The DefaultObjectAccessControls resources represent the Access Control Lists (ACLs) applied to a new object within Google Cloud Storage when no ACL was provided for that object.
ACLs let you specify who has access to your data and to what extent.
There are two roles that can be assigned to an entity
:
-
READER
s can get an object, though theacl
property will not be revealed. -
OWNER
s areREADER
s, and they can get theacl
property, update an object, and call all objectAccessControls methods on the object .
READER
and
OWNER
instead of
READ
and
FULL_CONTROL
.
For a list of methods for this resource, see the end of this page.
Resource representations
{ "kind": "storage#objectAccessControl", "id": string, "selfLink": string, "bucket": string, "entity": string, "role": string, "email": string, "entityId": string, "domain": string, "projectTeam": { "projectNumber": string, "team": string }, "etag": string }
Property name | Value | Description | Notes |
---|---|---|---|
bucket
|
string
|
The name of the bucket. | |
domain
|
string
|
The domain associated with the entity, if any. | |
email
|
string
|
The email address associated with the entity, if any. | |
entity
|
string
|
The entity holding the permission, in one of the following forms:
|
writable |
entityId
|
string
|
The ID for the entity, if any. | |
etag
|
string
|
HTTP 1.1 Entity tag for the access-control entry. | |
id
|
string
|
The ID of the access-control entry. | |
kind
|
string
|
The kind of item this is. For object access control entries, this is always
storage#objectAccessControl
.
|
|
projectTeam
|
object
|
The project team associated with the entity, if any. | |
projectTeam.
projectNumber
|
string
|
The project number. | |
projectTeam.
team
|
string
|
The team. Can be
owners
,
editors
, or
viewers
.
|
|
role
|
string
|
The access permission for the entity. Can be
READER
or
OWNER
.
|
writable |
selfLink
|
string
|
The link to this access-control entry. |
Methods
Buckets in Google Cloud Storage have an optional default object Access Control List. The methods for working with a bucket's default object access controls are as follows:
- delete
- Permanently deletes the default object ACL entry for the specified entity on the specified bucket .
- get
- Returns the default object ACL entry for the specified entity on the specified bucket .
- insert
- Creates a new default object ACL entry on the specified bucket .
- list
- Retrieves default object ACL entries on the specified bucket .
- patch
- Updates a default object ACL entry on the specified bucket . This method supports patch semantics.
- update
- Updates a default object ACL entry on the specified bucket .