IAM permissions for Cloud Storage MCP server methods

This page lists the Identity and Access Management (IAM) permissions required to run each Cloud Storage MCP server method.

You manage access to your Cloud Storage resources by granting roles to users and groups. Each role contains specific permissions. You can use these permissions to configure access control for your MCP server methods.

Method	Required IAM Permissions
`create_bucket`	`mcp.tools.call` `storage.buckets.create`
`get_object_metadata`	`mcp.tools.call` `storage.objects.get`
`list_buckets`	`mcp.tools.call` `storage.buckets.list`
`list_objects`	`mcp.tools.call` `storage.objects.list`
`read_object`	`mcp.tools.call` `storage.objects.get`
`read_text`	`mcp.tools.call` `storage.objects.get`
`write_text`	`mcp.tools.call` `storage.objects.create`

What's next

For a list of roles and the permissions they contain, see IAM Roles for Cloud Storage.
Assign IAM roles at the project and bucket level.

IAM permissions for Cloud Storage MCP server methods Stay organized with collections Save and categorize content based on your preferences.

What's next

IAM permissions for Cloud Storage MCP server methods