Use public access prevention

Overview

This page describes how to use the public access prevention bucket setting and the public access prevention organization policy constraint. Public access prevention lets you restrict public access to your buckets and objects.

Before you begin

Before using public access prevention in Cloud Storage, make sure you have the required IAM role and review the considerations for enforcing public access prevention.

Get required roles

To manage the public access prevention organization policy at the project, folder, or organization level, ask your administrator to grant you the Organization Policy Administrator ( roles/orgpolicy.policyAdmin ) role on the organization. This predefined role contains the permissions required to manage public access prevention at the project, folder, or organization level. For information about the permissions that are included in this role, refer to details about the Organization Administrator role .

To manage the public access prevention setting on a bucket, ask your administrator to grant you the Storage Admin ( roles/storage.admin ) role on the bucket. This role contains the permissions required to manage public access prevention on a bucket. To see the exact permissions that are required, expand the Required permissionssection:

Required permissions

storage.buckets.update
storage.buckets.setIamPolicy

For information about the other permissions that are included in the Storage Admin role, refer to details about the Storage Admin role .

Review considerations

Before you begin, it's recommended that you ensure no workflows break as a result of blocking public access. See Considerations when enforcing on existing resources for more details.

Use the bucket setting

This section shows how to enforce and remove public access prevention for individual buckets, as well as how to check the status of individual buckets.

Set public access prevention

To change the public access prevention setting for an individual bucket:

Console

In the Google Cloud console, go to the Cloud Storage Buckets page.

Go to Buckets
In the list of buckets, click the name of the bucket for which you want to enforce or remove public access prevention.
In the Bucket detailspage, click the Permissionstab.
In the Public accesscard, click Prevent public accessto enforce public access prevention, or click Allow public accessto remove public access prevention.
Click Confirm.

To learn how to get detailed error information about failed Cloud Storage operations in the Google Cloud console, see Troubleshooting .

Command line

Use the gcloud storage buckets update command with the appropriate flag:

gcloud storage buckets update gs:// BUCKET_NAME 
 FLAG

Where:

BUCKET_NAME is the name of the relevant bucket. For example, my-bucket .
FLAG is either --public-access-prevention to enable public access prevention or --no-public-access-prevention to disable it.

If successful, the response looks similar to the following example:

Updating gs://my-bucket/...
  Completed 1

Client libraries

C++

For more information, see the Cloud Storage C++ API reference documentation .

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries .

The following sample enforces public access prevention on a bucket:

  namespace 
  
 gcs 
  
 = 
  
 :: 
 google 
 :: 
 cloud 
 :: 
 storage 
 ; 
 using 
  
 :: 
 google 
 :: 
 cloud 
 :: 
 StatusOr 
 ; 
 []( 
 gcs 
 :: 
 Client 
  
 client 
 , 
  
 std 
 :: 
 string 
  
 const 
&  
 bucket_name 
 ) 
  
 { 
  
 gcs 
 :: 
 BucketIamConfiguration 
  
 configuration 
 ; 
  
 configuration 
 . 
 public_access_prevention 
  
 = 
  
 gcs 
 :: 
 PublicAccessPreventionEnforced 
 (); 
  
 StatusOr<gcs 
 :: 
 BucketMetadata 
>  
 updated 
  
 = 
  
 client 
 . 
 PatchBucket 
 ( 
  
 bucket_name 
 , 
  
 gcs 
 :: 
 BucketMetadataPatchBuilder 
 (). 
 SetIamConfiguration 
 ( 
  
 std 
 :: 
 move 
 ( 
 configuration 
 ))); 
  
 if 
  
 ( 
 ! 
 updated 
 ) 
  
 throw 
  
 std 
 :: 
 move 
 ( 
 updated 
 ). 
 status 
 (); 
  
 std 
 :: 
 cout 
 << 
 "Public Access Prevention is set to 'enforced' for " 
 << 
 updated 
 - 
> name 
 () 
 << 
 " 
 \n 
 " 
 ; 
 }

The following sample sets public access prevention to inherited for a bucket:

  namespace 
  
 gcs 
  
 = 
  
 :: 
 google 
 :: 
 cloud 
 :: 
 storage 
 ; 
 using 
  
 :: 
 google 
 :: 
 cloud 
 :: 
 StatusOr 
 ; 
 []( 
 gcs 
 :: 
 Client 
  
 client 
 , 
  
 std 
 :: 
 string 
  
 const 
&  
 bucket_name 
 ) 
  
 { 
  
 gcs 
 :: 
 BucketIamConfiguration 
  
 configuration 
 ; 
  
 configuration 
 . 
 public_access_prevention 
  
 = 
  
 gcs 
 :: 
 PublicAccessPreventionInherited 
 (); 
  
 auto 
  
 updated 
  
 = 
  
 client 
 . 
 PatchBucket 
 ( 
  
 bucket_name 
 , 
  
 gcs 
 :: 
 BucketMetadataPatchBuilder 
 (). 
 SetIamConfiguration 
 ( 
  
 std 
 :: 
 move 
 ( 
 configuration 
 ))); 
  
 if 
  
 ( 
 ! 
 updated 
 ) 
  
 throw 
  
 std 
 :: 
 move 
 ( 
 updated 
 ). 
 status 
 (); 
  
 std 
 :: 
 cout 
 << 
 "Public Access Prevention is set to 'inherited' for " 
 << 
 updated 
 - 
> name 
 () 
 << 
 " 
 \n 
 " 
 ; 
 }

C#

For more information, see the Cloud Storage C# API reference documentation .

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries .

The following sample enforces public access prevention on a bucket:

  using 
  
 Google.Apis.Storage.v1.Data 
 ; 
 using 
  
  Google.Cloud.Storage.V1 
 
 ; 
 using 
  
 System 
 ; 
 public 
  
 class 
  
 SetPublicAccessPreventionEnforcedSample 
 { 
  
 public 
  
 Bucket 
  
 SetPublicAccessPreventionEnforced 
 ( 
 string 
  
 bucketName 
  
 = 
  
 "your-unique-bucket-name" 
 ) 
  
 { 
  
 var 
  
 storage 
  
 = 
  
  StorageClient 
 
 . 
  Create 
 
 (); 
  
 var 
  
 bucket 
  
 = 
  
 storage 
 . 
 GetBucket 
 ( 
 bucketName 
 ); 
  
 // Set public access prevention to "enforced" for the bucket. 
  
 bucket 
 . 
 IamConfiguration 
 . 
 PublicAccessPrevention 
  
 = 
  
 "enforced" 
 ; 
  
 bucket 
  
 = 
  
 storage 
 . 
 UpdateBucket 
 ( 
 bucket 
 ); 
  
 Console 
 . 
 WriteLine 
 ( 
 $"Public access prevention is 'enforced' for {bucketName}." 
 ); 
  
 return 
  
 bucket 
 ; 
  
 } 
 }

The following sample sets public access prevention to inherited for a bucket:

  using 
  
 Google.Apis.Storage.v1.Data 
 ; 
 using 
  
  Google.Cloud.Storage.V1 
 
 ; 
 using 
  
 System 
 ; 
 public 
  
 class 
  
 SetPublicAccessPreventionInheritedSample 
 { 
  
 public 
  
 Bucket 
  
 SetPublicAccessPreventionInherited 
 ( 
 string 
  
 bucketName 
  
 = 
  
 "your-unique-bucket-name" 
 ) 
  
 { 
  
 var 
  
 storage 
  
 = 
  
  StorageClient 
 
 . 
  Create 
 
 (); 
  
 var 
  
 bucket 
  
 = 
  
 storage 
 . 
 GetBucket 
 ( 
 bucketName 
 ); 
  
 // Sets public access prevention to "inherited" for the bucket. 
  
 bucket 
 . 
 IamConfiguration 
 . 
 PublicAccessPrevention 
  
 = 
  
 "inherited" 
 ; 
  
 bucket 
  
 = 
  
 storage 
 . 
 UpdateBucket 
 ( 
 bucket 
 ); 
  
 Console 
 . 
 WriteLine 
 ( 
 $"Public access prevention is 'inherited' for {bucketName}." 
 ); 
  
 return 
  
 bucket 
 ; 
  
 } 
 }

Go

For more information, see the Cloud Storage Go API reference documentation .

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries .

The following sample enforces public access prevention on a bucket:

  import 
  
 ( 
  
 "context" 
  
 "fmt" 
  
 "io" 
  
 "time" 
  
 "cloud.google.com/go/storage" 
 ) 
 // setPublicAccessPreventionEnforced sets public access prevention to 
 // "enforced" for the bucket. 
 func 
  
 setPublicAccessPreventionEnforced 
 ( 
 w 
  
 io 
 . 
  Writer 
 
 , 
  
 bucketName 
  
 string 
 ) 
  
 error 
  
 { 
  
 // bucketName := "bucket-name" 
  
 ctx 
  
 := 
  
 context 
 . 
 Background 
 () 
  
 client 
 , 
  
 err 
  
 := 
  
 storage 
 . 
 NewClient 
 ( 
 ctx 
 ) 
  
 if 
  
 err 
  
 != 
  
 nil 
  
 { 
  
 return 
  
 fmt 
 . 
 Errorf 
 ( 
 "storage.NewClient: %w" 
 , 
  
 err 
 ) 
  
 } 
  
 defer 
  
 client 
 . 
 Close 
 () 
  
 ctx 
 , 
  
 cancel 
  
 := 
  
 context 
 . 
 WithTimeout 
 ( 
 ctx 
 , 
  
 time 
 . 
 Second 
 * 
 10 
 ) 
  
 defer 
  
 cancel 
 () 
  
 bucket 
  
 := 
  
 client 
 . 
  Bucket 
 
 ( 
 bucketName 
 ) 
  
 setPublicAccessPrevention 
  
 := 
  
 storage 
 . 
  BucketAttrsToUpdate 
 
 { 
  
 PublicAccessPrevention 
 : 
  
 storage 
 . 
  PublicAccessPreventionEnforced 
 
 , 
  
 } 
  
 if 
  
 _ 
 , 
  
 err 
  
 := 
  
 bucket 
 . 
 Update 
 ( 
 ctx 
 , 
  
 setPublicAccessPrevention 
 ); 
  
 err 
  
 != 
  
 nil 
  
 { 
  
 return 
  
 fmt 
 . 
 Errorf 
 ( 
 "Bucket(%q).Update: %w" 
 , 
  
 bucketName 
 , 
  
 err 
 ) 
  
 } 
  
 fmt 
 . 
 Fprintf 
 ( 
 w 
 , 
  
 "Public access prevention is 'enforced' for %v" 
 , 
  
 bucketName 
 ) 
  
 return 
  
 nil 
 }

The following sample sets public access prevention to inherited for a bucket:

  import 
  
 ( 
  
 "context" 
  
 "fmt" 
  
 "io" 
  
 "time" 
  
 "cloud.google.com/go/storage" 
 ) 
 // setPublicAccessPreventionInherited sets public access prevention to 
 // "inherited" for the bucket. 
 func 
  
 setPublicAccessPreventionInherited 
 ( 
 w 
  
 io 
 . 
  Writer 
 
 , 
  
 bucketName 
  
 string 
 ) 
  
 error 
  
 { 
  
 // bucketName := "bucket-name" 
  
 ctx 
  
 := 
  
 context 
 . 
 Background 
 () 
  
 client 
 , 
  
 err 
  
 := 
  
 storage 
 . 
 NewClient 
 ( 
 ctx 
 ) 
  
 if 
  
 err 
  
 != 
  
 nil 
  
 { 
  
 return 
  
 fmt 
 . 
 Errorf 
 ( 
 "storage.NewClient: %w" 
 , 
  
 err 
 ) 
  
 } 
  
 defer 
  
 client 
 . 
 Close 
 () 
  
 ctx 
 , 
  
 cancel 
  
 := 
  
 context 
 . 
 WithTimeout 
 ( 
 ctx 
 , 
  
 time 
 . 
 Second 
 * 
 10 
 ) 
  
 defer 
  
 cancel 
 () 
  
 bucket 
  
 := 
  
 client 
 . 
  Bucket 
 
 ( 
 bucketName 
 ) 
  
 setPublicAccessPrevention 
  
 := 
  
 storage 
 . 
  BucketAttrsToUpdate 
 
 { 
  
 PublicAccessPrevention 
 : 
  
 storage 
 . 
  PublicAccessPreventionInherited 
 
 , 
  
 } 
  
 if 
  
 _ 
 , 
  
 err 
  
 := 
  
 bucket 
 . 
 Update 
 ( 
 ctx 
 , 
  
 setPublicAccessPrevention 
 ); 
  
 err 
  
 != 
  
 nil 
  
 { 
  
 return 
  
 fmt 
 . 
 Errorf 
 ( 
 "Bucket(%q).Update: %w" 
 , 
  
 bucketName 
 , 
  
 err 
 ) 
  
 } 
  
 fmt 
 . 
 Fprintf 
 ( 
 w 
 , 
  
 "Public access prevention is 'inherited' for %v" 
 , 
  
 bucketName 
 ) 
  
 return 
  
 nil 
 }

Java

For more information, see the Cloud Storage Java API reference documentation .

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries .

The following sample enforces public access prevention on a bucket:

  import 
  
 com.google.cloud.storage. Bucket 
 
 ; 
 import 
  
 com.google.cloud.storage. BucketInfo 
 
 ; 
 import 
  
 com.google.cloud.storage. Storage 
 
 ; 
 import 
  
 com.google.cloud.storage. StorageOptions 
 
 ; 
 public 
  
 class 
 SetPublicAccessPreventionEnforced 
  
 { 
  
 public 
  
 static 
  
 void 
  
 setPublicAccessPreventionEnforced 
 ( 
 String 
  
 projectId 
 , 
  
 String 
  
 bucketName 
 ) 
  
 { 
  
 // The ID of your GCP project 
  
 // String projectId = "your-project-id"; 
  
 // The ID of your GCS bucket 
  
 // String bucketName = "your-unique-bucket-name"; 
  
  Storage 
 
  
 storage 
  
 = 
  
  StorageOptions 
 
 . 
 newBuilder 
 (). 
 setProjectId 
 ( 
 projectId 
 ). 
 build 
 (). 
  getService 
 
 (); 
  
  Bucket 
 
  
 bucket 
  
 = 
  
 storage 
 . 
  get 
 
 ( 
 bucketName 
 ); 
  
 // Enforces public access prevention for the bucket 
  
 bucket 
 . 
  toBuilder 
 
 () 
  
 . 
 setIamConfiguration 
 ( 
  
  BucketInfo 
 
 . 
 IamConfiguration 
 . 
 newBuilder 
 () 
  
 . 
  setPublicAccessPrevention 
 
 ( 
  BucketInfo 
 
 . 
 PublicAccessPrevention 
 . 
 ENFORCED 
 ) 
  
 . 
 build 
 ()) 
  
 . 
 build 
 () 
  
 . 
 update 
 (); 
  
 System 
 . 
 out 
 . 
 println 
 ( 
 "Public access prevention is set to enforced for " 
  
 + 
  
 bucketName 
 ); 
  
 } 
 }

The following sample sets public access prevention to inherited for a bucket:

  import 
  
 com.google.cloud.storage. Bucket 
 
 ; 
 import 
  
 com.google.cloud.storage. BucketInfo 
 
 ; 
 import 
  
 com.google.cloud.storage. Storage 
 
 ; 
 import 
  
 com.google.cloud.storage. StorageOptions 
 
 ; 
 public 
  
 class 
 SetPublicAccessPreventionInherited 
  
 { 
  
 public 
  
 static 
  
 void 
  
 setPublicAccessPreventionInherited 
 ( 
 String 
  
 projectId 
 , 
  
 String 
  
 bucketName 
 ) 
  
 { 
  
 // The ID of your GCP project 
  
 // String projectId = "your-project-id"; 
  
 // The ID of your GCS bucket 
  
 // String bucketName = "your-unique-bucket-name"; 
  
  Storage 
 
  
 storage 
  
 = 
  
  StorageOptions 
 
 . 
 newBuilder 
 (). 
 setProjectId 
 ( 
 projectId 
 ). 
 build 
 (). 
  getService 
 
 (); 
  
  Bucket 
 
  
 bucket 
  
 = 
  
 storage 
 . 
  get 
 
 ( 
 bucketName 
 ); 
  
 // Sets public access prevention to 'inherited' for the bucket 
  
 bucket 
 . 
  toBuilder 
 
 () 
  
 . 
 setIamConfiguration 
 ( 
  
  BucketInfo 
 
 . 
 IamConfiguration 
 . 
 newBuilder 
 () 
  
 . 
  setPublicAccessPrevention 
 
 ( 
  BucketInfo 
 
 . 
 PublicAccessPrevention 
 . 
 INHERITED 
 ) 
  
 . 
 build 
 ()) 
  
 . 
 build 
 () 
  
 . 
 update 
 (); 
  
 System 
 . 
 out 
 . 
 println 
 ( 
 "Public access prevention is set to 'inherited' for " 
  
 + 
  
 bucketName 
 ); 
  
 } 
 }

Node.js

For more information, see the Cloud Storage Node.js API reference documentation .

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries .

The following sample enforces public access prevention on a bucket:

  /** 
 * TODO(developer): Uncomment the following lines before running the sample. 
 */ 
 // The name of your GCS bucket 
 // const bucketName = 'Name of a bucket, e.g. my-bucket'; 
 // Imports the Google Cloud client library 
 const 
  
 { 
 Storage 
 } 
  
 = 
  
 require 
 ( 
 ' @google-cloud/storage 
' 
 ); 
 // Creates a client 
 const 
  
 storage 
  
 = 
  
 new 
  
 Storage 
 (); 
 // Enforces public access prevention for the bucket 
 async 
  
 function 
  
 setPublicAccessPreventionEnforced 
 () 
  
 { 
  
 await 
  
 storage 
 . 
 bucket 
 ( 
 bucketName 
 ). 
 setMetadata 
 ({ 
  
 iamConfiguration 
 : 
  
 { 
  
 publicAccessPrevention 
 : 
  
 'enforced' 
 , 
  
 }, 
  
 }); 
  
 console 
 . 
 log 
 ( 
  
 `Public access prevention is set to enforced for 
 ${ 
 bucketName 
 } 
 .` 
  
 ); 
 } 
 setPublicAccessPreventionEnforced 
 ();

The following sample sets public access prevention to inherited for a bucket:

  /** 
 * TODO(developer): Uncomment the following lines before running the sample. 
 */ 
 // The name of your GCS bucket 
 // const bucketName = 'Name of a bucket, e.g. my-bucket'; 
 // Imports the Google Cloud client library 
 const 
  
 { 
 Storage 
 } 
  
 = 
  
 require 
 ( 
 ' @google-cloud/storage 
' 
 ); 
 // Creates a client 
 const 
  
 storage 
  
 = 
  
 new 
  
 Storage 
 (); 
 async 
  
 function 
  
 setPublicAccessPreventionInherited 
 () 
  
 { 
  
 // Sets public access prevention to 'inherited' for the bucket 
  
 await 
  
 storage 
 . 
 bucket 
 ( 
 bucketName 
 ). 
 setMetadata 
 ({ 
  
 iamConfiguration 
 : 
  
 { 
  
 publicAccessPrevention 
 : 
  
 'inherited' 
 , 
  
 }, 
  
 }); 
  
 console 
 . 
 log 
 ( 
 `Public access prevention is 'inherited' for 
 ${ 
 bucketName 
 } 
 .` 
 ); 
 } 
 setPublicAccessPreventionInherited 
 ();

PHP

For more information, see the Cloud Storage PHP API reference documentation .

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries .

The following sample enforces public access prevention on a bucket:

  use Google\Cloud\Storage\StorageClient; 
 /** 
 * Set the bucket Public Access Prevention to enforced. 
 * 
 * @param string $bucketName the name of your Cloud Storage bucket. 
 *        (e.g. 'my-bucket') 
 */ 
 function set_public_access_prevention_enforced(string $bucketName): void 
 { 
 $storage = new StorageClient(); 
 $bucket = $storage->bucket($bucketName); 
 $bucket->update([ 
 'iamConfiguration' => [ 
 'publicAccessPrevention' => 'enforced' 
 ] 
 ]); 
 printf( 
 'Public Access Prevention has been set to enforced for %s.' . PHP_EOL, 
 $bucketName 
 ); 
 }

The following sample sets public access prevention to inherited for a bucket:

  use Google\Cloud\Storage\StorageClient; 
 /** 
 * Set the bucket Public Access Prevention to inherited. 
 * 
 * @param string $bucketName the name of your Cloud Storage bucket. 
 *        (e.g. 'my-bucket') 
 */ 
 function set_public_access_prevention_inherited(string $bucketName): void 
 { 
 $storage = new StorageClient(); 
 $bucket = $storage->bucket($bucketName); 
 $bucket->update([ 
 'iamConfiguration' => [ 
 'publicAccessPrevention' => 'inherited' 
 ] 
 ]); 
 printf( 
 'Public Access Prevention has been set to inherited for %s.' . PHP_EOL, 
 $bucketName 
 ); 
 }

Python

For more information, see the Cloud Storage Python API reference documentation .

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries .

The following sample enforces public access prevention on a bucket:

  from 
  
 google.cloud 
  
 import 
  storage 
 
 from 
  
 google.cloud.storage.constants 
  
 import 
 PUBLIC_ACCESS_PREVENTION_ENFORCED 
 def 
  
 set_public_access_prevention_enforced 
 ( 
 bucket_name 
 ): 
  
 """Enforce public access prevention for a bucket.""" 
 # The ID of your GCS bucket 
 # bucket_name = "my-bucket" 
 storage_client 
 = 
  storage 
 
 . 
  Client 
 
 () 
 bucket 
 = 
 storage_client 
 . 
  get_bucket 
 
 ( 
 bucket_name 
 ) 
 bucket 
 . 
  iam_configuration 
 
 . 
  public_access_prevention 
 
 = 
 ( 
 PUBLIC_ACCESS_PREVENTION_ENFORCED 
 ) 
 bucket 
 . 
 patch 
 () 
 print 
 ( 
 f 
 "Public access prevention is set to enforced for 
 { 
 bucket 
 . 
 name 
 } 
 ." 
 )

The following sample sets public access prevention to inherited for a bucket:

  from 
  
 google.cloud 
  
 import 
  storage 
 
 from 
  
 google.cloud.storage.constants 
  
 import 
 PUBLIC_ACCESS_PREVENTION_INHERITED 
 def 
  
 set_public_access_prevention_inherited 
 ( 
 bucket_name 
 ): 
  
 """Sets the public access prevention status to inherited, so that the bucket inherits its setting from its parent project.""" 
 # The ID of your GCS bucket 
 # bucket_name = "my-bucket" 
 storage_client 
 = 
  storage 
 
 . 
  Client 
 
 () 
 bucket 
 = 
 storage_client 
 . 
  get_bucket 
 
 ( 
 bucket_name 
 ) 
 bucket 
 . 
  iam_configuration 
 
 . 
  public_access_prevention 
 
 = 
 ( 
 PUBLIC_ACCESS_PREVENTION_INHERITED 
 ) 
 bucket 
 . 
 patch 
 () 
 print 
 ( 
 f 
 "Public access prevention is 'inherited' for 
 { 
 bucket 
 . 
 name 
 } 
 ." 
 )

Ruby

For more information, see the Cloud Storage Ruby API reference documentation .

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries .

The following sample enforces public access prevention on a bucket:

  def 
  
 set_public_access_prevention_enforced 
  
 bucket_name 
 : 
  
 # The ID of your GCS bucket 
  
 # bucket_name = "your-unique-bucket-name" 
  
 require 
  
 "google/cloud/storage" 
  
 storage 
  
 = 
  
 Google 
 :: 
 Cloud 
 :: 
  Storage 
 
 . 
  new 
 
  
 bucket 
  
 = 
  
 storage 
 . 
 bucket 
  
 bucket_name 
  
 bucket 
 . 
  public_access_prevention 
 
  
 = 
  
 :enforced 
  
 puts 
  
 "Public access prevention is set to enforced for 
 #{ 
 bucket_name 
 } 
 ." 
 end

The following sample sets public access prevention to inherited for a bucket:

  def 
  
 set_public_access_prevention_inherited 
  
 bucket_name 
 : 
  
 # The ID of your GCS bucket 
  
 # bucket_name = "your-unique-bucket-name" 
  
 require 
  
 "google/cloud/storage" 
  
 storage 
  
 = 
  
 Google 
 :: 
 Cloud 
 :: 
  Storage 
 
 . 
  new 
 
  
 bucket 
  
 = 
  
 storage 
 . 
 bucket 
  
 bucket_name 
  
 bucket 
 . 
  public_access_prevention 
 
  
 = 
  
 :inherited 
  
 puts 
  
 "Public access prevention is 'inherited' for 
 #{ 
 bucket_name 
 } 
 ." 
 end

Use public access prevention Stay organized with collections Save and categorize content based on your preferences.

Before you begin

Get required roles

Required permissions

Review considerations

Use the bucket setting

Set public access prevention

Console

Command line

Client libraries

C++

C#

Go

Java

Node.js

PHP

Python

Ruby

REST APIs

JSON API

XML API

View public access prevention status

Console

Command line

Client libraries

C++

C#

Go

Java

Node.js

PHP

Python

Ruby

REST APIs

JSON API

XML API

Use the organization policy

Set public access prevention

Console

Command line

View public access prevention status

Console

Command line

What's next

Use public access prevention