Hands-On Machine Learning on Google Cloud Platform
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Accessing control lists

The documentation says it best, Access Control Lists (ACLs) allow you to control who can read and write your data, and who can read and write the ACLs themselves.

If not specified at the time an object is uploaded (e.g., via the gsutil cp -a option),
objects will be created with a default object ACL set on the bucket (see gsutil help
defacl https://cloud.Google.com/storage/docs/gsutil/commands/defacl). You can
replace the ACL on an object or bucket using the gsutil acl set command, or modify the existing ACL using the gsutil acl ch command (see gsutil help acl: https://cloud.Google.com/storage/docs/gsutil/commands/acl).

ACL are assigned to objects (files) or buckets. By default all files in a bucket have the same
ACL as the bucket they're in.
A couple of points to remember are:

  • There is no write access for objects; attempting to set an ACL with write
    permission for an object will result in an error
  • The object ACL is what determines read access independently of the bucket ACL read settings. (the folder permissions does not override the file access. )

Several presets are available. The available canned ACLs are:

  • Project-private: Gives permission to the project team based on their roles.
    Anyone who is part of the team has read permission, and project owners and
    project editors have owner permission. This is the default ACL for newly created
    buckets. This is also the default ACL for newly created objects unless the default
    object ACL for that bucket has been changed. For more details see gsutil help
    projects.
  • Private: Gives the requester (and only the requester) owner permission for a
    bucket or object.
  • Public-read: Gives all users (whether logged in or anonymous) read permission.
    When you apply this to an object, anyone on the internet can read the object
    without authenticating.
  • Public-read-write: Gives all users read and write permission. This ACL applies
    only to buckets. Setting a bucket to public-read-write will allow anyone on the
    internet to upload anything to your bucket. You will be responsible for this
    content. There are other settings, check the doc.
上一章目录下一章