尽管我是所有者，但无法以所有者身份访问资源 [英] Can't access resource as OWNER despite the fact I'm the owner

问题描述

我正在尝试对存储桶和资源执行操作，但我不断收到拒绝访问错误

I'm trying to act on a bucket and resources but I keep getting access denied error

例如

```

$ gsutil ls -L gs://images/large

$ gsutil ls -L gs://images/large

gs://images/large/aa.png:
   Creation time:       Tue, 25 Nov 2014 20:03:19 GMT
   Cache-Control:       public, max-age=2592000
   Content-Length:      343034
   Content-Type:        image/png
   Generation:      1416945799570000
   Metageneration:      2
   ACL:     ACCESS DENIED. Note: you need OWNER permission
            on the object to read its ACL.

```

当我尝试运行 acl 操作或覆盖文件时也是如此.

Same when I try to run acl operations or override a file.

推荐答案

首先，我想提一下，作为存储桶所有者意味着您始终可以删除存储在该存储桶中的对象，但您可能不会如果默认 ACL 被覆盖，则具有对象所有者权限.这与存在超级用户概念的流行操作系统的工作方式不同.

First of all, I'd like to mention that being the bucket owner means that you are always allowed to delete the objects stored in that bucket but you may not have object owner permissions if the default ACLs were overridden. This is different from how popular operating systems work where there is the concept of a super-user.

您是否尝试使用现有的 服务帐户运行该命令 在您的项目中列出的 APIs &auth -> 凭证?

Did you try to run that command using the existing service accounts in your project listed in the Developers Console at APIs & auth -> Credentials?

如果您仍然收到该错误，则该对象可能是通过 App Engine 上传的.您可以使用以下代码在 Python 中制作 App Engine 应用程序，其中 使用 JSON API 列出对象 ACL，因为 App Engine 有自己的服务帐户 (<project ID>@appspot.gserviceaccount.com)，它与 Developers Console 中显示的不同.

If you are still getting that error, the object was probably uploaded through App Engine. You can make an App Engine application in Python with the following code which lists the object ACLs using the JSON API because App Engine has its own service account (<project ID>@appspot.gserviceaccount.com) and it's different from that appear in the Developers Console.

#!/usr/bin/env python                                                                                                                     
import webapp2
from google.appengine.api import app_identity
from google.appengine.api import urlfetch


class MainPage(webapp2.RequestHandler):
    def get(self):
        scope = "https://www.googleapis.com/auth/devstorage.full_control"
        authorization_token, _ = app_identity.get_access_token(scope)
        acls = urlfetch.fetch(
            "https://www.googleapis.com/storage/v1/b/<bucket>/o/<object/acl",
            method=urlfetch.GET,
            headers = {"Content-Type": "application/json", "Authorization": "OAuth " + authorization_token})
        self.response.headers['Content-Type'] = 'application/json'
        self.response.write(acls.content)

application = webapp2.WSGIApplication([
    ('/', MainPage),
], debug=True)

这篇关于尽管我是所有者，但无法以所有者身份访问资源的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！