Summary
We've identified an issue in which Workspace READERs can't seem to use the Terra-UI to download files. WRITERs and OWNERs can. However, if a READER is made a WRITER and then changed back to a READER, it seems to work.
We did some investigation here, and it appears to be a billing issue. When we sign a URL, we pass in the workspace project in as the user project param to sign the URL. This lets us support Requester Pays buckets. However, a reader on a workspace is not granted billing permission. So, when we include the workspace project to sign a URL for a blob in the workspace bucket, Google checks to see if the user can spend the money based on the user project. Because a reader doesn't have billing access, the request fails.
See the Timeline section for the latest troubleshooting and resolution updates and the Impact section to understand how this could impact your system use.
Timeline
June 13, 2023, 4:49 PM - Issue Remediation - Engineers worked on a fix that will be implemented after the next release, Thursday, June 15, 2023.
June 13, 2023, 4:09 PM - Issue Escalation - The issue was identified as a production incident after reproducing the behavior.
June 2, 2023, 6:12 PM - Issue Reported - Users reported errors when attempting to download data from a shared workspace.
May 22, 2023 - Issue Inception - A merge that made Sam use the workspace project as the requester pays project created the billing issue.
Impact
This issue impacts READ-only users that do not have OWNER or WRITER permissions to a Requester Pays enabled workspace.
For more information
Please follow this article to get the most up-to-date information on this incident. If you would like to be notified of all service incidents or upcoming scheduled maintenance, click Follow on this page.