Storage bucket uniform access control should be enabled


Cloud Storage bucket permissions should not be configured to allow ‘allUsers’ or ‘allAuthenticatedUsers’ access. These permissions provides broad, public access, which can result in unknown or undesired data access.

Remediation Steps

Google Cloud Console

  • Navigate to Storage browser.

  • Click on the bucket name to go to the Bucket details page.


  • Click Delete next to any allUsers and allAuthenticatedUsers role assignments.

gcloud CLI

  • Remove allUsers access from the bucket:

    • gsutil iam ch -d allUsers gs://BUCKET_NAME

  • Remove allAuthenticatedUsers access from the bucket:

    • gsutil iam ch -d allAuthenticatedUsers gs://BUCKET_NAME