Difference between revisions of "Gsutil acl ch"

From wikieduonline
Jump to navigation Jump to search
Line 83: Line 83:
 
*<code>-R, -r</code>
 
*<code>-R, -r</code>
 
Performs acl ch request recursively, to all objects under the specified URL.
 
Performs acl ch request recursively, to all objects under the specified URL.
 +
 +
*<code>-u </code>
 +
Add or modify a user entity's role.
  
 
== See also ==
 
== See also ==

Revision as of 09:38, 1 August 2022

[1]

gsutil acl ch 

Ch Examples

  • gsutil acl ch -u AllUsers:R gs://example-bucket/example-object

Grant anyone on the internet WRITE access to the bucket example-bucket:

Grant the group OWNER access to all jpg files in example-bucket:

Grant the owners of project example-project WRITE access to the bucket example-bucket:

  • gsutil acl ch -p owners-example-project:W gs://example-bucket

Remove access to the bucket example-bucket for the viewers of project number 12345:

  • gsutil acl ch -d viewers-12345 gs://example-bucket

Grant the user with the specified canonical ID READ access to all objects in example-bucket that begin with folder/:

  • gsutil acl ch -r \ -u 84fac329bceSAMPLE777d5d22b8SAMPLE785ac2SAMPLE2dfcf7c4adf34da46:R \ gs://example-bucket/folder/

Grant the service account [email protected] WRITE access to the bucket example-bucket:

Grant all users from the G Suite domain my-domain.org READ access to the bucket gcs.my-domain.org:

  • gsutil acl ch -g my-domain.org:R gs://gcs.my-domain.org

Remove any current access by [email protected] from the bucket example-bucket:

If you have a large number of objects to update, enabling multi-threading with the gsutil -m flag can significantly improve performance. The following command adds OWNER for [email protected] using multi-threading:

Grant READ access to everyone from my-domain.org and to all authenticated users, and grant OWNER to [email protected], for the buckets my-bucket and my-other-bucket, with multi-threading enabled:

  • gsutil -m acl ch -r -g my-domain.org:R -g AllAuth:R \ -u [email protected]:O gs://my-bucket/ gs://my-other-bucket

Ch Roles

You may specify the following roles with either their shorthand or their full name:

  • R: READ
  • W: WRITE
  • O: OWNER

Ch Entities

There are four different entity types: Users, Groups, All Authenticated Users, and All Users.

Users are added with -u and a plain ID or email address, as in "-u [email protected]:r". Note: Service Accounts are considered to be users.

Groups are like users, but specified with the -g flag, as in "-g [email protected]:O". Groups may also be specified as a full domain, as in "-g my-company.com:r".

AllAuthenticatedUsers and AllUsers are specified directly, as in "-g AllUsers:R" or "-g AllAuthenticatedUsers:O". These are case insensitive, and may be shortened to "all" and "allauth", respectively.

Removing roles is specified with the -d flag and an ID, email address, domain, or one of AllUsers or AllAuthenticatedUsers.

Many entities' roles can be specified on the same command line, allowing bundled changes to be executed in a single run. This will reduce the number of requests made to the server.

Ch Options

The "ch" sub-command has the following options

  • -d

Remove all roles associated with the matching entity.

  • -f

Normally gsutil stops at the first error. The -f option causes it to continue when it encounters errors. With this option the gsutil exit status will be 0 even if some ACLs couldn't be changed.

  • -g

Add or modify a group entity's role.

  • -p

Add or modify a project viewers/editors/owners role.

  • -R, -r

Performs acl ch request recursively, to all objects under the specified URL.

  • -u

Add or modify a user entity's role.

See also

  • https://cloud.google.com/storage/docs/gsutil/commands/acl
  • Advertising: