添加ObjectAcessControl时托管服务帐户没有足够的权限
添加ObjectAcessControl时托管服务帐户没有足够的权限
提问于 2019-11-27 12:20:51
尝试在部署管理器上添加对象控件访问:
- type: storage.v1.objectAccessControl
name: url-access
properties:
role: READER
bucket: "bucket"
object: "object"
entity: "email"我得到了一个错误:
ERROR: (gcloud.deployment-manager.deployments.update) Error in Operation [operation-1574856490078-59852d9a9d256-4d665591-d57c3ea1]: errors:
- code: RESOURCE_ERROR
location: /deployments/.../resources/user-access
message: '{
"ResourceType": "storage.v1.objectAccessControl",
"ResourceErrorCode": "403",
"ResourceErrorMessage": {
"code": 403,
"errors": [
{
"domain": "global",
"message": "MANAGED_SA@cloudservices.gserviceaccount.com does not have storage.objects.get access to bucket/file.",
"reason": "forbidden"
}
],
"message": "MANAGED_SA@cloudservices.gserviceaccount.com does not have storage.objects.get access to bucket/file.",
"statusMessage": "Forbidden",
"requestPath": "https://www.googleapis.com/storage/v1/b/bucket/o/file/acl",
"httpMethod": "POST",
"suggestion": "Consider granting permissions to MANAGED_SA@cloudservices.gserviceaccount.com"
}
}'奇怪的事实:每个默认的托管-SA都有项目编辑器的访问权限。即使让所有者访问,我还是收到了这条消息
回答 1
Stack Overflow用户
回答已采纳
发布于 2019-11-27 15:11:16
只需添加服务帐户`MANAGED_SA@cloudservices.gserviceaccount.com:“存储对象管理”的角色即可。观众是不够的
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/59070125
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号