Google could storage patch is forbidden with http 403 response

0
votes

I am using a service account to access a cloud storage bucket to add/list/remove file and update meta data. The service account is in the same project and cloud bucket. I set service account as owner for the project team. I am using the java API from google 

<dependency>
        <groupId>com.google.api-client</groupId>
        <artifactId>google-api-client</artifactId>
        <version>${google.version}</version>
    </dependency>

    <dependency>
        <groupId>com.google.apis</groupId>
        <artifactId>google-api-services-storage</artifactId>
        <version>v1-rev2-1.18.0-rc</version>


    </dependency>
    <dependency>
        <groupId>com.google.api-client</groupId>
        <artifactId>google-api-client-jackson2</artifactId>
        <version>${google.version}</version>
    </dependency>

With the code, I can add/delete/list/download, but when I update the meta data with patch command, I got a 403 forbidden response,

I go to the cloud storage browser to check permission. All the permissions are listed by cloud storage ID. I can not find out cloud storage ID for my service account. But there is an extra entry as owner besides editor, owner, and team. I assume that it is my service account.

Any suggestions?

thanks

1
patchgoogle-cloud-storagehttp-status-code-403
solved: Need StorageScopes.DEVSTORAGE_FULL_CONTROL permission. Read and Write is not enough to modify meta data - jason zhang
great to hear you solved your own question! Please write up your comment as an answer and accept it so that this questions is marked as resolved. - Misha Brukman

1 Answers

0
votes

Need StorageScopes.DEVSTORAGE_FULL_CONTROL permission. Read and Write is not enough to modify meta data. This is not documented anywhere. I found this out in a hard way