Can't access resource as OWNER despite the fact I'm the owner

问题

I'm trying to act on a bucket and resources but I keep getting access denied error

e.g.

```

$ gsutil ls -L gs://images/large

gs://images/large/aa.png:
   Creation time:       Tue, 25 Nov 2014 20:03:19 GMT
   Cache-Control:       public, max-age=2592000
   Content-Length:      343034
   Content-Type:        image/png
   Generation:      1416945799570000
   Metageneration:      2
   ACL:     ACCESS DENIED. Note: you need OWNER permission
            on the object to read its ACL.

```

Same when I try to run acl operations or override a file.

回答1:

First of all, I'd like to mention that being the bucket owner means that you are always allowed to delete the objects stored in that bucket but you may not have object owner permissions if the default ACLs were overridden. This is different from how popular operating systems work where there is the concept of a super-user.

Did you try to run that command using the existing service accounts in your project listed in the Developers Console at APIs & auth -> Credentials?

If you are still getting that error, the object was probably uploaded through App Engine. You can make an App Engine application in Python with the following code which lists the object ACLs using the JSON API because App Engine has its own service account (<project ID>@appspot.gserviceaccount.com) and it's different from that appear in the Developers Console.

#!/usr/bin/env python                                                                                                                     
import webapp2
from google.appengine.api import app_identity
from google.appengine.api import urlfetch


class MainPage(webapp2.RequestHandler):
    def get(self):
        scope = "https://www.googleapis.com/auth/devstorage.full_control"
        authorization_token, _ = app_identity.get_access_token(scope)
        acls = urlfetch.fetch(
            "https://www.googleapis.com/storage/v1/b/<bucket>/o/<object/acl",
            method=urlfetch.GET,
            headers = {"Content-Type": "application/json", "Authorization": "OAuth " + authorization_token})
        self.response.headers['Content-Type'] = 'application/json'
        self.response.write(acls.content)

application = webapp2.WSGIApplication([
    ('/', MainPage),
], debug=True)

来源：https://stackoverflow.com/questions/27174239/cant-access-resource-as-owner-despite-the-fact-im-the-owner