From f22138d846a05e6baa5304222f4a7c519912b841 Mon Sep 17 00:00:00 2001
From: David Kocher <dkocher@iterate.ch>
Date: Thu, 21 Nov 2024 09:37:22 +0100
Subject: [PATCH] Note about connecting to single bucket with Storage Object
 Viewer Role only.

---
 protocols/googlecloudstorage.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/protocols/googlecloudstorage.md b/protocols/googlecloudstorage.md
index 52fab907..488ff50c 100644
--- a/protocols/googlecloudstorage.md
+++ b/protocols/googlecloudstorage.md
@@ -46,6 +46,12 @@ Using *[Advanced Protection Program](https://support.google.com/accounts/answer/
 Users require an [IAM role](https://cloud.google.com/storage/docs/access-control/iam-roles) that includes the `storage.buckets.list` and `storage.buckets.get` permissions.
 :::
 
+:::{admonition} Storage Object Viewer Role
+:class: note
+
+When connecting with a user with a viewer role only, attempting to list buckets will show the error `…does not have storage.buckets.list access to the Google Cloud project. Permission 'storage.buckets.list' denied on resource (or it may not exist).`. You can still connect to a single bucket by entering the bucket name in _Path_.
+:::
+
 #### Reset OAuth Tokens
 
 If you have accidentally logged in with the wrong Google Cloud Storage username or want to change the login of the Google Cloud Storage bookmark delete the current bookmark and create a new one to start a new authentication flow.