Google Cloud Storage ACL不适用于存储桶 [英] Google Cloud Storage ACL not working for bucket

问题描述

我通过托管在Google Cloud Storage上的存储桶中的某些电子邮件授予了某些用户访问权限。 （例如... jane@gmail.com）。但是，只要此人在chrome上登录自己的Gmail帐户，他们就无法访问该文件。它只是说允许被拒绝。

I granted access to certain users by their emails on my bucket, hosted on Google Cloud Storage. (like... jane@gmail.com). however, whenever that person is logged in to their gmail account on chrome, they can't access the file. it just says permission denied. what's going on?

我正在使用的链接是这样的：
http://storage.googleapis.com/my-bucket/my-object

the link i'm using is something like: http://storage.googleapis.com/my-bucket/my-object

在我的信息中心中，我已经明确配置了他们的gmail帐户，以便能够访问我的存储桶（甚至是特定文件）。

and on my dashboard, i've DEFINITELY configured their gmail accounts to be able to access my bucket (and also even specific files).

我还尝试使用gsutil工具，

i also tried to use the gsutil tool, as such:

gsutil acl ch -u jane@gmail.com:R gs://finance-marketing

但是我不断收到一些代码401 需要登录消息。我误会了吗？特定用户是否必须全部下载gsutil并以某种方式授予自己访问权限？

but i keep getting some code 401 Login Required message. am i misunderstanding something? do specific users have to all download gsutil and grant themselves access somehow?

推荐答案

授予访问权限时，就是在授予用户权限使用OAuth2凭据访问对象。开发人员控制台在后台执行此身份验证，但是Chrome对此一无所知，这就是为什么您显示的链接不起作用。

When you grant access, you are granting the user permission to access the object using OAuth2 credentials. The Developers Console performs this authentication behind the scenes, but Chrome doesn't know anything about it, which is why the link you showed doesn't work.

如果不授予用户访问项目本身（此时他们将能够使用控制台浏览器），则需要用户使用能够理解OAuth2的工具，例如gsutil。

Without granting the user access to the project itself (at which point they would be able to use the console browser), you need the user to use a tool that understands OAuth2, such as gsutil.

您还可以通过向用户提供控制台本身内部的链接来利用控制台的后台OAuth2，例如：
https://console.developers.google.com/m/cloudstorage/b/your-bucket-name / o / your-object-name -只要用户已登录，它就可以在Chrome中正常工作。

You could also leverage the console's behind-the-scenes OAuth2 by providing the user with a link from within the console itself, such as: https://console.developers.google.com/m/cloudstorage/b/your-bucket-name/o/your-object-name - this should work in Chrome provided the user is logged in.

最后，通过Chrome访问的另一种方法是：如此处 https所述使用Cookie身份验证： //developers.google.com/storage/docs/authentication 。然后，您可以提供以下形式的URL：
https ：//storage.cloud.google.com/your-bucket-name/your-object-name

Finally, another option for accessing via Chrome is to use Cookie auth as described here https://developers.google.com/storage/docs/authentication. Then you can provide a URL of the form: https://storage.cloud.google.com/your-bucket-name/your-object-name

如果您选择gsutil路由，则需要运行：

If you choose the gsutil route, you need to run:

gsutil config

设置gsutil以使用您的凭据（要授予访问权限的用户也是如此）。

To set up gsutil to use your credentials (same goes for the user you want to grant access to).

这篇关于Google Cloud Storage ACL不适用于存储桶的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！