Hi @v09028533,
Welcome to Google Cloud Community!
To better understand roles and permissions, roles are just bundles of permissions that grant a certain action on Google Cloud resources. Roles in IAM have three types: basic, predefined, and custom roles.
In your case, you will need to find the right predefined roles managed by Google Cloud that includes these permissions: storage.objects.get and storage.objects.create. Since the error you have encountered is related to Cloud Storage access, you may refer to IAM role and permission for Cloud Storage.
You might want to consider the Storage Object Admin role since it has less permissions and it grants access to create and get folders. Below are the steps to grant the role to your service account:
- Proceed to IAM & Admin.
- Locate your service account and click the pencil icon:
- Select a role: Storage Object Admin.
- Save your changes.
Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.