JSON 方法所需的 Cloud IAM 权限

下表列出了在指定资源上运行每个 Cloud Storage JSON 方法所需的 Cloud Identity and Access Management (Cloud IAM) 权限。

资源 方法 所需的 Cloud IAM 权限1
BucketAccessControls delete storage.buckets.get
storage.buckets.getIamPolicy
storage.buckets.setIamPolicy
storage.buckets.update
BucketAccessControls get storage.buckets.get
storage.buckets.getIamPolicy
BucketAccessControls insert storage.buckets.get
storage.buckets.getIamPolicy
storage.buckets.setIamPolicy
storage.buckets.update
BucketAccessControls list storage.buckets.get
storage.buckets.getIamPolicy
BucketAccessControls patch storage.buckets.get
storage.buckets.getIamPolicy
storage.buckets.setIamPolicy
storage.buckets.update
BucketAccessControls update storage.buckets.get
storage.buckets.getIamPolicy
storage.buckets.setIamPolicy
storage.buckets.update
Buckets delete storage.buckets.delete
Buckets get storage.buckets.get
storage.buckets.getIamPolicy2
Buckets getIamPolicy storage.buckets.getIamPolicy
Buckets insert storage.buckets.create
Buckets list storage.buckets.list
storage.buckets.getIamPolicy2
Buckets lockRetentionPolicy storage.buckets.update
Buckets patch storage.buckets.update
storage.buckets.getIamPolicy3
storage.buckets.setIamPolicy5
Buckets setIamPolicy storage.buckets.setIamPolicy
Buckets testIamPermissions
Buckets update storage.buckets.setIamPolicy
storage.buckets.update
Channels stop
DefaultObjectAccessControls delete storage.buckets.get
storage.buckets.getIamPolicy
storage.buckets.setIamPolicy
storage.buckets.update
DefaultObjectAccessControls get storage.buckets.get
storage.buckets.getIamPolicy
DefaultObjectAccessControls insert storage.buckets.get
storage.buckets.getIamPolicy
storage.buckets.setIamPolicy
storage.buckets.update
DefaultObjectAccessControls list storage.buckets.get
storage.buckets.getIamPolicy
DefaultObjectAccessControls patch storage.buckets.get
storage.buckets.getIamPolicy
storage.buckets.setIamPolicy
storage.buckets.update
DefaultObjectAccessControls update storage.buckets.get
storage.buckets.getIamPolicy
storage.buckets.setIamPolicy
storage.buckets.update
Notifications delete storage.buckets.update
Notifications get storage.buckets.get
Notifications insert storage.buckets.update
Notifications list storage.buckets.get
ObjectAccessControls delete storage.objects.get
storage.objects.getIamPolicy6
storage.objects.setIamPolicy6
storage.objects.update
ObjectAccessControls get storage.objects.get
storage.objects.getIamPolicy6
ObjectAccessControls insert storage.objects.get
storage.objects.getIamPolicy6
storage.objects.setIamPolicy6
storage.objects.update
ObjectAccessControls list storage.objects.get
storage.objects.getIamPolicy6
ObjectAccessControls patch storage.objects.get
storage.objects.getIamPolicy6
storage.objects.setIamPolicy6
storage.objects.update
ObjectAccessControls update storage.objects.get
storage.objects.getIamPolicy6
storage.objects.setIamPolicy6
storage.objects.update
Objects compose storage.objects.create
storage.objects.delete4
storage.objects.get
Objects copy storage.objects.create(针对目标存储分区)
storage.objects.delete(针对目标存储分区)4
storage.objects.get(针对源存储分区)
Objects delete storage.objects.delete
Objects get storage.objects.get
storage.objects.getIamPolicy2,6
Objects insert storage.objects.create
storage.objects.delete4
Objects list storage.objects.list
storage.objects.getIamPolicy2,6
Objects patch storage.objects.get
storage.objects.getIamPolicy6
storage.objects.update
storage.objects.setIamPolicy3,6
Objects rewrite storage.objects.create(针对目标存储分区)
storage.objects.delete(针对目标存储分区)4
storage.objects.get(针对源存储分区)
Objects update storage.objects.setIamPolicy6
storage.objects.update
Objects watchAll storage.buckets.update
Projects.hmacKeys create storage.hmacKeys.create
Projects.hmacKeys delete storage.hmacKeys.delete
Projects.hmacKeys get storage.hmacKeys.get
Projects.hmacKeys list storage.hmacKeys.list
Projects.hmacKeys update storage.hmacKeys.update
Projects.serviceAccount get resourceManager.projects.get

1 如果您在请求中使用 userProject 参数或 x-goog-user-project 标头,则必须拥有指定项目 ID 的 serviceusage.services.use 权限,以及发出该请求所需的常规 Cloud IAM 权限。

2 只有在您要将 ACL 或 Cloud IAM 政策加入 full 投影中,才需要这项权限。如果您在没有这项权限的情况下发出 full 投影请求,那么只会收到部分投影。

3 只有在您要将 ACL 或 Cloud IAM 政策加入响应中时,才需要这项权限。

4 只有在插入的对象与存储分区中现有的对象名称相同时,才需要这项权限。

5 如果您要将 ACL 或 Cloud IAM 政策加入请求中,则需要这项权限。

6 此权限不适用于启用了仅限存储分区政策的存储分区。

后续步骤

此页内容是否有用?请给出您的反馈和评价:

发送以下问题的反馈:

此网页
Cloud Storage
需要帮助?请访问我们的支持页面