托管服務帳戶在添加 ObjectAccessControl 時沒有足夠的權限

Question

嘗試在部署管理器上添加對象控制訪問：

- type: storage.v1.objectAccessControl
  name: url-access
  properties:
    role: READER
    bucket: "bucket"
    object: "object"
    entity: "email"

我收到了這個錯誤：

ERROR: (gcloud.deployment-manager.deployments.update) Error in Operation [operation-1574856490078-59852d9a9d256-4d665591-d57c3ea1]: errors:
- code: RESOURCE_ERROR
  location: /deployments/.../resources/user-access
  message: '{
    "ResourceType": "storage.v1.objectAccessControl",
    "ResourceErrorCode": "403",
    "ResourceErrorMessage": {
        "code": 403,
        "errors": [
            {
                "domain": "global",
                "message": "MANAGED_SA@cloudservices.gserviceaccount.com does not have storage.objects.get access to bucket/file.",
                "reason": "forbidden"
            }
        ],
        "message": "MANAGED_SA@cloudservices.gserviceaccount.com does not have storage.objects.get access to bucket/file.",
        "statusMessage": "Forbidden",
        "requestPath": "https://www.googleapis.com/storage/v1/b/bucket/o/file/acl",
        "httpMethod": "POST",
        "suggestion": "Consider granting permissions to MANAGED_SA@cloudservices.gserviceaccount.com"
    }
}'

奇怪的事實：默認情況下，MANAGED-SA 對項目具有編輯訪問權限。 即使設置了 Owner Access，我仍然收到此消息

Answer 1

只需為服務帳戶添加角色 `MANAGED_SA@cloudservices.gserviceaccount.com: "Storage Object Admin"。 查看器不夠

托管服務帳戶在添加 ObjectAccessControl 時沒有足夠的權限

問題描述

1 個解決方案

解決方案1
1 已采納 2019-11-27 15:11:16

托管服務帳戶在添加 ObjectAccessControl 時沒有足夠的權限

問題描述

1 個解決方案

解決方案1 1 已采納 2019-11-27 15:11:16

解決方案1
1 已采納 2019-11-27 15:11:16