堆栈内存溢出
  简体   繁体   English

当我们在 Google 云中从 Fine grain 切换到 Uniform 时,ServiceAccount 会发生什么

[英]what would happen to ServiceAccount when we switch from Fine grain to Uniform in Google cloud

 原文  2021-01-25 19:05:08       google-cloud-platform/ cloud-security

问题描述

We are thinking of switching from Fine grain to Uniform in Google cloud.我们正在考虑在 Google 云中从 Fine grain 切换到 Uniform。 Not sure how the serviceaccounts would behave which are part of fine grained ACL list?不确定作为细粒度 ACL 列表一部分的服务帐户的行为方式? Which they loose access?他们失去了访问权限?

1 个解决方案

解决方案1
 2  2021-01-25 21:39:00

When you enable uniform bucket-level access on a bucket, Access Control Lists (ACLs) are disabled, and only bucket-level Cloud Identity and Access Management (Cloud IAM) permissions grant access to that bucket and the objects it contains.当您对存储桶启用统一的存储桶级别访问权限时,访问控制列表 (ACL) 会被禁用,并且只有存储桶级别的 Cloud Identity and Access Management (Cloud IAM) 权限会授予对该存储桶及其包含的对象的访问权限。 Since Project Editors and Owners roles do not include the "storage.objects.get" permission, they must be added manually.由于项目编辑和所有者角色不包括“storage.objects.get”权限,因此必须手动添加。

If you would like to see the different types of roles that are associated with Cloud Storage permissions, this link will be helpful.如果您想查看与 Cloud Storage 权限关联的不同类型的角色, 此链接将很有帮助。

You can also review the documentation regarding Considerations when migrating and enabling uniform bucket-level access on an existing bucket.您还可以查看有关在现有存储桶上迁移和启用统一存储桶级别访问时的注意事项的文档

When you enable uniform bucket-level access on an existing bucket, you should ensure that users and services that previously relied on ACLs for access have their permissions migrated to Cloud IAM.当您对现有存储桶启用统一存储桶级访问权限时,您应确保之前依赖 ACL 进行访问的用户和服务已将其权限迁移到 Cloud IAM。

When migrating to uniform bucket-level access, you should check to see if objects in the bucket are being accessed through the ACLs applied to them.迁移到统一存储桶级别访问时,您应该检查存储桶中的对象是否正在通过应用于它们的 ACL 进行访问。 To check this, Cloud Monitoring has a metric that tracks ACL usage.为了检查这一点, Cloud Monitoring有一个跟踪 ACL 使用情况的指标。 If this metric indicates users or services rely on ACLs for access to your objects, you should assign Cloud IAM equivalents to the bucket before enabling uniform bucket-level access.如果此指标表明用户或服务依赖 ACL 访问您的对象,您应该在启用统一的存储桶级别访问之前将Cloud IAM 等效项分配给存储桶。

Note : Once you enable uniform bucket-level access, you have 90 days to switch back to fine-grained access before uniform bucket-level access becomes permanent. 注意:启用统一存储桶级访问权限后,您有 90 天的时间切换回细粒度访问,然后统一存储桶级访问权限变为永久。

If this information was helpful, please mark this answer as accepted如果此信息有帮助,请将此答案标记为已接受

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如果Google Cloud SQL只读副本出现故障怎么办? - What happen if Google Cloud SQL read replica goes down? Google API后端错误-如果我们使用Google Cloud Client Library,我们会看到更少的后端错误吗? - Google API backend error - if we use Google Cloud Client Library, would we see less Backend Errors? 是否可以在 Google Cloud Platform (GCP) 上的每日粒度内设置成本提醒? - Is it possible to set a cost alert within a daily grain on Google Cloud Platform (GCP)? 当您将服务帐号分配给 Cloud Run 服务时,究竟会发生什么? - When you assign service account to a Cloud Run service, what does exactly happen? 想从 Google Cloud Profiler 获取构建信息 - Would like to get build information from Google Cloud Profiler 如何防止Google Cloud API吞下异常? - How can we prevent Google Cloud API from swallowing exceptions? 我们可以使用Google Cloud中的导出图像来从Google Cloud之外的图像创建实例吗 - can we use exported images in google cloud to create a instance from that image outside google cloud 当我们将数据从加密的 AWS S3 存储桶发送到加密的 Google Cloud Storage 存储桶时,该数据在传输过程中是否加密? - When we send data from an encrypted AWS S3 bucket to an encrypted Google Cloud Storage bucket, is that data encrypted in transit? 在谷歌云中执行谷歌云 function 时出错,但在本地工作正常 - Error executing google cloud function in google cloud, but working fine in local 如果我制作视频通话应用程序,谷歌云平台的带宽成本是多少? - What would be the cost of bandwidth on google cloud platforms if i make a video calling app?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM