# Cloud Storage

Java api reference - <https://googleapis.dev/java/google-cloud-storage/latest/index.html>

![](https://1074895821-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MKpcZyxGXJcyzkNoKkm%2F-MWOawQ-9VmWJ_P0oav8%2F-MWOmzFgpw8at6-J_ccb%2Fimage.png?alt=media\&token=11e0105f-d5ed-4350-8d75-6aa0ca510c03)

Usages

```java
static Storage storage = StorageOptions.getDefaultInstance().getService();

@Value("${google.storage.bucket}")
private String bucketname;

BlobInfo blobInfo = storage.create(BlobInfo.newBuilder(bucketname, fileName).setContentType(file.getContentType()).setAcl(new ArrayList<>(
            Arrays.asList(Acl.of(Acl.User.ofAllUsers(),
                                Acl.Role.READER)))).build(), file.getInputStream());
```

## Access control lists

| JSON API          | XML API/gsutil      | Description                                                                                                                    |
| ----------------- | ------------------- | ------------------------------------------------------------------------------------------------------------------------------ |
| `private`         | `private`           | Gives the bucket or object owner `OWNER` permission for a bucket or object.                                                    |
| `bucketOwnerRead` | `bucket-owner-read` | Gives the object owner `OWNER` permission, and gives the bucket owner `READER` permission. **This is used only with objects**. |

.<https://cloud.google.com/storage/docs/access-control/lists#predefined-acl>

> * **Avoid setting ACLs that result in inaccessible objects.**
>
>   An inaccessible object is an object that cannot be downloaded (read) and can only be deleted. This can happen when the owner of an object leaves a project without granting anyone else `OWNER` or `READER` permission on the object. To avoid this problem, you can use the `bucket-owner-read` or `bucket-owner-full-control` predefined ACLs when you or anyone else uploads objects to your buckets.

## Roles

.<https://cloud.google.com/storage/docs/access-control/iam-permissions>

set permissions with cloud console - <https://cloud.google.com/storage/docs/cloud-console#_bucketpermission>