...
- Policies are attached to buckets and are a list of statements about actions allowed or denied for that bucket only.
- Policies override the default project permissions , so you must also grant those permissions to the project itself or you may so care should be taken not to lock yourself out of the bucket.
- Any DENY in a policy statement counts as a negative permission overall for that action, even if there is also an ALLOW elsewhere.
- Policies only grant visibility of objects in a bucket, not visibility of the bucket itself.
...