Remove owner access to an object

  namespace 
  
 gcs 
  
 = 
  
 :: 
 google 
 :: 
 cloud 
 :: 
 storage 
 ; 
 using 
  
 :: 
 google 
 :: 
 cloud 
 :: 
 StatusOr 
 ; 
 []( 
 gcs 
 :: 
 Client 
  
 client 
 , 
  
 std 
 :: 
 string 
  
 const 
&  
 bucket_name 
 , 
  
 std 
 :: 
 string 
  
 const 
&  
 object_name 
 , 
  
 std 
 :: 
 string 
  
 const 
&  
 entity 
 ) 
  
 { 
  
 StatusOr<gcs 
 :: 
 ObjectMetadata 
>  
 original_metadata 
  
 = 
  
 client 
 . 
 GetObjectMetadata 
 ( 
  
 bucket_name 
 , 
  
 object_name 
 , 
  
 gcs 
 :: 
 Projection 
 :: 
 Full 
 ()); 
  
 if 
  
 ( 
 ! 
 original_metadata 
 ) 
  
 throw 
  
 std 
 :: 
 move 
 ( 
 original_metadata 
 ). 
 status 
 (); 
  
 std 
 :: 
 vector<gcs 
 :: 
 ObjectAccessControl 
>  
 original_acl 
  
 = 
  
 original_metadata 
 - 
> acl 
 (); 
  
 auto 
  
 it 
  
 = 
  
 std 
 :: 
 find_if 
 ( 
 original_acl 
 . 
 begin 
 (), 
  
 original_acl 
 . 
 end 
 (), 
  
 [ 
 entity 
 ]( 
 gcs 
 :: 
 ObjectAccessControl 
  
 const 
&  
 entry 
 ) 
  
 { 
  
 return 
  
 entry 
 . 
 entity 
 () 
  
 == 
  
 entity 
  
&&  
 entry 
 . 
 role 
 () 
  
 == 
  
 gcs 
 :: 
 ObjectAccessControl 
 :: 
 ROLE_OWNER 
 (); 
  
 }); 
  
 if 
  
 ( 
 it 
  
 == 
  
 original_acl 
 . 
 end 
 ()) 
  
 { 
  
 std 
 :: 
 cout 
 << 
 "Could not find entity " 
 << 
 entity 
 << 
 " for file " 
 << 
 object_name 
 << 
 " with role OWNER in bucket " 
 << 
 bucket_name 
 << 
 " 
 \n 
 " 
 ; 
  
 return 
 ; 
  
 } 
  
 gcs 
 :: 
 ObjectAccessControl 
  
 owner 
  
 = 
  
 * 
 it 
 ; 
  
 google 
 :: 
 cloud 
 :: 
 Status 
  
 status 
  
 = 
  
 client 
 . 
 DeleteObjectAcl 
 ( 
 bucket_name 
 , 
  
 object_name 
 , 
  
 owner 
 . 
 entity 
 ()); 
  
 if 
  
 ( 
 ! 
 status 
 . 
 ok 
 ()) 
  
 throw 
  
 std 
 :: 
 runtime_error 
 ( 
 status 
 . 
 message 
 ()); 
  
 std 
 :: 
 cout 
 << 
 "Deleted ACL entry for " 
 << 
 owner 
 . 
 entity 
 () 
 << 
 " for file " 
 << 
 object_name 
 << 
 " in bucket " 
 << 
 bucket_name 
 << 
 " 
 \n 
 " 
 ; 
 } 
 

  using 
  
  Google.Cloud.Storage.V1 
 
 ; 
 using 
  
 System 
 ; 
 using 
  
 System.Linq 
 ; 
 public 
  
 class 
  
 RemoveFileOwnerSample 
 { 
  
 public 
  
 void 
  
 RemoveFileOwner 
 ( 
  
 string 
  
 bucketName 
  
 = 
  
 "your-unique-bucket-name" 
 , 
  
 string 
  
 objectName 
  
 = 
  
 "your-object-name" 
 , 
  
 string 
  
 userEmail 
  
 = 
  
 "dev@iam.gserviceaccount.com" 
 ) 
  
 { 
  
 var 
  
 storage 
  
 = 
  
  StorageClient 
 
 . 
  Create 
 
 (); 
  
 var 
  
 storageObject 
  
 = 
  
 storage 
 . 
 GetObject 
 ( 
 bucketName 
 , 
  
 objectName 
 , 
  
 new 
  
  GetObjectOptions 
 
  
 { 
  
 Projection 
  
 = 
  
  Projection 
 
 . 
  Full 
 
  
 }); 
  
 if 
  
 ( 
 storageObject 
 . 
  Acl 
 
  
 == 
  
 null 
 ) 
  
 { 
  
 Console 
 . 
 WriteLine 
 ( 
 "No owner to remove" 
 ); 
  
 } 
  
 else 
  
 { 
  
 storageObject 
 . 
  Acl 
 
  
 = 
  
 storageObject 
 . 
  Acl 
 
 . 
 Where 
 (( 
 acl 
 ) 
  
 = 
>  
 ! 
 ( 
 acl 
 . 
 Entity 
  
 == 
  
 $"user-{userEmail}" 
 && 
 acl 
 . 
 Role 
  
 == 
  
 "OWNER" 
 )). 
 ToList 
 (); 
  
 var 
  
 updatedObject 
  
 = 
  
 storage 
 . 
 UpdateObject 
 ( 
 storageObject 
 ); 
  
 Console 
 . 
 WriteLine 
 ( 
 $"Removed user {userEmail} from file {objectName}." 
 ); 
  
 } 
  
 } 
 } 
 

  import 
  
 ( 
  
 "context" 
  
 "fmt" 
  
 "cloud.google.com/go/storage" 
 ) 
 // removeFileOwner removes default ACL from the given object. 
 func 
  
 removeFileOwner 
 ( 
 bucket 
 , 
  
 object 
  
 string 
 , 
  
 entity 
  
 storage 
 . 
  ACLEntity 
 
 ) 
  
 error 
  
 { 
  
 // bucket := "bucket-name" 
  
 // object := "object-name" 
  
 // entity := storage.AllUsers 
  
 ctx 
  
 := 
  
 context 
 . 
 Background 
 () 
  
 client 
 , 
  
 err 
  
 := 
  
 storage 
 . 
 NewClient 
 ( 
 ctx 
 ) 
  
 if 
  
 err 
  
 != 
  
 nil 
  
 { 
  
 return 
  
 fmt 
 . 
 Errorf 
 ( 
 "storage.NewClient: %w" 
 , 
  
 err 
 ) 
  
 } 
  
 defer 
  
 client 
 . 
 Close 
 () 
  
 acl 
  
 := 
  
 client 
 . 
  Bucket 
 
 ( 
 bucket 
 ). 
  Object 
 
 ( 
 object 
 ). 
 ACL 
 () 
  
 if 
  
 err 
  
 := 
  
 acl 
 . 
 Delete 
 ( 
 ctx 
 , 
  
 entity 
 ); 
  
 err 
  
 != 
  
 nil 
  
 { 
  
 return 
  
 fmt 
 . 
 Errorf 
 ( 
 "ACLHandle.Delete: %w" 
 , 
  
 err 
 ) 
  
 } 
  
 return 
  
 nil 
 } 
 

  import 
  
 com.google.cloud.storage. Acl 
. User 
 
 ; 
 import 
  
 com.google.cloud.storage. Blob 
 
 ; 
 import 
  
 com.google.cloud.storage. BlobId 
 
 ; 
 import 
  
 com.google.cloud.storage. Storage 
 
 ; 
 import 
  
 com.google.cloud.storage. StorageOptions 
 
 ; 
 public 
  
 class 
 RemoveBlobOwner 
  
 { 
  
 public 
  
 static 
  
 void 
  
 removeBlobOwner 
 ( 
  
 String 
  
 projectId 
 , 
  
 String 
  
 bucketName 
 , 
  
 String 
  
 userEmail 
 , 
  
 String 
  
 blobName 
 ) 
  
 { 
  
 // The ID of your GCP project 
  
 // String projectId = "your-project-id"; 
  
 // The ID of your GCS bucket 
  
 // String bucketName = "your-unique-bucket-name"; 
  
 // Email of the user you wish to remove as a file owner 
  
 // String userEmail = "someuser@domain.com" 
  
 // The name of the blob/file that you wish to modify permissions on 
  
 // String blobName = "your-blob-name"; 
  
  Storage 
 
  
 storage 
  
 = 
  
  StorageOptions 
 
 . 
 newBuilder 
 (). 
 setProjectId 
 ( 
 projectId 
 ). 
 build 
 (). 
  getService 
 
 (); 
  
  Blob 
 
  
 blob 
  
 = 
  
 storage 
 . 
  get 
 
 ( 
 BlobId 
 . 
 of 
 ( 
 bucketName 
 , 
  
 blobName 
 )); 
  
  User 
 
  
 ownerToRemove 
  
 = 
  
 new 
  
  User 
 
 ( 
 userEmail 
 ); 
  
 boolean 
  
 success 
  
 = 
  
 blob 
 . 
  deleteAcl 
 
 ( 
 ownerToRemove 
 ); 
  
 if 
  
 ( 
 success 
 ) 
  
 { 
  
 System 
 . 
 out 
 . 
 println 
 ( 
  
 "Removed user " 
  
 + 
  
 userEmail 
  
 + 
  
 " as an owner on file " 
  
 + 
  
 blobName 
  
 + 
  
 " in bucket " 
  
 + 
  
 bucketName 
 ); 
  
 } 
  
 else 
  
 { 
  
 System 
 . 
 out 
 . 
 println 
 ( 
 "User " 
  
 + 
  
 userEmail 
  
 + 
  
 " was not found" 
 ); 
  
 } 
  
 } 
 } 
 

  /** 
 * TODO(developer): Uncomment the following lines before running the sample. 
 */ 
 // The ID of your GCS bucket 
 // const bucketName = 'your-unique-bucket-name'; 
 // The ID of your GCS file 
 // const fileName = 'your-file-name'; 
 // The email address of the user to remove 
 // const userEmail = 'user-email-to-remove'; 
 // Imports the Google Cloud client library 
 const 
  
 { 
 Storage 
 } 
  
 = 
  
 require 
 ( 
 ' @google-cloud/storage 
' 
 ); 
 // Creates a client 
 const 
  
 storage 
  
 = 
  
 new 
  
 Storage 
 (); 
 async 
  
 function 
  
 removeFileOwner 
 () 
  
 { 
  
 // Removes the user from the access control list of the file. You can use 
  
 // deleteAllUsers(), deleteDomain(), deleteProject(), deleteGroup(), and 
  
 // deleteAllAuthenticatedUsers() to remove access for different types of entities. 
  
 await 
  
 storage 
  
 . 
 bucket 
 ( 
 bucketName 
 ) 
  
 . 
 file 
 ( 
 fileName 
 ) 
  
 . 
 acl 
 . 
 owners 
 . 
 deleteUser 
 ( 
 userEmail 
 ); 
  
 console 
 . 
 log 
 ( 
 `Removed user 
 ${ 
 userEmail 
 } 
 from file 
 ${ 
 fileName 
 } 
 .` 
 ); 
 } 
 removeFileOwner 
 (). 
 catch 
 ( 
 console 
 . 
 error 
 ); 
 

  use Google\Cloud\Storage\StorageClient; 
 /** 
 * Delete an entity from an object's ACL. 
 * 
 * @param string $bucketName The name of your Cloud Storage bucket. 
 *        (e.g. 'my-bucket') 
 * @param string $objectName The name of your Cloud Storage object. 
 *        (e.g. 'my-object') 
 * @param string $entity The entity for which to update access controls. 
 *        (e.g. 'user-example@domain.com') 
 */ 
 function delete_object_acl(string $bucketName, string $objectName, string $entity): void 
 { 
 $storage = new StorageClient(); 
 $bucket = $storage->bucket($bucketName); 
 $object = $bucket->object($objectName); 
 $acl = $object->acl(); 
 $acl->delete($entity); 
 printf('Deleted %s from gs://%s/%s ACL' . PHP_EOL, $entity, $bucketName, $objectName); 
 } 
 

  from 
  
 google.cloud 
  
 import 
  storage 
 
 def 
  
 remove_blob_owner 
 ( 
 bucket_name 
 , 
 blob_name 
 , 
 user_email 
 ): 
  
 """Removes a user from the access control list of the given blob in the 
 given bucket.""" 
 # bucket_name = "your-bucket-name" 
 # blob_name = "your-object-name" 
 # user_email = "name@example.com" 
 storage_client 
 = 
  storage 
 
 . 
  Client 
 
 () 
 bucket 
 = 
 storage_client 
 . 
  bucket 
 
 ( 
 bucket_name 
 ) 
 blob 
 = 
 bucket 
 . 
 blob 
 ( 
 blob_name 
 ) 
 # You can also use `group`, `domain`, `all_authenticated` and `all` to 
 # remove access for different types of entities. 
 blob 
 . 
 acl 
 . 
  user 
 
 ( 
 user_email 
 ) 
 . 
 revoke_read 
 () 
 blob 
 . 
 acl 
 . 
  user 
 
 ( 
 user_email 
 ) 
 . 
 revoke_write 
 () 
 blob 
 . 
 acl 
 . 
  user 
 
 ( 
 user_email 
 ) 
 . 
 revoke_owner 
 () 
 blob 
 . 
 acl 
 . 
 save 
 () 
 print 
 ( 
 f 
 "Removed user 
 { 
 user_email 
 } 
 from blob 
 { 
 blob_name 
 } 
 in bucket 
 { 
 bucket_name 
 } 
 ." 
 ) 
 

  # The ID of your GCS bucket 
 # bucket_name = "your-unique-bucket-name" 
 # file_name   = "Name of a file in the Storage bucket" 
 # email       = "Google Cloud Storage ACL Entity email" 
 require 
  
 "google/cloud/storage" 
 storage 
  
 = 
  
 Google 
 :: 
 Cloud 
 :: 
  Storage 
 
 . 
  new 
 
 bucket 
  
 = 
  
 storage 
 . 
 bucket 
  
 bucket_name 
 file 
  
 = 
  
 bucket 
 . 
  file 
 
  
 file_name 
 file 
 . 
 acl 
 . 
 delete 
  
 email 
 puts 
  
 "Removed ACL permissions for 
 #{ 
 email 
 } 
 from 
 #{ 
 file_name 
 } 
 "