Class ACL (2.3.0)

ACL()

Container class representing a list of access controls.

Properties

client

Abstract getter for the object client.

Methods

add_entity

add_entity(entity)

Add an entity to the ACL.

Parameter
NameDescription
entity_ACLEntity

The entity to add to this ACL.

all

all()

Factory method for an Entity representing all users.

Returns
TypeDescription
_ACLEntityAn entity representing all users.

all_authenticated

all_authenticated()

Factory method for an Entity representing all authenticated users.

Returns
TypeDescription
_ACLEntityAn entity representing all authenticated users.

clear

clear(client=None,if_generation_match=None,if_generation_not_match=None,if_metageneration_match=None,if_metageneration_not_match=None,timeout=60,retry=<google.cloud.storage.retry.ConditionalRetryPolicyobject>)

Remove all ACL entries.

Ifuser_project is set, bills the API request to that project.

Note that this won't actually removeALL the rules, but itwill remove all the non-default rules. In short, you'll stillhave access to a bucket that you created even after you clearACL rules with this method.

Parameters
NameDescription
clientClient orNoneType

(Optional) The client to use. If not passed, falls back to theclient stored on the ACL's parent.

if_generation_matchlong

(Optional) See :ref:using-if-generation-match

if_generation_not_matchlong

(Optional) See :ref:using-if-generation-not-match

if_metageneration_matchlong

(Optional) See :ref:using-if-metageneration-match

if_metageneration_not_matchlong

(Optional) See :ref:using-if-metageneration-not-match

timeoutfloat or tuple

(Optional) The amount of time, in seconds, to wait for the server response. See:configuring_timeouts

retrygoogle.api_core.retry.Retry orgoogle.cloud.storage.retry.ConditionalRetryPolicy

(Optional) How to retry the RPC. See:configuring_retries

domain

domain(domain)

Factory method for a domain Entity.

Parameter
NameDescription
domainstr

The domain for this entity.

Returns
TypeDescription
_ACLEntityAn entity corresponding to this domain.

entity

entity(entity_type,identifier=None)

Factory method for creating an Entity.

If an entity with the same type and identifier already exists,this will return a reference to that entity. If not, it willcreate a new one and add it to the list of known entities forthis ACL.

Parameters
NameDescription
entity_typestr

The type of entity to create (ie,user,group, etc)

identifierstr

The ID of the entity (if applicable). This can be either an ID or an e-mail address.

Returns
TypeDescription
_ACLEntityA new Entity or a reference to an existing identical entity.

entity_from_dict

entity_from_dict(entity_dict)

Build an _ACLEntity object from a dictionary of data.

An entity is a mutable object that represents a list of rolesbelonging to either a user or group or the special types for allusers and all authenticated users.

Parameter
NameDescription
entity_dictdict

Dictionary full of data from an ACL lookup.

Returns
TypeDescription
_ACLEntityAn Entity constructed from the dictionary.

get_entities

get_entities()

Get a list of all Entity objects.

Returns
TypeDescription
list of_ACLEntity objectsA list of all Entity objects.

get_entity

get_entity(entity,default=None)

Gets an entity object from the ACL.

Parameters
NameDescription
entity_ACLEntity or string

The entity to get lookup in the ACL.

defaultanything

This value will be returned if the entity doesn't exist.

Returns
TypeDescription
_ACLEntityThe corresponding entity or the value provided todefault.

group

group(identifier)

Factory method for a group Entity.

Parameter
NameDescription
identifierstr

An id or e-mail for this particular group.

Returns
TypeDescription
_ACLEntityAn Entity corresponding to this group.

has_entity

has_entity(entity)

Returns whether or not this ACL has any entries for an entity.

Parameter
NameDescription
entity_ACLEntity

The entity to check for existence in this ACL.

Returns
TypeDescription
boolTrue of the entity exists in the ACL.

reload

reload(client=None,timeout=60,retry=<google.api_core.retry.Retryobject>)

Reload the ACL data from Cloud Storage.

Ifuser_project is set, bills the API request to that project.

Parameters
NameDescription
clientClient orNoneType

(Optional) The client to use. If not passed, falls back to theclient stored on the ACL's parent.

timeoutfloat or tuple

(Optional) The amount of time, in seconds, to wait for the server response. See:configuring_timeouts

retrygoogle.api_core.retry.Retry

(Optional) How to retry the RPC. See:configuring_retries

reset

reset()

Remove all entities from the ACL, and clear theloaded flag.

save

save(acl=None,client=None,if_generation_match=None,if_generation_not_match=None,if_metageneration_match=None,if_metageneration_not_match=None,timeout=60,retry=<google.cloud.storage.retry.ConditionalRetryPolicyobject>)

Save this ACL for the current bucket.

Ifuser_project is set, bills the API request to that project.

Parameters
NameDescription
aclACL, or a compatible list.

The ACL object to save. If left blank, this will save current entries.

clientClient orNoneType

(Optional) The client to use. If not passed, falls back to theclient stored on the ACL's parent.

if_generation_matchlong

(Optional) See :ref:using-if-generation-match

if_generation_not_matchlong

(Optional) See :ref:using-if-generation-not-match

if_metageneration_matchlong

(Optional) See :ref:using-if-metageneration-match

if_metageneration_not_matchlong

(Optional) See :ref:using-if-metageneration-not-match

timeoutfloat or tuple

(Optional) The amount of time, in seconds, to wait for the server response. See:configuring_timeouts

retrygoogle.api_core.retry.Retry orgoogle.cloud.storage.retry.ConditionalRetryPolicy

(Optional) How to retry the RPC. See:configuring_retries

save_predefined

save_predefined(predefined,client=None,if_generation_match=None,if_generation_not_match=None,if_metageneration_match=None,if_metageneration_not_match=None,timeout=60,retry=<google.cloud.storage.retry.ConditionalRetryPolicyobject>)

Save this ACL for the current bucket using a predefined ACL.

Ifuser_project is set, bills the API request to that project.

Parameters
NameDescription
predefinedstr

An identifier for a predefined ACL. Must be one of the keys inPREDEFINED_JSON_ACLS orPREDEFINED_XML_ACLS (which will be aliased to the corresponding JSON name). If passed,acl must be None.

clientClient orNoneType

(Optional) The client to use. If not passed, falls back to theclient stored on the ACL's parent.

if_generation_matchlong

(Optional) See :ref:using-if-generation-match

if_generation_not_matchlong

(Optional) See :ref:using-if-generation-not-match

if_metageneration_matchlong

(Optional) See :ref:using-if-metageneration-match

if_metageneration_not_matchlong

(Optional) See :ref:using-if-metageneration-not-match

timeoutfloat or tuple

(Optional) The amount of time, in seconds, to wait for the server response. See:configuring_timeouts

retrygoogle.api_core.retry.Retry orgoogle.cloud.storage.retry.ConditionalRetryPolicy

(Optional) How to retry the RPC. See:configuring_retries

user

user(identifier)

Factory method for a user Entity.

Parameter
NameDescription
identifierstr

An id or e-mail for this particular user.

Returns
TypeDescription
_ACLEntityAn Entity corresponding to this user.

validate_predefined

validate_predefined(predefined)

Ensures predefined is in list of predefined json values

Parameter
NameDescription
predefinedstr

validated JSON name of predefined acl

Exceptions
TypeDescription
:excValueError: If predefined is not a valid acl

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2026-01-29 UTC.