authorize foreign user to upload to google cloud storage
Make data public
This folio shows you how to make objects you own readable to anybody on the public internet. To learn how to access information that has been made public, see Accessing Public Data.
When an object is shared publicly, whatever user with knowledge of the object URI tin access the object for as long as the object is public.
Prerequisites
Prerequisites tin vary based on the tool used:
Console
In society to consummate this guide using the Google Deject Console, you must have the proper IAM permissions. If the objects or buckets you want to admission exist in a project that you did not create, y'all might need the project owner to give you a role that contains the necessary permissions.
For a list of permissions required for specific actions, see IAM permissions for the Google Cloud Console.
For a list of relevant roles, see Cloud Storage roles. Alternatively, yous can create a custom role that has specific, limited permissions.
Control line
In order to complete this guide using a control-line utility, you must have the proper IAM permissions. If the objects or buckets yous want to admission be in a project that you lot did not create, y'all might need the project possessor to give y'all a role that contains the necessary permissions.
For a listing of permissions required for specific deportment, see IAM permissions for gsutil commands.
For a list of relevant roles, see Cloud Storage roles. Alternatively, you can create a custom role that has specific, limited permissions.
Lawmaking samples
In guild to complete this guide using the Cloud Storage client libraries, you must accept the proper IAM permissions. If the objects or buckets yous want to access exist in a project that you did non create, you might need the projection owner to requite you a role that contains the necessary permissions. Unless otherwise noted, customer library requests are made through the JSON API.
For a list of permissions required for specific actions, see IAM permissions for JSON methods.
For a list of relevant roles, run across Cloud Storage roles. Alternatively, you lot tin can create a custom role that has specific, limited permissions.
Residuum APIs
JSON API
In order to complete this guide using the JSON API, you lot must have the proper IAM permissions. If the objects or buckets you want to access exist in a project that you lot did not create, you might need the project owner to give you a role that contains the necessary permissions.
For a list of permissions required for specific actions, see IAM permissions for JSON methods.
For a listing of relevant roles, see Cloud Storage roles. Alternatively, you tin create a custom role that has specific, limited permissions.
Make private objects publicly readable
To make individual objects readable to anybody on the public internet:
Console
- In the Google Deject Console, go to the Deject Storage Browser folio.
Get to Browser
-
Click on the name of the bucket that contains the object you want to make public, and navigate to the object if information technology'due south in a subdirectory.
-
Click the more actions carte () associated with the object that y'all desire to make public.
-
Select Edit admission from the drop-downward bill of fare.
-
In the overlay that appears, click the + Add entry button.
-
Add a permission for allUsers.
- Select Public for the Entity.
- Select allUsers for the Proper noun.
- Select Reader for the Admission.
-
Click Save.
Once public access has been granted, Re-create URL appears in the public admission column. You lot can click this push button to get the public URL for the object.
To acquire how to get detailed error information virtually failed operations in the Deject Storage browser, run into Troubleshooting.
Control line
Use the gsutil acl ch
control:
gsutil acl ch -u AllUsers:R gs://BUCKET_NAME/OBJECT_NAME
Where:
-
BUCKET_NAME
is the name of the bucket containing the object you want to make public. For example,my-bucket
. -
OBJECT_NAME
is the name of the object yous want to make public. For example,pets/canis familiaris.png
.
If successful, the response looks like the following case:
Updated ACL on gs://my-bucket/pets/dog.png
Code samples
Residue APIs
JSON API
- Get an authorization access token from the OAuth two.0 Playground. Configure the playground to use your ain OAuth credentials. For instructions, see API authentication.
-
Create a JSON file that contains the following information:
{ "entity": "allUsers", "role": "READER" }
-
Use
roll
to phone call the JSON API with anInsert
ACL request:curl -X POST --data-binary @JSON_FILE_NAME \ -H "Authorization: Bearer OAUTH2_TOKEN" \ -H "Content-Type: application/json" \ "https://storage.googleapis.com/storage/v1/b/BUCKET_NAME/o/OBJECT_NAME/acl"
Where:
-
JSON_FILE_NAME
is the path for the file that yous created in Stride 2. -
OAUTH2_TOKEN
is the admission token you lot created in Step ane. -
BUCKET_NAME
is the name of the bucket containing the object y'all desire to brand public. For example,my-bucket
. -
OBJECT_NAME
is the URL-encoded name of the object yous want to make public. For example,pets/dog.png
, URL-encoded every bitpets%2Fdog.png
.
-
XML API
- Become an authorization access token from the OAuth ii.0 Playground. Configure the playground to use your own OAuth credentials. For instructions, run across API authentication.
-
Create a XML file that contains the following information:
<AccessControlList> <Entries> <Entry> <Scope type="AllUsers"/> <Permission>READ</Permission> </Entry> </Entries> </AccessControlList>
-
Use
coil
to phone call the XML API with aFix Object ACL
request:curl -X PUT --data-binary @XML_FILE_NAME \ -H "Authorization: Bearer OAUTH2_TOKEN" \ "https://storage.googleapis.com/BUCKET_NAME/OBJECT_NAME?acl"
Where:
-
XML_FILE_NAME
is the path for the file that you lot created in Step ii. -
OAUTH2_TOKEN
is the admission token you created in Stride 1. -
BUCKET_NAME
is the name of the bucket containing the object you want to make public. For instance,my-bucket
. -
OBJECT_NAME
is the URL-encoded name of the object you want to make public. For example,pets/dog.png
, URL-encoded equallypets%2Fdog.png
.
-
Make all objects in a bucket publicly readable
To make all objects in a saucepan readable to everyone on the public net:
Console
- In the Google Cloud Console, go to the Cloud Storage Browser page.
Go to Browser
-
In the list of buckets, click on the name of the bucket that y'all want to make public.
-
Select the Permissions tab near the top of the page.
-
In the Permissions department, click the + Add button.
The Add principals dialog box appears.
-
In the New principals field, enter
allUsers
. -
In the Select a role drop down, enter Storage Object Viewer in the filter box and select the Storage Object Viewer from the filtered results.
-
Click Save.
-
Click Let public access.
Once public access has been granted, Copy URL appears for each object in the public access cavalcade. You tin can click this button to go the public URL for the object.
To learn how to get detailed fault information about failed operations in the Cloud Storage browser, see Troubleshooting.
Control line
Utilize the gsutil iam ch
command:
gsutil iam ch allUsers:objectViewer gs://BUCKET_NAME
Where BUCKET_NAME
is the name of the bucket whose objects yous desire to make public. For example, my-bucket
.
Code samples
REST APIs
JSON API
- Get an authorization access token from the OAuth 2.0 Playground. Configure the playground to use your own OAuth credentials. For instructions, see API hallmark.
-
Create a JSON file that contains the following data:
{ "bindings":[ { "function": "roles/storage.objectViewer", "members":["allUsers"] } ] }
-
Employ
gyre
to call the JSON API with aPUT
Bucket request:ringlet -X PUT --data-binary @JSON_FILE_NAME \ -H "Potency: Bearer OAUTH2_TOKEN" \ -H "Content-Blazon: application/json" \ "https://storage.googleapis.com/storage/v1/b/BUCKET_NAME/iam"
Where:
-
JSON_FILE_NAME
is the path for the file that you lot created in Step 2. -
OAUTH2_TOKEN
is the admission token you created in Stride 1. -
BUCKET_NAME
is the name of the saucepan whose objects y'all want to make public. For instance,my-bucket
.
-
XML API
Making all objects in a bucket publicly readable is not supported by the XML API. Use gsutil or the JSON API instead.
What's next
- Access data that has been fabricated public.
- Acquire about more admission command options for your buckets and objects.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, run across the Google Developers Site Policies. Coffee is a registered trademark of Oracle and/or its affiliates.
Final updated 2022-04-14 UTC.
boatwrightanse1943.blogspot.com
Source: https://cloud.google.com/storage/docs/access-control/making-data-public
0 Response to "authorize foreign user to upload to google cloud storage"
Post a Comment