Stay organized with collectionsSave and categorize content based on your preferences.
This page provides an overview of managed folders in Cloud Storage.
Managed folders are a type of folder on which you can grant IAM
roles, so you have more fine-grained access control over specific groups of
objects within a bucket. Managed folders exist as resources within
Cloud Storage and are different fromsimulated folders, which operate with a flat namespace.
IAM for managed folders
When you apply an IAM policy on a managed folder, the access
granted in the policy also applies to any object within that bucket that has the
managed folder's name as a prefix. For example, if you grant a principal the
Storage Object Viewer (roles/storage.objectViewer) role on a managed folder
namedexample-bucket/example-managed-folder/, the principal can view any
object withinexample-managed-folder(such asexample-bucket/example-managed-folder/example-object.txt).
When you nest managed folders, the permissions granted through
IAM policies are applied additively.
Managed folders can only be created in buckets that have uniform bucket-level access
enabled.
Read the following pages for more information about managed folders:
It is strongly recommended that you avoid the following in your managed folder
names:
Control charactersthat are illegal in XML 1.0
(#x7F–#x84 and #x86–#x9F): these characters cause XML listing
issues when you try to list your managed folders.
The[,],*, or?characters: the Google Cloud CLI interprets
these characters as wildcards, so including them in managed folder names can
make it difficult or impossible to performwildcard operationswith the
tool. Additionally,*and?are not valid characters for file names in
Windows.
Sensitive or personally identifiable information (PII): managed folder names
are more broadly visible than object data. For example, managed folder names
appear in URLs for the object and when listing objects in a bucket.
Considerations
When working with managed folders, note the following considerations:
Managed folders can be created in place ofsimulated folders, which means
that you can create a managed folder and name it after an object's prefix, as
long as there isn't already a managed folder using that name. For example, you
can create a managed folder namedmy-folder/, even if you have an existing
object namedmy-folder/object.txt. Note that the IAM policy
on the managed foldermy-folder/will then apply to all objects that hasmy-folder/as a name prefix.
You can create child managed folders before the parent managed folder is
created. For example, you can create a managed folder namedmy-folder-A/my-folder-B/without first creating a managed folder namedmy-folder-A/.
By default, you can't delete a non-empty managed folder that contains objects
or other child managed folders. You can bypass this rule when using theallowNonEmptyparameter in aDeleteManagedFolder JSON API request.
Managed folder names are visible in error messages and Cloud Audit Logs when a
request to delete afolderthat has a managed folder at the same path
fails, even without explicitstorage.managedFolders.getorstorage.managedFolders.listpermissions.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["# Managed folders\n\nThis page provides an overview of managed folders in Cloud Storage.\nManaged folders are a type of folder on which you can grant IAM\nroles, so you have more fine-grained access control over specific groups of\nobjects within a bucket. Managed folders exist as resources within\nCloud Storage and are different from\n[simulated folders](/storage/docs/objects#simulated-folders), which operate with a flat namespace.\n\nIAM for managed folders\n-----------------------\n\nWhen you apply an IAM policy on a managed folder, the access\ngranted in the policy also applies to any object within that bucket that has the\nmanaged folder's name as a prefix. For example, if you grant a principal the\nStorage Object Viewer (`roles/storage.objectViewer`) role on a managed folder\nnamed `example-bucket/example-managed-folder/`, the principal can view any\nobject within `example-managed-folder` (such as\n`example-bucket/example-managed-folder/example-object.txt`).\nWhen you nest managed folders, the permissions granted through\nIAM policies are applied additively.\n\nManaged folders can only be created in buckets that have uniform bucket-level access\nenabled.\n\nRead the following pages for more information about managed folders:\n\n- [Creating and managing managed folders](/storage/docs/creating-managing-managed-folders)\n\n- [Control access to managed folders](/storage/docs/access-control/using-iam-for-managed-folders)\n\n- [ManagedFolder reference page](/storage/docs/json_api/v1/managedFolder) for the JSON API\n\nManaged folder names\n--------------------\n\nThe name you give to a managed folder must meet the following requirements:\n\n- Managed folder names can contain any sequence of valid Unicode characters, of\n length 1-1024 bytes when UTF-8 encoded.\n\n- Managed folder names cannot contain\n [Carriage Return or Line Feed characters](https://en.wikipedia.org/wiki/Newline#Unicode).\n\n- Managed folder names must end with `/`. At most, a managed folder name can\n have 15 `/`s. In other words, managed folders can be nested up to 15 levels\n deep.\n\n- Managed folder names cannot start with `.well-known/acme-challenge/`.\n\n- Managed folders cannot be named `.` or `..`.\n\nIt is strongly recommended that you avoid the following in your managed folder\nnames:\n\n- [Control characters](http://www.w3.org/TR/xml/#charsets) that are illegal in XML 1.0\n (#x7F--#x84 and #x86--#x9F): these characters cause XML listing\n issues when you try to list your managed folders.\n\n- The `[`, `]`, `*`, or `?` characters: the Google Cloud CLI interprets\n these characters as wildcards, so including them in managed folder names can\n make it difficult or impossible to perform [wildcard operations](/storage/docs/wildcards) with the\n tool. Additionally, `*` and `?` are not valid characters for file names in\n Windows.\n\n- Sensitive or personally identifiable information (PII): managed folder names\n are more broadly visible than object data. For example, managed folder names\n appear in URLs for the object and when listing objects in a bucket.\n\nConsiderations\n--------------\n\nWhen working with managed folders, note the following considerations:\n\n- Managed folders can be created in place of [simulated folders](/storage/docs/objects#simulated-folders), which means\n that you can create a managed folder and name it after an object's prefix, as\n long as there isn't already a managed folder using that name. For example, you\n can create a managed folder named `my-folder/`, even if you have an existing\n object named `my-folder/object.txt`. Note that the IAM policy\n on the managed folder `my-folder/` will then apply to all objects that has\n `my-folder/` as a name prefix.\n\n- You can create child managed folders before the parent managed folder is\n created. For example, you can create a managed folder named\n `my-folder-A/my-folder-B/` without first creating a managed folder named\n `my-folder-A/`.\n\n- By default, you can't delete a non-empty managed folder that contains objects\n or other child managed folders. You can bypass this rule when using the\n `allowNonEmpty` parameter in a [`Delete` ManagedFolder JSON API request](/storage/docs/json_api/v1/managedFolder/delete).\n\n- Managed folder names are visible in error messages and Cloud Audit Logs when a\n request to delete a [folder](/storage/docs/folders-overview) that has a managed folder at the same path\n fails, even without explicit `storage.managedFolders.get` or\n `storage.managedFolders.list` permissions.\n\nWhat's next\n-----------\n\n- [Create and manage managed folders](/storage/docs/creating-managing-managed-folders).\n\n- Learn about [simulated folders](/storage/docs/objects#simulated-folders).\n\n- [Upload objects](/storage/docs/uploading-objects) to a Cloud Storage bucket."]]
