Difference between revisions of "Gsutil acl ch"

From wikieduonline
Jump to navigation Jump to search
 
(22 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 
{{lc}}
 
{{lc}}
<ref>https://cloud.google.com/storage/docs/gsutil/commands/acl</ref>
+
<code>[[gsutil acl]] ch</code>
[[gsutil acl]] ch
+
* https://cloud.google.com/storage/docs/gsutil/commands/acl
  
=== Ch Examples ===
+
 
 +
== Entities ==
 +
There are four different entity types: <code>[[Users]] (-u), [[Groups]] (-g), [[All Authenticated Users]] (AllAuthenticatedUsers or allauth)</code>, and <code>[[All Users]] (AllUsers or all)</code>.
 +
 
 +
Notes:
 +
* [[Google Cloud Service account|Service Accounts]] are considered to be users
 +
* Permissions: <code>R, W, O</code>
 +
 
 +
Options:
 +
* <code>-R, -r</code> Performs "acl set" request recursively, to all objects under the specified URL.
 +
* <code>-d, -f, -g, -p, -u </code>
 +
 
 +
== Examples ==
 
* <code>gsutil acl ch -u AllUsers:R gs://example-bucket/example-object</code>
 
* <code>gsutil acl ch -u AllUsers:R gs://example-bucket/example-object</code>
  
Line 14: Line 26:
 
* <code>gsutil acl ch -g [email protected]:O gs://example-bucket/**.jpg</code>
 
* <code>gsutil acl ch -g [email protected]:O gs://example-bucket/**.jpg</code>
  
Grant the owners of project example-project WRITE access to the bucket example-bucket:
+
Remove access to the bucket example-bucket for the viewers of project number 12345:
 
 
* <code>gsutil acl ch -p owners-example-project:W gs://example-bucket</code>
 
  
Remove access to the bucket example-bucket for the viewers of project number 12345:
 
 
* <code>gsutil acl ch -d viewers-12345 gs://example-bucket</code>
 
* <code>gsutil acl ch -d viewers-12345 gs://example-bucket</code>
 
Grant the user with the specified canonical ID READ access to all objects in example-bucket that begin with folder/:
 
 
* <code>gsutil acl ch -r \ -u 84fac329bceSAMPLE777d5d22b8SAMPLE785ac2SAMPLE2dfcf7c4adf34da46:R \ gs://example-bucket/folder/</code>
 
 
Grant the service account [email protected] WRITE access to the bucket example-bucket:
 
 
* <code>gsutil acl ch -u [email protected]:W gs://example-bucket</code>
 
  
 
Grant all users from the G Suite domain my-domain.org READ access to the bucket gcs.my-domain.org:
 
Grant all users from the G Suite domain my-domain.org READ access to the bucket gcs.my-domain.org:
Line 36: Line 37:
  
 
* <code>gsutil acl ch -d [email protected] gs://example-bucket</code>
 
* <code>gsutil acl ch -d [email protected] gs://example-bucket</code>
 
If you have a large number of objects to update, enabling multi-threading with the gsutil -m flag can significantly improve performance. The following command adds OWNER for [email protected] using multi-threading:
 
 
* <code>gsutil -m acl ch -r -u [email protected]:O gs://example-bucket</code>
 
 
Grant READ access to everyone from my-domain.org and to all authenticated users, and grant OWNER to [email protected], for the buckets my-bucket and my-other-bucket, with multi-threading enabled:
 
 
* <code>gsutil -m acl ch -r -g my-domain.org:R -g AllAuth:R \ -u [email protected]:O gs://my-bucket/ gs://my-other-bucket</code>
 
  
 
=== Ch Roles ===
 
=== Ch Roles ===
  
You may specify the following roles with either their shorthand or their full name:
 
 
*<code>R: READ</code>
 
*<code>R: READ</code>
 
*<code>W: WRITE</code>
 
*<code>W: WRITE</code>
 
*<code>O: OWNER</code>
 
*<code>O: OWNER</code>
 
=== Ch Entities ===
 
 
There are four different entity types: Users, Groups, All Authenticated Users, and All Users.
 
 
Users are added with -u and a plain ID or email address, as in "-u [email protected]:r". Note: Service Accounts are considered to be users.
 
 
Groups are like users, but specified with the -g flag, as in "-g [email protected]:O". Groups may also be specified as a full domain, as in "-g my-company.com:r".
 
 
AllAuthenticatedUsers and AllUsers are specified directly, as in "-g AllUsers:R" or "-g AllAuthenticatedUsers:O". These are case insensitive, and may be shortened to "all" and "allauth", respectively.
 
 
Removing roles is specified with the -d flag and an ID, email address, domain, or one of AllUsers or AllAuthenticatedUsers.
 
 
Many entities' roles can be specified on the same command line, allowing bundled changes to be executed in a single run. This will reduce the number of requests made to the server.
 
 
=== Ch Options ===
 
 
The "ch" sub-command has the following options
 
* <code>-d</code>
 
Remove all roles associated with the matching entity.
 
 
* <code>-f</code>
 
Normally gsutil stops at the first error. The -f option causes it to continue when it encounters errors. With this option the gsutil exit status will be 0 even if some ACLs couldn't be changed.
 
 
*<code>-g</code>
 
Add or modify a group entity's role.
 
 
*<code>-p</code>
 
Add or modify a project viewers/editors/owners role.
 
 
*<code>-R, -r</code>
 
Performs acl ch request recursively, to all objects under the specified URL.
 
 
*<code>-u </code>
 
Add or modify a user entity's role.
 
  
 
== See also ==
 
== See also ==

Latest revision as of 07:10, 19 September 2022

gsutil acl ch


Entities[edit]

There are four different entity types: Users (-u), Groups (-g), All Authenticated Users (AllAuthenticatedUsers or allauth), and All Users (AllUsers or all).

Notes:

Options:

  • -R, -r Performs "acl set" request recursively, to all objects under the specified URL.
  • -d, -f, -g, -p, -u

Examples[edit]

  • gsutil acl ch -u AllUsers:R gs://example-bucket/example-object

Grant anyone on the internet WRITE access to the bucket example-bucket:

Grant the group OWNER access to all jpg files in example-bucket:

Remove access to the bucket example-bucket for the viewers of project number 12345:

  • gsutil acl ch -d viewers-12345 gs://example-bucket

Grant all users from the G Suite domain my-domain.org READ access to the bucket gcs.my-domain.org:

  • gsutil acl ch -g my-domain.org:R gs://gcs.my-domain.org

Remove any current access by [email protected] from the bucket example-bucket:

Ch Roles[edit]

  • R: READ
  • W: WRITE
  • O: OWNER

See also[edit]

Advertising: