I have created a storage bucket in my GCP project and is trying to make it public. For that I already removed the constraint policy "Enforce Public Access Prevention" from my project. While running the below command in SDK I get the error "PreconditionException: 412 One or more users named in the policy do not belong to a permitted customer"
command --> gsutil iam ch allUsers:legacyObjectReader gs://[bucket_name]
Can anyone tell me what others anization contraints do i need to remove from the project policy to make my bucket public
I have created a storage bucket in my GCP project and is trying to make it public. For that I already removed the constraint policy "Enforce Public Access Prevention" from my project. While running the below command in SDK I get the error "PreconditionException: 412 One or more users named in the policy do not belong to a permitted customer"
command --> gsutil iam ch allUsers:legacyObjectReader gs://[bucket_name]
Can anyone tell me what others anization contraints do i need to remove from the project policy to make my bucket public
Share Improve this question asked 2 days ago BiswaBiswa 4052 gold badges5 silver badges14 bronze badges1 Answer
Reset to default 0I think you should remove this a policy from your project
Domain restricted sharing
constraints/iam.allowedPolicyMemberDomains
According to this documentation https://cloud.google/resource-manager/docs/anization-policy/restricting-domains#example_error_message
When the iam.allowedPolicyMemberDomains predefined constraint is violated by trying to add a principal that is not included in the allowed_values list, the operation will fail and then an error message will be displayed.
ERROR: (gcloud.projects.set-iam-policy) FAILED_PRECONDITION:
One or more users named in the policy do not belong to a permitted customer.