diff --git a/changelog/unreleased/issue-3100 b/changelog/unreleased/issue-3100
new file mode 100644
index 000000000..8ce0a7eda
--- /dev/null
+++ b/changelog/unreleased/issue-3100
@@ -0,0 +1,10 @@
+Bugfix: Do not require gs bucket permissions when running init 
+
+Restic used to require bucket level permissions for the gs backend 
+in order to initialize a restic repository.
+
+It now allows a gs service account to initialize a repository if the 
+bucket does exist and the service account has permissions to write/read
+to that bucket.
+
+https://github.com/restic/restic/issues/3100
diff --git a/internal/backend/gs/gs.go b/internal/backend/gs/gs.go
index 096420be7..0b0cea8be 100644
--- a/internal/backend/gs/gs.go
+++ b/internal/backend/gs/gs.go
@@ -136,6 +136,11 @@ func Create(cfg Config, rt http.RoundTripper) (restic.Backend, error) {
 	ctx := context.Background()
 	exists, err := be.bucketExists(ctx, be.bucket)
 	if err != nil {
+		if e, ok := err.(*googleapi.Error); ok && e.Code == http.StatusForbidden {
+			// the bucket might exist!
+			// however, the client doesn't have storage.bucket.get permission
+			return be, nil
+		}
 		return nil, errors.Wrap(err, "service.Buckets.Get")
 	}