Google Cloud Storage ACL not working for bucket

I granted access to certain users by their emails on my bucket, hosted on Google Cloud Storage. (like... jane@gmail.com). however, whenever that person is logged in to their gmail account on chrome, they can't access the file. it just says permission denied. what's going on?

the link i'm using is something like: http://storage.googleapis.com/my-bucket/my-object

and on my dashboard, i've DEFINITELY configured their gmail accounts to be able to access my bucket (and also even specific files).

i also tried to use the gsutil tool, as such:

gsutil acl ch -u jane@gmail.com:R gs://finance-marketing

but i keep getting some code 401 Login Required message. am i misunderstanding something? do specific users have to all download gsutil and grant themselves access somehow?

When you grant access, you are granting the user permission to access the object using OAuth2 credentials. The Developers Console performs this authentication behind the scenes, but Chrome doesn't know anything about it, which is why the link you showed doesn't work.

Without granting the user access to the project itself (at which point they would be able to use the console browser), you need the user to use a tool that understands OAuth2, such as gsutil.

You could also leverage the console's behind-the-scenes OAuth2 by providing the user with a link from within the console itself, such as: https://console.developers.google.com/m/cloudstorage/b/your-bucket-name/o/your-object-name - this should work in Chrome provided the user is logged in.

Finally, another option for accessing via Chrome is to use Cookie auth as described here https://developers.google.com/storage/docs/authentication. Then you can provide a URL of the form: https://storage.cloud.google.com/your-bucket-name/your-object-name

If you choose the gsutil route, you need to run: