无法将“allUsers”添加到 GCP 项目
[英]can't add 'allUsers' to GCP project
问题描述
I have a GCP project and just for testing purpose, I want to grant the permission to 'allUsers'.
我有一个 GCP 项目,仅出于测试目的,我想授予“allUsers”权限。 But when I am trying to add, I am getting error Members of type allUsers and allAuthenticatedUsers cannot be added to this resource .但是当我尝试添加时,我收到Members of type allUsers and allAuthenticatedUsers cannot be added to this resource 。 Can somebody help me to understand what I am doing wrong or missing here?有人可以帮助我了解我做错了什么或错过了什么吗? Thanks谢谢
7 个解决方案
解决方案1
1 2021-09-17 02:06:14
Go to your bucket and revoke public access as in below image. Go 到您的存储桶并撤销公共访问权限,如下图所示。 Then go to your resource and add permission allUser然后 go 到您的资源并添加权限 allUser
解决方案2
0 2017-11-16 13:15:57
The member types permission used to grant allUser or allAuthenticatedUser access to certain Google Cloud resources such as buckets cannot be applied as project roles to projects. 用于授予allUser或allAuthenticatedUser访问某些Google Cloud资源(例如存储桶)的成员类型权限不能作为项目角色应用于项目。 Google Cloud projects provide different levels of access control that are different from those used with buckets, as explained in the following Access Control for Projects using IAM documentation. Google Cloud项目提供的访问控制级别不同于存储桶使用的访问控制级别,如以下使用IAM文档的项目访问控制中所述。
There is a three-level policy hierarchy in Google Cloud that puts projects and resources as separate entities. Google Cloud中有一个三级策略层次结构 ,可将项目和资源作为单独的实体放置。 In this hierarchy, policies are inheritable but do have different access control models which are not interchangeable. 在此层次结构中,策略是可继承的,但确实具有不可互换的不同访问控制模型。
You can grant to a Google Cloud project the following permissions: 您可以向Google Cloud项目授予以下权限:
roles/owner - Full access to all resources.
角色/所有者-完全访问所有资源。 roles/editor - Edit access to all resources.
角色/编辑者-编辑对所有资源的访问。 roles/viewer - Read access to all resources.
角色/查看器-读取对所有资源的访问权限。 roles/browser - Access to browse resources in the project.
角色/浏览器-访问项目中的资源。
The above project permissions can be fine-tuned at the resource level using member types as explained above. 如上所述,可以使用成员类型在资源级别微调以上项目权限。
解决方案3
0 2019-01-06 15:22:52
Sometimes it might be that you're trying to use a deprecated feature that is already no longer available in web UI and control panels but in fact, is still silently supported for thus who are unable to upgrade. 有时可能是因为您试图使用已过时的功能,该功能已在Web UI和控制面板中不再可用,但实际上,它仍然被无声支持,从而无法升级。
Granting a role for allUsers is one of these cases and you can find an example of such a case in this answer of a smart-things community. 为allUsers授予角色是这些情况之一,您可以在此智能事物社区的答案中找到此类情况的示例。
Regarding the: 关于:
Can somebody help me to understand what I am doing wrong or missing here?
You are trying to use insecure permissions that are strongly discouraged. 您正在尝试使用不鼓励使用的不安全权限。 And that is wrong, that is not available in some web user interfaces for a reason. 这是错误的,由于某些原因,它在某些Web用户界面中不可用。 But if Google would ditch such support at all, then IoT devices that are still dependent on this yet out of the reach of developers who could upgrade them would become inoperable, so new users unlikely to see such possibility but thus who used it in the passed will be stay operable. 但是,如果Google完全放弃这种支持,那么仍然依赖于此但仍无法开发的可以升级它们的开发人员将无法使用的IoT设备,因此新用户不太可能看到这种可能性,而是在过去的时间里使用了将保持可操作状态。
But if you were unfortunate to delete such permission and now you left a lot of IoT devices without an ability to publish for a PubSub topic (and upgrading devices is not a feasible option) then following mentioned answer from smart things community if you want to allow publishing for a topic bar of the project foo then you can use a set IAM policy API to apply a role roles/pubsub.publisher for allUsers 但是,如果您不幸删除了这样的权限,现在您留下了许多IoT设备,而无法发布PubSub主题(并且升级设备是不可行的选择),那么如果您愿意,请遵循智能事物社区的上述回答发布项目foo的主题bar ,则可以使用设置的IAM策略API来为allUsers应用角色roles/pubsub.publisher allUsers
A resource will be: projects/foo/topic/bar 资源将是: projects/foo/topic/bar
And policy object will be: 政策对象将是:
{
"policy": {
"bindings": [
{
"role": "roles/pubsub.publisher",
"members": [
"allUsers"
]
}
]
}
}
解决方案4
0 2019-10-01 20:02:05
Check the [docs](Project does not support allUsers and allAuthenticatedUsers as members in a Binding of a Policy.). 检查[docs](项目不支持allUsers和allAuthenticatedUsers作为策略绑定中的成员。)。
Project does not support allUsers and allAuthenticatedUsers as members in a Binding of a Policy.
解决方案5
0 2021-09-05 08:45:26
Try to remove the prevent public access in permissions of your GCP cloud storage bucket.尝试删除 GCP 云存储桶权限中的阻止公共访问。 This allows to have fine granular control on individual objects.这允许对单个对象进行精细控制。 So that one or many objects in the bucket can be public.这样桶中的一个或多个对象就可以是公开的。 Public access prevention prevents data in your organization or project from being accidentally exposed to the public.公共访问预防可防止您的组织或项目中的数据意外暴露给公众。 When you enforce public access prevention on a new or existing Cloud Storage resource, no one in your organization can make data public through IAM policies or ACLs.当您对新的或现有的 Cloud Storage 资源实施公共访问保护时,您组织中的任何人都无法通过 IAM 政策或 ACL 公开数据。 For more see the docs here有关更多信息,请参阅 此处的文档
解决方案6
0 2021-10-01 20:56:26
Disable the prevention to public access禁用对公共访问的预防
- Go to permissions (right-hand side of configuration) Go 权限(配置右侧)
- Disable public access prevention.禁用公共访问预防。
- then again try to make image public it'll work然后再次尝试公开图像它会起作用
解决方案7
0 2022-09-13 17:47:26
Click em "Edit Access" in your bucket, then remove public access, then try again, you will be able to set allUsers in permissions.在您的存储桶中单击“编辑访问权限”,然后删除公共访问权限,然后重试,您将能够设置所有用户的权限。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.