The documentation says it best, Access Control Lists (ACLs) allow you to control who can read and write your data, and who can read and write the ACLs themselves.
If not specified at the time an object is uploaded (e.g., via the gsutil cp -a option),
objects will be created with a default object ACL set on the bucket (see gsutil help
defacl https://cloud.Google.com/storage/docs/gsutil/commands/defacl). You can
replace the ACL on an object or bucket using the gsutil acl set command, or modify the existing ACL using the gsutil acl ch command (see gsutil help acl: https://cloud.Google.com/storage/docs/gsutil/commands/acl).
ACL are assigned to objects (files) or buckets. By default all files in a bucket have the same
ACL as the bucket they're in.
A couple of points to remember are:
- There is no write access for objects; attempting to set an ACL with write...
