Which Google account owns the Terra buckets?

Post author

Hi, I created a workspace through Terra, but then tried to make various privileged API calls to GCP, such as: 

gsutil iam get gs://bucket-name

However seemingly I'm not able to do this, even using the same Google account that was used to log in to Terra. In fact I'm not even able to see which user owns the bucket. Does this mean that Terra itself is the owner of our bucket? Does that have implications for data storage agreements?



  • Comment author
    Pamela Bretscher

    Hi Migwell,

    Thanks for writing in with this! A member of the Terra support team will follow up with you as soon as they are able.

    If relevant, please let us know if there is any urgency around this request so that the team can prioritize it appropriately.

    Kind regards,


  • Comment author
    Samantha (she/her)

    Hi Migwell,

    What you are seeing is expected behavior. When you create a workspace in Terra, Terra creates a Google project and storage bucket on your behalf. You can store anything you want in your bucket, but for security purposes, Terra maintains ownership of all projects and buckets created by users on the platform. Therefore, you wouldn't be able to get/set IAM permissions using that gsutil command. Permission to the bucket is given by sharing the Terra workspace that it's associated with. So, if you wanted to see who has access to the bucket or grant access to the bucket, you would just need to click on the 'Share' option in the three-dots menu of your workspace to view the current list of collaborators and share with others:

    See Sharing data and tools with workspace access controls for more information on what type of access is granted with each role.



Please sign in to leave a comment.