i have a bucket with multiple folders and each folders contains multiple object (pdf). Is possible to allow only some user to see only specific object(is ok if he can see other folder)?
I tried to apply the reader acl permission only on some object after I created them like this:
myFile.acl.add({ entity: 'group-' + email, role: 'READER' })
But the user doesn't see the bucket, so I gave to him the "Storage Object Viewer" permission but now he can see all the objects.
Group is correct (i hope), i created a group with the specific users.
Thanks for any help!
By adding the role of READER you're allowing the user to list the buckets content as explained here
Allows a user to list a bucket's contents. Also allows a user to read bucket metadata, excluding ACLs.
In order to allow an specific user you can use the addUser function:
const {Storage} = require('@google-cloud/storage');
const storage = new Storage();
async function addFileReader() {
await storage
.bucket(bucketName)
.file(filename)
.acl.readers.addUser(userEmail);
}
Or if you want to add a group:
const {Storage} = require('@google-cloud/storage');
const storage = new Storage();
async function addFileReader() {
await storage
.bucket(bucketName)
.file(filename)
.acl.readers.addGroup(groupEmail);
}
Also you can do it from the UI:
Storage sectionEDIT PERMISSIONS, in the popup inside Entity column select User or Group in the Name column enter the email and select Reader in the Access column