| OLD | NEW |
|---|
| 1 # -*- coding: utf-8 -*- | 1 # -*- coding: utf-8 -*- |
| 2 # Copyright 2012 Google Inc. All Rights Reserved. | 2 # Copyright 2012 Google Inc. All Rights Reserved. |
| 3 # | 3 # |
| 4 # Licensed under the Apache License, Version 2.0 (the "License"); | 4 # Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 # you may not use this file except in compliance with the License. | 5 # you may not use this file except in compliance with the License. |
| 6 # You may obtain a copy of the License at | 6 # You may obtain a copy of the License at |
| 7 # | 7 # |
| 8 # http://www.apache.org/licenses/LICENSE-2.0 | 8 # http://www.apache.org/licenses/LICENSE-2.0 |
| 9 # | 9 # |
| 10 # Unless required by applicable law or agreed to in writing, software | 10 # Unless required by applicable law or agreed to in writing, software |
| (...skipping 16 matching lines...) Expand all Loading... |
| 27 -a option), objects will be created with a default object ACL set on the | 27 -a option), objects will be created with a default object ACL set on the |
| 28 bucket (see "gsutil help defacl"). You can replace the ACL on an object | 28 bucket (see "gsutil help defacl"). You can replace the ACL on an object |
| 29 or bucket using the "gsutil acl set" command, or | 29 or bucket using the "gsutil acl set" command, or |
| 30 modify the existing ACL using the "gsutil acl ch" command (see "gsutil help | 30 modify the existing ACL using the "gsutil acl ch" command (see "gsutil help |
| 31 acl"). | 31 acl"). |
| 32 | 32 |
| 33 | 33 |
| 34 <B>BUCKET VS OBJECT ACLS</B> | 34 <B>BUCKET VS OBJECT ACLS</B> |
| 35 In Google Cloud Storage, the bucket ACL works as follows: | 35 In Google Cloud Storage, the bucket ACL works as follows: |
| 36 | 36 |
| 37 - Users granted READ access are allowed to list the bucket contents. | 37 - Users granted READ access are allowed to list the bucket contents and read |
| 38 bucket metadata other than its ACL. |
| 38 | 39 |
| 39 - Users granted WRITE access are allowed READ access and also are | 40 - Users granted WRITE access are allowed READ access and also are allowed to |
| 40 allowed to write and delete objects in that bucket -- including | 41 write and delete objects in that bucket, including overwriting previously |
| 41 overwriting previously written objects. | 42 written objects. |
| 42 | 43 |
| 43 - Users granted OWNER access are allowed WRITE access and also | 44 - Users granted OWNER access are allowed WRITE access and also are allowed to |
| 44 are allowed to read and write the bucket's ACL. | 45 read and write the bucket's ACL. |
| 45 | 46 |
| 46 The object ACL works as follows: | 47 The object ACL works as follows: |
| 47 | 48 |
| 48 - Users granted READ access are allowed to read the object's data and | 49 - Users granted READ access are allowed to read the object's data and |
| 49 metadata. | 50 metadata. |
| 50 | 51 |
| 51 - Users granted OWNER access are allowed READ access and also | 52 - Users granted OWNER access are allowed READ access and also are allowed to |
| 52 are allowed to read and write the object's ACL. | 53 read and write the object's ACL. |
| 53 | 54 |
| 54 A couple of points are worth noting, that sometimes surprise users: | 55 A couple of points are worth noting, that sometimes surprise users: |
| 55 | 56 |
| 56 1. There is no WRITE access for objects; attempting to set an ACL with WRITE | 57 1. There is no WRITE access for objects; attempting to set an ACL with WRITE |
| 57 permission for an object will result in an error. | 58 permission for an object will result in an error. |
| 58 | 59 |
| 59 2. The bucket ACL plays no role in determining who can read objects; only the | 60 2. The bucket ACL plays no role in determining who can read objects; only the |
| 60 object ACL matters for that purpose. This is different from how things | 61 object ACL matters for that purpose. This is different from how things |
| 61 work in Linux file systems, where both the file and directory permission | 62 work in Linux file systems, where both the file and directory permission |
| 62 control file read access. It also means, for example, that someone with | 63 control file read access. It also means, for example, that someone with |
| 63 OWNER over the bucket may not have read access to objects in | 64 OWNER over the bucket may not have read access to objects in the bucket. |
| 64 the bucket. This is by design, and supports useful cases. For example, | 65 This is by design, and supports useful cases. For example, you might want |
| 65 you might want to set up bucket ownership so that a small group of | 66 to set up bucket ownership so that a small group of administrators have |
| 66 administrators have OWNER on the bucket (with the ability to | 67 OWNER on the bucket (with the ability to delete data to control storage |
| 67 delete data to control storage costs), but not grant those users read | 68 costs), but not grant those users read access to the object data (which |
| 68 access to the object data (which might be sensitive data that should | 69 might be sensitive data that should only be accessed by a different |
| 69 only be accessed by a different specific group of users). | 70 specific group of users). |
| 70 | 71 |
| 71 | 72 |
| 72 <B>CANNED ACLS</B> | 73 <B>CANNED ACLS</B> |
| 73 The simplest way to set an ACL on a bucket or object is using a "canned | 74 The simplest way to set an ACL on a bucket or object is using a "canned |
| 74 ACL". The available canned ACLs are: | 75 ACL". The available canned ACLs are: |
| 75 | 76 |
| 76 project-private | 77 project-private |
| 77 Gives permission to the project team based on their roles. Anyone who is | 78 Gives permission to the project team based on their roles. Anyone who is |
| 78 part of the team has READ permission, and project owners and project editors | 79 part of the team has READ permission, and project owners and project editors |
| 79 have OWNER permission. This is the default ACL for newly created | 80 have OWNER permission. This is the default ACL for newly created |
| (...skipping 132 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 212 help_spec = HelpProvider.HelpSpec( | 213 help_spec = HelpProvider.HelpSpec( |
| 213 help_name='acls', | 214 help_name='acls', |
| 214 help_name_aliases=[ | 215 help_name_aliases=[ |
| 215 'ACL', 'access control', 'access control list', 'authorization', | 216 'ACL', 'access control', 'access control list', 'authorization', |
| 216 'canned', 'canned acl'], | 217 'canned', 'canned acl'], |
| 217 help_type='additional_help', | 218 help_type='additional_help', |
| 218 help_one_line_summary='Working With Access Control Lists', | 219 help_one_line_summary='Working With Access Control Lists', |
| 219 help_text=_DETAILED_HELP_TEXT, | 220 help_text=_DETAILED_HELP_TEXT, |
| 220 subcommand_help_text={}, | 221 subcommand_help_text={}, |
| 221 ) | 222 ) |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1380943003:
Roll version of gsutil to 4.15. (Closed)
Base URL: https://github.com/catapult-project/catapult.git@master