Which Google account owns the Terra buckets?
Hi, I created a workspace through Terra, but then tried to make various privileged API calls to GCP, such as:
gsutil iam get gs://bucket-name
However seemingly I'm not able to do this, even using the same Google account that was used to log in to Terra. In fact I'm not even able to see which user owns the bucket. Does this mean that Terra itself is the owner of our bucket? Does that have implications for data storage agreements?
Comments
2 comments
Hi Migwell,
Thanks for writing in with this! A member of the Terra support team will follow up with you as soon as they are able.
If relevant, please let us know if there is any urgency around this request so that the team can prioritize it appropriately.
Kind regards,
Pamela
Hi Migwell,
What you are seeing is expected behavior. When you create a workspace in Terra, Terra creates a Google project and storage bucket on your behalf. You can store anything you want in your bucket, but for security purposes, Terra maintains ownership of all projects and buckets created by users on the platform. Therefore, you wouldn't be able to get/set IAM permissions using that gsutil command. Permission to the bucket is given by sharing the Terra workspace that it's associated with. So, if you wanted to see who has access to the bucket or grant access to the bucket, you would just need to click on the 'Share' option in the three-dots menu of your workspace to view the current list of collaborators and share with others:
See Sharing data and tools with workspace access controls for more information on what type of access is granted with each role.
Best,
Samantha
Please sign in to leave a comment.