下表列出了在指定资源上运行每个 Cloud Storage JSON 方法所需的 Cloud Identity and Access Management (Cloud IAM) 权限。
资源 | 方法 | 所需的 Cloud IAM 权限1 |
---|---|---|
BucketAccessControls |
delete |
storage.buckets.get |
storage.buckets.getIamPolicy |
||
storage.buckets.setIamPolicy |
||
storage.buckets.update |
||
BucketAccessControls |
get |
storage.buckets.get |
storage.buckets.getIamPolicy |
||
BucketAccessControls |
insert |
storage.buckets.get |
storage.buckets.getIamPolicy |
||
storage.buckets.setIamPolicy |
||
storage.buckets.update |
||
BucketAccessControls |
list |
storage.buckets.get |
storage.buckets.getIamPolicy |
||
BucketAccessControls |
patch |
storage.buckets.get |
storage.buckets.getIamPolicy |
||
storage.buckets.setIamPolicy |
||
storage.buckets.update |
||
BucketAccessControls |
update |
storage.buckets.get |
storage.buckets.getIamPolicy |
||
storage.buckets.setIamPolicy |
||
storage.buckets.update |
||
Buckets |
delete |
storage.buckets.delete |
Buckets |
get |
storage.buckets.get |
storage.buckets.getIamPolicy 2 |
||
Buckets |
getIamPolicy |
storage.buckets.getIamPolicy |
Buckets |
insert |
storage.buckets.create |
Buckets |
list |
storage.buckets.list |
storage.buckets.getIamPolicy 2 |
||
Buckets |
lockRetentionPolicy |
storage.buckets.update |
Buckets |
patch |
storage.buckets.update |
storage.buckets.getIamPolicy 3 |
||
storage.buckets.setIamPolicy 5 |
||
Buckets |
setIamPolicy |
storage.buckets.setIamPolicy |
Buckets |
testIamPermissions |
无 |
Buckets |
update |
storage.buckets.setIamPolicy |
storage.buckets.update |
||
Channels |
stop |
无 |
DefaultObjectAccessControls |
delete |
storage.buckets.get |
storage.buckets.getIamPolicy |
||
storage.buckets.setIamPolicy |
||
storage.buckets.update |
||
DefaultObjectAccessControls |
get |
storage.buckets.get |
storage.buckets.getIamPolicy |
||
DefaultObjectAccessControls |
insert |
storage.buckets.get |
storage.buckets.getIamPolicy |
||
storage.buckets.setIamPolicy |
||
storage.buckets.update |
||
DefaultObjectAccessControls |
list |
storage.buckets.get |
storage.buckets.getIamPolicy |
||
DefaultObjectAccessControls |
patch |
storage.buckets.get |
storage.buckets.getIamPolicy |
||
storage.buckets.setIamPolicy |
||
storage.buckets.update |
||
DefaultObjectAccessControls |
update |
storage.buckets.get |
storage.buckets.getIamPolicy |
||
storage.buckets.setIamPolicy |
||
storage.buckets.update |
||
Notifications |
delete |
storage.buckets.update |
Notifications |
get |
storage.buckets.get |
Notifications |
insert |
storage.buckets.update |
Notifications |
list |
storage.buckets.get |
ObjectAccessControls |
delete |
storage.objects.get |
storage.objects.getIamPolicy 6 |
||
storage.objects.setIamPolicy 6 |
||
storage.objects.update |
||
ObjectAccessControls |
get |
storage.objects.get |
storage.objects.getIamPolicy 6 |
||
ObjectAccessControls |
insert |
storage.objects.get |
storage.objects.getIamPolicy 6 |
||
storage.objects.setIamPolicy 6 |
||
storage.objects.update |
||
ObjectAccessControls |
list |
storage.objects.get |
storage.objects.getIamPolicy 6 |
||
ObjectAccessControls |
patch |
storage.objects.get |
storage.objects.getIamPolicy 6 |
||
storage.objects.setIamPolicy 6 |
||
storage.objects.update |
||
ObjectAccessControls |
update |
storage.objects.get |
storage.objects.getIamPolicy 6 |
||
storage.objects.setIamPolicy 6 |
||
storage.objects.update |
||
Objects |
compose |
storage.objects.create |
storage.objects.delete4 |
||
storage.objects.get |
||
Objects |
copy |
storage.objects.create (针对目标存储分区) |
storage.objects.delete (针对目标存储分区)4 |
||
storage.objects.get (针对源存储分区) |
||
Objects |
delete |
storage.objects.delete |
Objects |
get |
storage.objects.get |
storage.objects.getIamPolicy 2,6 |
||
Objects |
insert |
storage.objects.create |
storage.objects.delete 4 |
||
Objects |
list |
storage.objects.list |
storage.objects.getIamPolicy 2,6 |
||
Objects |
patch |
storage.objects.get |
storage.objects.getIamPolicy 6 |
||
storage.objects.update |
||
storage.objects.setIamPolicy 3,6 |
||
Objects |
rewrite |
storage.objects.create (针对目标存储分区) |
storage.objects.delete (针对目标存储分区)4 |
||
storage.objects.get (针对源存储分区) |
||
Objects |
update |
storage.objects.setIamPolicy 6 |
storage.objects.update |
||
Objects |
watchAll |
storage.buckets.update |
Projects.hmacKeys |
create |
storage.hmacKeys.create |
Projects.hmacKeys |
delete |
storage.hmacKeys.delete |
Projects.hmacKeys |
get |
storage.hmacKeys.get |
Projects.hmacKeys |
list |
storage.hmacKeys.list |
Projects.hmacKeys |
update |
storage.hmacKeys.update |
Projects.serviceAccount |
get |
resourceManager.projects.get |
1 如果您在请求中使用 userProject
参数或 x-goog-user-project
标头,则必须拥有指定项目 ID 的 serviceusage.services.use
权限,以及发出该请求所需的常规 Cloud IAM 权限。
2 只有在您要将 ACL 或 Cloud IAM 政策加入 full
投影中,才需要这项权限。如果您在没有这项权限的情况下发出 full
投影请求,那么只会收到部分投影。
3 只有在您要将 ACL 或 Cloud IAM 政策加入响应中时,才需要这项权限。
4 只有在插入的对象与存储分区中现有的对象名称相同时,才需要这项权限。
5 如果您要将 ACL 或 Cloud IAM 政策加入请求中,则需要这项权限。
6 此权限不适用于启用了仅限存储分区政策的存储分区。
后续步骤
- 如需查看角色及其所含权限的列表,请参阅适用于 Cloud Storage 的 Cloud IAM 角色。