IAM permissions for Cloud Storage MCP server methods

The following table lists the Identity and Access Management (IAM) permissions required to run each Cloud Storage MCP server method . IAM permissions are bundled together to make roles . You grant roles to users and groups .

Method	Required IAM Permissions
`create_bucket`	`mcp.tools.call` `storage.buckets.create`
`get_object_metadata`	`mcp.tools.call` `storage.objects.get`
`list_buckets`	`mcp.tools.call` `storage.buckets.list`
`list_objects`	`mcp.tools.call` `storage.objects.list`
`read_object`	`mcp.tools.call` `storage.objects.get`
`read_text`	`mcp.tools.call` `storage.objects.get`
`write_text`	`mcp.tools.call` `storage.objects.create`

What's next

For a list of roles and the permissions they contain, see IAM Roles for Cloud Storage .
Assign IAM roles at the project and bucket level.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License , and code samples are licensed under the Apache 2.0 License . For details, see the Google Developers Site Policies . Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2026-04-20 UTC.

View Site in Mobile | Classic

Share by: