JSON 方法所需的 Cloud IAM 权限

下表列出了在指定资源上运行每个 Cloud Storage JSON 方法所需的 Cloud Identity and Access Management (Cloud IAM) 权限。

资源	方法	所需的 Cloud IAM 权限¹
`BucketAccessControls`	`delete`	`storage.buckets.get`
		`storage.buckets.getIamPolicy`
		`storage.buckets.setIamPolicy`
		`storage.buckets.update`
`BucketAccessControls`	`get`	`storage.buckets.get`
`BucketAccessControls`	`get`	`storage.buckets.getIamPolicy`
`BucketAccessControls`	`insert`	`storage.buckets.get`
		`storage.buckets.getIamPolicy`
		`storage.buckets.setIamPolicy`
		`storage.buckets.update`
`BucketAccessControls`	`list`	`storage.buckets.get`
`BucketAccessControls`	`list`	`storage.buckets.getIamPolicy`
`BucketAccessControls`	`patch`	`storage.buckets.get`
		`storage.buckets.getIamPolicy`
		`storage.buckets.setIamPolicy`
		`storage.buckets.update`
`BucketAccessControls`	`update`	`storage.buckets.get`
		`storage.buckets.getIamPolicy`
		`storage.buckets.setIamPolicy`
		`storage.buckets.update`
`Buckets`	`delete`	`storage.buckets.delete`
`Buckets`	`get`	`storage.buckets.get`
`Buckets`	`get`	`storage.buckets.getIamPolicy`²
`Buckets`	`getIamPolicy`	`storage.buckets.getIamPolicy`
`Buckets`	`insert`	`storage.buckets.create`
`Buckets`	`list`	`storage.buckets.list`
`Buckets`	`list`	`storage.buckets.getIamPolicy`²
`Buckets`	`lockRetentionPolicy`	`storage.buckets.update`
`Buckets`	`patch`	`storage.buckets.update`
		`storage.buckets.getIamPolicy`³
		`storage.buckets.setIamPolicy`⁵
`Buckets`	`setIamPolicy`	`storage.buckets.setIamPolicy`
`Buckets`	`testIamPermissions`	无
`Buckets`	`update`	`storage.buckets.setIamPolicy`
`Buckets`	`update`	`storage.buckets.update`
`Channels`	`stop`	无
`DefaultObjectAccessControls`	`delete`	`storage.buckets.get`
		`storage.buckets.getIamPolicy`
		`storage.buckets.setIamPolicy`
		`storage.buckets.update`
`DefaultObjectAccessControls`	`get`	`storage.buckets.get`
`DefaultObjectAccessControls`	`get`	`storage.buckets.getIamPolicy`
`DefaultObjectAccessControls`	`insert`	`storage.buckets.get`
		`storage.buckets.getIamPolicy`
		`storage.buckets.setIamPolicy`
		`storage.buckets.update`
`DefaultObjectAccessControls`	`list`	`storage.buckets.get`
`DefaultObjectAccessControls`	`list`	`storage.buckets.getIamPolicy`
`DefaultObjectAccessControls`	`patch`	`storage.buckets.get`
		`storage.buckets.getIamPolicy`
		`storage.buckets.setIamPolicy`
		`storage.buckets.update`
`DefaultObjectAccessControls`	`update`	`storage.buckets.get`
		`storage.buckets.getIamPolicy`
		`storage.buckets.setIamPolicy`
		`storage.buckets.update`
`Notifications`	`delete`	`storage.buckets.update`
`Notifications`	`get`	`storage.buckets.get`
`Notifications`	`insert`	`storage.buckets.update`
`Notifications`	`list`	`storage.buckets.get`
`ObjectAccessControls`	`delete`	`storage.objects.get`
		`storage.objects.getIamPolicy`⁶
		`storage.objects.setIamPolicy`⁶
		`storage.objects.update`
`ObjectAccessControls`	`get`	`storage.objects.get`
`ObjectAccessControls`	`get`	`storage.objects.getIamPolicy`⁶
`ObjectAccessControls`	`insert`	`storage.objects.get`
		`storage.objects.getIamPolicy`⁶
		`storage.objects.setIamPolicy`⁶
		`storage.objects.update`
`ObjectAccessControls`	`list`	`storage.objects.get`
`ObjectAccessControls`	`list`	`storage.objects.getIamPolicy`⁶
`ObjectAccessControls`	`patch`	`storage.objects.get`
		`storage.objects.getIamPolicy`⁶
		`storage.objects.setIamPolicy`⁶
		`storage.objects.update`
`ObjectAccessControls`	`update`	`storage.objects.get`
		`storage.objects.getIamPolicy`⁶
		`storage.objects.setIamPolicy`⁶
		`storage.objects.update`
`Objects`	`compose`	`storage.objects.create`
		`storage.objects.delete⁴`
		`storage.objects.get`
`Objects`	`copy`	`storage.objects.create`（针对目标存储分区）
		`storage.objects.delete`（针对目标存储分区）⁴
		`storage.objects.get`（针对源存储分区）
`Objects`	`delete`	`storage.objects.delete`
`Objects`	`get`	`storage.objects.get`
`Objects`	`get`	`storage.objects.getIamPolicy`²^、6
`Objects`	`insert`	`storage.objects.create`
`Objects`	`insert`	`storage.objects.delete`⁴
`Objects`	`list`	`storage.objects.list`
`Objects`	`list`	`storage.objects.getIamPolicy`²^、6
`Objects`	`patch`	`storage.objects.get`
		`storage.objects.getIamPolicy`⁶
		`storage.objects.update`
		`storage.objects.setIamPolicy`³^、6
`Objects`	`rewrite`	`storage.objects.create`（针对目标存储分区）
		`storage.objects.delete`（针对目标存储分区）⁴
		`storage.objects.get`（针对源存储分区）
`Objects`	`update`	`storage.objects.setIamPolicy`⁶
`Objects`	`update`	`storage.objects.update`
`Objects`	`watchAll`	`storage.buckets.update`
`Projects.hmacKeys`	`create`	`storage.hmacKeys.create`
`Projects.hmacKeys`	`delete`	`storage.hmacKeys.delete`
`Projects.hmacKeys`	`get`	`storage.hmacKeys.get`
`Projects.hmacKeys`	`list`	`storage.hmacKeys.list`
`Projects.hmacKeys`	`update`	`storage.hmacKeys.update`
`Projects.serviceAccount`	`get`	`resourceManager.projects.get`

¹ 如果您在请求中使用 userProject 参数或 x-goog-user-project 标头，则必须拥有指定项目 ID 的 serviceusage.services.use 权限，以及发出该请求所需的常规 Cloud IAM 权限。

² 只有在您要将 ACL 或 Cloud IAM 政策加入 full 投影中，才需要这项权限。如果您在没有这项权限的情况下发出 full 投影请求，那么只会收到部分投影。

³ 只有在您要将 ACL 或 Cloud IAM 政策加入响应中时，才需要这项权限。

⁴ 只有在插入的对象与存储分区中现有的对象名称相同时，才需要这项权限。

⁵ 如果您要将 ACL 或 Cloud IAM 政策加入请求中，则需要这项权限。

⁶ 此权限不适用于启用了统一存储分区级访问权限的存储分区。

后续步骤

如需查看角色及其所含权限的列表，请参阅 Cloud Storage 的 Cloud IAM 角色。