In most cases, Cloud Identity and Access Management (Cloud IAM) is the recommended method for controlling access to your resources.
Cloud IAM and ACLs work in tandem to grant access to your buckets and objects: a user only needs permission from either Cloud IAM or an ACL to access a bucket or object.
You most likely want to use ACLs if you need to customize access to individual objects within a bucket, since Cloud IAM permissions apply to all objects within a bucket.
However, you should still use Cloud IAM for any access that is common to all objects in a bucket, because this reduces the amount of micro-managing you have to do.
Hope it helps!!
If you need to know more about Google Cloud, We recommend joining GCP Certification course today.