amit Doshi is a Cloud Engineer who has experienced more than 5 years in AWS, Azure, and Google Cloud. He is an IT professional responsible for designing, implementing, managing, and maintaining cloud computing infrastructure, applications, and services.