BucketAccessControls | Cloud Storage | Google Cloud (original) (raw)
The BucketAccessControls resource represents the Access Control Lists (ACLs) for buckets within Cloud Storage. ACLs let you specify who has access to your data and to what extent.
There are three roles that can be assigned to an entity:
READERs can get the bucket, though noaclproperty will be returned, and list the bucket's objects.WRITERs areREADERs, and they can insert objects into the bucket and delete the bucket's objects.OWNERs areWRITERs, and they can get theaclproperty of a bucket, update a bucket, and call all BucketAccessControls methods on the bucket. For more information, see Access Control, with the caveat that this API usesREADER,WRITER, andOWNERinstead ofREAD,WRITE, andFULL_CONTROL.
To try out the methods for this resource, see Methods.
Resource representations
{ "kind": "storage#bucketAccessControl", "id": string, "selfLink": string, "bucket": string, "entity": string, "role": string, "email": string, "domain": string, "entityId": string, "etag": string, "projectTeam": { "projectNumber": string, "team": string } }
| Property name | Value | Description | Notes |
|---|---|---|---|
| bucket | string | The name of the bucket. | |
| domain | string | The domain associated with the entity, if any. | |
| string | The email address associated with the entity, if any. | ||
| entity | string | The entity holding the permission, in one of the following forms: user-email group-groupId group-email domain-domain project-team-projectId allUsers allAuthenticatedUsers Examples: The user liz@example.com would be user-liz@example.com. The group example@googlegroups.com would be group-example@googlegroups.com. To refer to all members of the domain example.com, the entity would be domain-example.com. | writable |
| entityId | string | The ID for the entity, if any. | |
| etag | string | HTTP 1.1 Entity tag for the access-control entry. | |
| id | string | The ID of the access-control entry. | |
| kind | string | The kind of item this is. For bucket access control entries, this is always storage#bucketAccessControl. | |
| projectTeam | object | The project team associated with the entity, if any. | |
| projectTeam.projectNumber | string | The project number. | |
| projectTeam.team | string | The team.Acceptable values are: "editors" "owners" "viewers" | |
| role | string | The access permission for the entity.Acceptable values are: "OWNER" "READER" "WRITER" | writable |
| selfLink | string | The link to this access-control entry. |
Methods
The methods for working with a bucket's access controls are as follows:
Permanently deletes the ACL entry for the specified entity on the specified bucket.
Returns the ACL entry for the specified entity on the specified bucket.
Creates a new ACL entry on the specified bucket.
Retrieves ACL entries on a specified bucket.
Updates an ACL entry on the specified bucket. This method supports patch semantics.
Updates an ACL entry on the specified bucket.