Section 2: IAM Permissions and ACLs

3.1. IAM Permissions:

IAM permissions are more powerful and flexible for managing access control at a broader level, allowing you to assign roles to users, groups, or service accounts across the entire Google Cloud Platform. IAM roles are granted at the project or bucket level.

• IAM roles are assigned at bucket level and applied to all objects within the bucket.
• Assign predefined roles with specific permissions to control access (e.g., read, write, delete) at the bucket level.
• IAM allows for more fine-grained access control compared to ACLs.

3.2. Access Control Lists (ACLs):

• ACLs are used to control access of individual buckets or objects and each bucket and object has its own ACL that can be managed independently.
• The ACL entry identifies the grant (e.g., `READER`, `WRITER`, `OWNER`) and a role or group to which the grant applies.
• You can specify support for bucket owners, project groups, specific Google accounts, Google groups, and more.

Google Cloud storage bucket is a fundamental resource in the Google cloud platform(GCP) used for storing and managing objects or files including photos, videos, documents, application files, and more. It can store small amounts of data in very large files. It is secure and you have access to decide who can see and manage your data. It is cost-effective and only charges you for the amount of storage you use.