Associate Data Practitioner

Unlock the power of your data in the cloud! Get hands-on with Google Cloud's core data services like BigQuery and Looker to validate your practical skills in data ingestion, analysis, and management, and earn your Associate Data Practitioner certification!

Practice Test

Fundamental
Exam

Compare methods of access control for Cloud Storage (e.g., public or private access, uniform access)

4.1 Configure access control and governance

Analyze the Characteristics of Public, Private, and Uniform Access

Access control in Google Cloud Storage defines who can view or modify your data. Public access makes buckets or objects available to anyone on the internet. Private access ensures only named users or service accounts can reach your data. Uniform access applies a single policy at the bucket level, removing per-object permissions and reducing complexity.

Public access is set by granting roles like storage.objectViewer to the allUsers or allAuthenticatedUsers identity. This setup lets anyone with a link read the data without signing in. Public buckets are great for hosting static websites, blog assets, or sharing open research datasets. However, making sensitive files public can lead to privacy or compliance risks if not managed carefully.

Private access is the default mode when you create a new bucket or object. You use IAM roles or ACLs to grant permissions to specific users, groups, or service accounts. This gives you precise control over who can list, read, or write your objects. Storing backups, confidential files, or application logs in private buckets helps protect data integrity and meet regulatory compliance requirements.

Uniform access turns off individual object ACLs and applies one consistent IAM policy across an entire bucket. This mode:

  • Eliminates confusion by removing per-object permissions
  • Simplifies administration with a single set of rules
  • Strengthens security through uniform policy enforcement
    By using uniform access, you reduce errors and make it easier to govern and audit your cloud storage by ensuring all objects follow the same access rules.

Conclusion

Choosing between public, private, and uniform access depends on your needs for sharing and security. Public buckets provide easy sharing but come with privacy and compliance concerns. Private buckets keep your sensitive data safe with fine-grained controls, while uniform access simplifies policy management and reduces errors. Understanding these methods helps you design a cloud storage strategy that balances convenience and protection for your data.

Differentiate between basic roles, predefined roles, and permissions for data services (e.g., BigQuery, Cloud Storage)Determine when to share data using Analytics Hub