Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.6k views
in Technique[技术] by (71.8m points)

what would happen to ServiceAccount when we switch from Fine grain to Uniform in Google cloud

We are thinking of switching from Fine grain to Uniform in Google cloud. Not sure how the serviceaccounts would behave which are part of fine grained ACL list? Which they loose access?

question from:https://stackoverflow.com/questions/65890874/what-would-happen-to-serviceaccount-when-we-switch-from-fine-grain-to-uniform-in

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

When you enable uniform bucket-level access on a bucket, Access Control Lists (ACLs) are disabled, and only bucket-level Cloud Identity and Access Management (Cloud IAM) permissions grant access to that bucket and the objects it contains. Since Project Editors and Owners roles do not include the "storage.objects.get" permission, they must be added manually.

If you would like to see the different types of roles that are associated with Cloud Storage permissions, this link will be helpful.

You can also review the documentation regarding Considerations when migrating and enabling uniform bucket-level access on an existing bucket.

When you enable uniform bucket-level access on an existing bucket, you should ensure that users and services that previously relied on ACLs for access have their permissions migrated to Cloud IAM.

When migrating to uniform bucket-level access, you should check to see if objects in the bucket are being accessed through the ACLs applied to them. To check this, Cloud Monitoring has a metric that tracks ACL usage. If this metric indicates users or services rely on ACLs for access to your objects, you should assign Cloud IAM equivalents to the bucket before enabling uniform bucket-level access.

Note: Once you enable uniform bucket-level access, you have 90 days to switch back to fine-grained access before uniform bucket-level access becomes permanent.

If this information was helpful, please mark this answer as accepted


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...