Peertube S3 Object Storage - Access Permissions?

Should these be set to:

Read Only
Write Only
Read and Write

Also, after the bucket has been created, how do you « give » it the CORS file?

Peertube documentation states that the Object Storage should be made public. Is this really necessary or desirable?