是否有可能只允许添加新文件的存储桶? [英] Is it possible to have a bucket that only allows new files to be added?

问题描述

我在这里的目标是使用GCP作为备份介质，该介质仅允许保存其他文件.

My goal here is to use GCP as a backup medium that would only allow additional files to be saved.

因此，不允许任何文件修改.这是本地支持的吗?

So no file modifications would be permitted. Is this supported natively?

推荐答案

是的，这可以通过多种方式实现.一种选择是授予执行IAM许可的帐户"roles/storage.objectCreator".并且没有其他权限.

Yes, this is possible in several ways. One option would be to grant the account doing the writing the IAM permission "roles/storage.objectCreator" and no other permissions.

另一个更强大的选择是使用GCS保留策略，以确保在对象创建后的几个月或几年内，没有用户可以删除对象.请参见 https://cloud.google.com/storage/docs/bucket-lock详细信息.

Another, stronger option would be to use GCS retention policies to ensure that no user can delete objects for a period of months or years after the object is created. See https://cloud.google.com/storage/docs/bucket-lock for details.

要点在于您运行:

gsutil retention set TIME_DURATION gs://BUCKET_NAME

设置保留策略.仔细测试它，并对其感到满意后，可以选择运行此(危险地不可撤消)命令将其锁定在适当的位置，以便无法将其删除:

to set a retention policy. Test it carefully, and once you're happy with it, you may choose to run this (dangerously irrevocable) command to lock the policy in place so that you cannot remove it:

gsutil retention lock gs://BUCKET_NAME

这篇关于是否有可能只允许添加新文件的存储桶?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！