The ObjectAccessControls resources represent the Access Control Lists (ACLs) for objects within Google Cloud Storage.
ACLs let you specify who has access to your data and to what extent.
There are two roles that can be assigned to an entity
:
-
READER
s can get an object, though theacl
property will not be revealed. -
OWNER
s areREADER
s, and they can get theacl
property, update an object, and call all objectAccessControls methods on the object .
READER
and
OWNER
instead of
READ
and
FULL_CONTROL
.
For a list of methods for this resource, see the end of this page.
Resource representations
An access-control entry.
{ "kind": "storage#objectAccessControl", "id": string, "selfLink": string, "bucket": string, "object": string, "entity": string, "role": string, "email": string, "entityId": string, "domain": string }
Property name | Value | Description | Notes |
---|---|---|---|
kind
|
string
|
The kind of item this is. For object access control entries, this is always
storage#objectAccessControl
.
|
|
id
|
string
|
The ID of the access-control entry. | |
selfLink
|
string
|
The link to this access-control entry. | |
bucket
|
string
|
The name of the bucket. | |
object
|
string
|
The name of the object. | |
entity
|
string
|
The entity holding the permission, in one of the following forms:
|
writable |
email
|
string
|
The email address associated with the entity, if any. | |
entityId
|
string
|
The ID for the entity, if any. | |
domain
|
string
|
The domain associated with the entity, if any. | |
role
|
string
|
The access permission for the entity. Can be
READER
or
OWNER
.
|
writable |
Methods
Every object in Google Cloud Storage has an Access Control List. The methods for working with an object's access controls are as follows:
- delete
- Deletes the ACL entry for the specified entity on the specified object .
- get
- Returns the ACL entry for the specified entity on the specified object .
- insert
- Creates a new ACL entry on the specified object .
- list
- Retrieves ACL entries on the specified object .
- patch
- Updates an ACL entry on the specified object . This method supports patch semantics.
- update
- Updates an ACL entry on the specified object .