Google Cloud Platform中的Project Browser角色和Project Viewer角色有什么区别 [英] What's the difference between Project Browser role and Project Viewer role in Google Cloud Platform

问题描述

根据控制台弹出窗口，项目浏览器"角色具有对项目资源的浏览权限，而项目查看器"具有对这些资源的读取权限.

According to the console popup, the Project Browser role has browse access to the project's resources while the Project Viewer has read access to those resources.

这是否意味着使用浏览器角色我只能列出存储在项目存储区中的文件名，但是我需要查看者角色才能下载这些文件?

Does this mean that with the browser role I can only list the filenames stored in the project's buckets but I need viewer role to download those files?

推荐答案

这是否意味着使用浏览器角色，我只能列出 文件名存储在项目的存储桶中，但我需要查看者角色 下载那些文件?

Does this mean that with the browser role I can only list the filenames stored in the project's buckets but I need viewer role to download those files?

浏览器角色roles/browser没有访问Google Cloud Storage的任何权限.您无法列出存储桶中的对象.查看者角色roles/viewer没有查看(下载)Google Cloud Storage对象的权限.

The browser role roles/browser does not have any permissions to access Google Cloud Storage. You cannot list the objects in the bucket. The viewer role roles/viewer does not have permissions to view (download) Google Cloud Storage objects.

要更好地理解角色，您需要知道角色包含哪些权限.

To better understand roles, you need to know what permissions a role contains.

如果您担任角色roles/browser并查看权限:

If you take the role roles/browser and view the permissions:

gcloud iam roles describe roles/browser

您将发现此角色具有以下六个权限:

You will find that this role has the following six permissions:

description: Access to browse GCP resources.
etag: AA==
includedPermissions:
- resourcemanager.folders.get
- resourcemanager.folders.list
- resourcemanager.organizations.get
- resourcemanager.projects.get
- resourcemanager.projects.getIamPolicy
- resourcemanager.projects.list
name: roles/browser
stage: GA
title: Browser

请注意，此角色无权访问Google Cloud Storage.

Notice that this role has no permissions to Google Cloud Storage.

相比之下，如果查看roles/viewer的权限，则会发现此角色具有721权限.我已将此清单限制为仅具有存储权限:

In comparison if you review the permissions for roles/viewer you will find that this role has 721 permissions. I have limited this listing to just the storage permissions:

storage.buckets.list

您将看到此角色仅具有列出存储桶内容的权限.没有授予查看存储桶中对象内容的权限.

You will see that this role only has permission to list the contents of a bucket. No permissions are granted to view the contents of an object in a bucket.

要查看(下载)Google Cloud Storage对象，您需要具有storage.objects.get权限.这包含在角色roles/storage.object.viewer，roles/storage.objectAdmin，roles/storage.admin和roles/storage.legacyObjectReader中.

In order to view (download) a Google Cloud Storage object, you need the storage.objects.get permission. This is contained in the roles roles/storage.object.viewer, roles/storage.objectAdmin, roles/storage.admin and roles/storage.legacyObjectReader.

这篇关于Google Cloud Platform中的Project Browser角色和Project Viewer角色有什么区别的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！