Prerequisites

What e6data Provides :

You will receive a Service Account email from e6data, typically in this format:

What You Need

  • IAM access to your GCP project with one of the following roles:

    • Project Owner

    • Security Admin

    • Storage Admin

  • List of GCS buckets that e6data should access

Step 1: Choose Access Scope

Option
Scope
Best For

Option A

Specific Buckets (Recommended)

Maximum security – restrict access to only required buckets

Option B

All Buckets in Project

Convenience – access to all current and future buckets

Step 2: Grant Access

Method 1: Using gcloud CLI

Run the following for each bucket:

BUCKET_NAME="your-bucket-name"
E6DATA_SERVICE_ACCOUNT="[email protected]"

google cloud storage buckets add-iam-policy-binding gs://${BUCKET_NAME} \
    --member="serviceAccount:${E6DATA_SERVICE_ACCOUNT}" \
    --role="roles/storage.objectViewer"

Method 2: Using Google Cloud Console

  1. Go to Cloud Console and select your project

  2. Navigate to Cloud StorageBuckets

  3. Click on a bucket → Permissions+ Grant Access

  4. Add the e6data service account

  5. Assign the Storage Object Viewer role

  6. Save changes

  7. Repeat for other required buckets

Option B: Project-Level Access

CLI:

YOUR_PROJECT_ID="your-project-id"
E6DATA_SERVICE_ACCOUNT="[email protected]"

google cloud projects add-iam-policy-binding ${YOUR_PROJECT_ID} \
    --member="serviceAccount:${E6DATA_SERVICE_ACCOUNT}" \
    --role="roles/storage.objectViewer"

Console:

  1. Go to IAM & Admin → IAM

  2. Click + Grant Access

  3. Add the e6data service account

  4. Assign Storage Object Viewer role

  5. Click Save

Step 3: Verify Access

CLI

# For bucket-level
google cloud storage buckets get-iam-policy gs://${BUCKET_NAME} | grep ${E6DATA_SERVICE_ACCOUNT}

# For project-level
google cloud projects get-iam-policy ${YOUR_PROJECT_ID} | grep ${E6DATA_SERVICE_ACCOUNT}

Console

  • Bucket-level: Cloud Storage → Bucket → Permissions

  • Project-level: IAM → Search for e6data service account → Confirm role

Permissions Granted

Permission
Allows
Does NotAllow

storage.objects.get

Read file contents

Modify/Delete files

storage.objects.list

List objects in buckets

Upload/Change settings

Last updated