Fork: 0
clewis / til
Transfer to URL with SHA Find file
Newer
Older
til / gcp / domain_restricted_sharing_bucket.html
@Curtis Lewis Curtis Lewis on 7 Jul 2024 2 KB domain sharing error
Raw Blame History 
<!DOCTYPE html>
<html>

<head>
  <meta charset="UTF-8" />
  <meta name="viewport" content="width=device-width" />
  <title>Solo Cloud Developer</title>

  <link rel="stylesheet" href="https://storage.googleapis.com/scd-static-e7w4/css/scd_styles.css">
  <link rel="icon" href="data:,">


</head>

<body style="height: 100%">


    <div class="row">
      <div class="center-text">
        <img src="https://storage.googleapis.com/scd-static-e7w4/img/scd_banner_1920x500.png" />
      </div>
    </div>
   
<div style="padding-left: 20px">
<p style="font-size: 14px;"><a href="#">Home</a></p>
<h1>Today I Learned</h1>
<h2>Organization top level policy restricts all resources to public</h2>
<p><span class="date-posted">2024-07-06</span>
<h2>Organization Level</h2>
<ul>
<li>Select organization in dropdown at top left</li>
<li>Search for Organization Policies</li>
<li>In filter type <code>Domain restricted sharing</code></li>
<li>Click on <code>Domain restricted sharing</code></li>
<li>Click on <code>Manage Policy</code></li>
<li>Select <code>Override parent's policy</code> under Policy Source</li>
<li>Select <code>Replace</code> under Policy Enforcement</li>
<li>Under Rules select allow<ul>
<li>Somehow a custom allow was created not sure how</li>
</ul>
</li>
</ul>
<h2>Project level</h2>
<ul>
<li>Select the project for which a resource is to be overridden</li>
<li>Search for Organization Policies</li>
<li>In filter type <code>Domain restricted sharing</code></li>
<li>Click on <code>Domain restricted sharing</code></li>
<li>Click on <code>Manage Policy</code></li>
<li>Select <code>Override parent's policy</code> under Policy Source</li>
<li>Select <code>Merge with parent</code> under Policy Enforcement</li>
<li>Select <code>Allow All</code> under Rules</li>
</ul>
<h2>Allow Cloud Bucket public access</h2>
<ul>
<li>Create a bucket</li>
<li>Select three vertical dots very right of newly created bucket</li>
<li>Select <code>Edit Access</code></li>
<li>Select <code>Remove Public Access Prevention</code></li>
<li>Select <code>Add Principals</code></li>
<li>Type and select <code>allUsers</code> in New Principals text box</li>
<li>Under <code>Select Role</code><ul>
<li>Search for <code>Cloud Storage</code></li>
<li>Select <code>Storage Object Viewer</code></li>
</ul>
</li>
<li>Click <code>Save</code></li>
<li>Select <code>ALLOW PUBLIC ACCESS</code> in pop up dialog box</li>
</ul>
<h3>If still unable to allow <code>allUsers</code> close tab and navigate to cloud storage from a new tab</h3>
</div>
</body>
</html>