[英]Allow Public Read access on a GCS bucket?
I am trying to allow anonymous (or just from my applications domain) read access for files in my bucket.我正在尝试允许匿名(或仅来自我的应用程序域)读取我的存储桶中的文件。
When trying to read the files I get尝试读取我得到的文件时
``` ```
<Error>
<Code>AccessDenied</Code>
<Message>Access denied.</Message>
<Details>
Anonymous users does not have storage.objects.get access to object.
</Details>
</Error>
``` ```
I also tried to add a domain with the object default permissions dialog in the google cloud console.我还尝试在谷歌云控制台中使用 object 默认权限对话框添加域。 that gives me the error "One of your permissions is invalid. Make sure that you enter an authorized id or email for the groups and users and a domain for the domains"这给我错误“您的权限之一无效。确保为组和用户输入授权 ID 或 email,为域输入域”
I have also looked into making the ACL for the bucket public-read
.我还研究了为存储桶public-read
创建 ACL。 My only problem with this is that it removes my ownership over the bucket.我唯一的问题是它删除了我对存储桶的所有权。 I need to have that ownership since I want to allow uploading from a specific Google Access Id.我需要拥有该所有权,因为我想允许从特定的 Google 访问 ID 上传。
You can also do it from the console.您也可以从控制台执行此操作。
https://console.cloud.google.com/storage/ https://console.cloud.google.com/storage/
Choose edit the bucket permissions:选择编辑存储桶权限:
Input "allUsers" in Add Members option and "Storage Object Viewer" as the role.在添加成员选项中输入“allUsers”,角色为“存储对象查看器”。 Then go to "Select a role" and set "Storage" and "Storage Object Legacy" to "Storage Object View"然后转到“选择角色”并将“存储”和“存储对象遗留”设置为“存储对象视图”
You can use gsutil to make new objects created in the bucket publicly readable without removing your ownership.您可以使用 gsutil 使在存储分区中创建的新对象公开可读,而无需删除您的所有权。 To make new objects created in the bucket publicly readable:要使存储桶中创建的新对象公开可读:
gsutil defacl ch -u AllUsers:R gs://yourbucket
If you have existing objects in the bucket that you want to make publicly readable, you can run:如果您希望将存储桶中的现有对象设为公开可读,您可以运行:
gsutil acl ch -u AllUsers:R gs://yourbucket/**
Using IAM roles, to make the files readable, and block listing:使用 IAM 角色,使文件可读,并阻止列表:
gsutil iam ch allUsers:legacyObjectReader gs://bucket-name
To make the files readable, and allow listing:要使文件可读,并允许列出:
gsutil iam ch allUsers:objectViewer gs://bucket-name
Add a permission for allUsers.为所有用户添加权限。
Once shared publicly, a link icon appears in the public access column.公开共享后,公共访问列中会出现一个链接图标。 You can click on this icon to get the URL for the object.您可以单击此图标以获取对象的 URL。
Instruction on Making Data Public from Google Cloud Docs从 Google Cloud Docs 公开数据的说明
如果您在firebase 函数中上传文件,则需要在引用对象上调用makePublic()
以使其无需传递令牌即可访问。
If you want to allow specific bucket to be accessible with the specific "folder/content" then you have to specify in the command: gsutil iam -r ch allUsers:legacyObjectReader gs://your-bucket/your-files/**
如果要允许使用特定的“文件夹/内容”访问特定的存储桶,则必须在命令中指定: gsutil iam -r ch allUsers:legacyObjectReader gs://your-bucket/your-files/**
You can allow all users to read files in your bucket on Cloud Storage.您可以允许所有用户读取您在 Cloud Storage 上的存储桶中的文件。
First, in Bucket details , click on "PERMISSIONS" then "ADD" :首先,在Bucket details中,点击“PERMISSIONS”然后点击“ADD” :
Then, type "allUsers" :然后,输入“allUsers” :
Then, select the role "Storage Legacy Object Reader" so that all users can read files:然后,select角色“Storage Legacy Object Reader”让所有用户都可以读取文件:
Then, click on "SAVE" :然后,点击“保存” :
Then, you should be asked as shown below so click on "ALLOW PUBLIC ACCESS" :然后,您会被询问如下所示,因此请单击“允许公共访问” :
Finally, you can allow all users to read files in your bucket:最后,您可以允许所有用户读取您存储桶中的文件:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.