The ObjectAccessControls resources represent the Access Control Lists (ACLs) for objects within Cloud Storage. ACLs let you specify who has access to your data and to what extent.
There are two roles that can be assigned to an entity:
READER
s can get an object, though theacl
property will not be revealed.OWNER
s areREADER
s, and they can get theacl
property, update an object, and call all objectAccessControls methods on the object. The owner of an object is always anOWNER
.
READER
and OWNER
instead of READ
and FULL_CONTROL
.
To try out the methods for this resource, see Methods.
Resource representations
{ "kind": "storage#objectAccessControl", "object": string, "generation": "long", "id": string, "selfLink": string, "bucket": string, "entity": string, "role": string, "email": string, "domain": string, "entityId": string, "etag": string, "projectTeam": { "projectNumber": string, "team": string } }
Property name | Value | Description | Notes |
---|---|---|---|
bucket |
string |
The name of the bucket. | |
domain |
string |
The domain associated with the entity, if any. | |
email |
string |
The email address associated with the entity, if any. | |
entity |
string |
The entity holding the permission, in one of the following forms:
|
writable |
entityId |
string |
The ID for the entity, if any. | |
etag |
string |
HTTP 1.1 Entity tag for the access-control entry. | |
generation |
long 1 |
The content generation of the object, if applied to an object. | |
id |
string |
The ID of the access-control entry. | |
kind |
string |
The kind of item this is. For object access control entries, this is always storage#objectAccessControl . |
|
object |
string |
The name of the object, if applied to an object. | |
projectTeam |
object |
The project team associated with the entity, if any. | |
projectTeam.projectNumber |
string |
The project number. | |
projectTeam.team |
string |
The team.
Acceptable values are:
|
|
role |
string |
The access permission for the entity.
Acceptable values are:
|
writable |
selfLink |
string |
The link to this access-control entry. |
Methods
The methods for working with an object's access controls are as follows:
- delete
- Permanently deletes the ACL entry for the specified entity on the specified object.
- get
- Returns the ACL entry for the specified entity on the specified object.
- insert
- Creates a new ACL entry on the specified object.
- list
- Retrieves ACL entries on the specified object.
- patch
- Updates an ACL entry on the specified object. This method supports patch semantics.
- update
- Updates an ACL entry on the specified object.