FileZilla Pro - Google Cloud Storage - Project Storage Admin Permission Required?

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
jstew
500 Command not understood
Posts: 2
Joined: 2021-06-14 15:13
First name: Jordan
Last name: Stewart

FileZilla Pro - Google Cloud Storage - Project Storage Admin Permission Required?

#1 Post by jstew » 2021-06-14 16:15

Hey all,

I am working with one of my companies vendors who provides data for us via SFTP of CSV files. They are insistent on using FileZilla pro to upload to our GCS bucket we have created for them in our teams GCP project. However, we use this project for many efforts, and simply want them to only have access to the singular bucket we created for them.

During my testing and setup, I cannot get the FileZilla Pro connection to work with my personal gmail and our teams GCP project unless I grant myself 'Storage Admin' role in IAM, which gives Storage Admin access to EVERYTHING in our GCS. All the buckets, read/write privileges, creation/deletion privileges, etc. I have tried to grant Storage Admin on just the bucket that I created for them that we want them to have access to, without having a rule set up in IAM, and that will not work. For other efforts that don't rely on FileZilla, we are able to simply grant access to singular buckets without granting project-wide IAM roles, and this will work. Hence, this seems like a FileZilla limitation to me at the moment, but I could be mistaken.

If we could grant Storage Admin on just the bucket, that would be acceptable. But having to grant project wide Storage Admin via IAM is unacceptable for a multitude of reasons.

Is this expected behavior? Or is there a workaround for this? In the GCS FileZilla documentation I can't seem to find anything about the rules required in GCP for this effort, and in GCP documentation, I can't find anything specific to FileZilla or granting SFTP Clients access either.

User avatar
botg
Site Admin
Posts: 35492
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: FileZilla Pro - Google Cloud Storage - Project Storage Admin Permission Required?

#2 Post by botg » 2021-06-15 06:57

The scopes uses by FileZilla Pro are https://www.googleapis.com/auth/devstorage.read_write, https://www.googleapis.com/auth/userinfo.email and https://www.googleapis.com/auth/userinfo.profile

If the provided credentials do not have permission to list available buckets, enter the target bucket prefixed by a forward slash as default remote directory in the Site Manager.

Please use our dedicated customer support forums at https://customerforum.filezilla-project.org/ for additional questions regarding FileZilla Pro.

jstew
500 Command not understood
Posts: 2
Joined: 2021-06-14 15:13
First name: Jordan
Last name: Stewart

Re: FileZilla Pro - Google Cloud Storage - Project Storage Admin Permission Required?

#3 Post by jstew » 2021-06-15 17:15

Hey Tim, adding the forward slash before the bucket name did the trick! :D

I actually tried something similar in my testing before reaching out. I used FileZilla with an account that was project wide Storage Admin, copied the full folder path from FileZilla for the bucket I wanted the more limited account to view, and I saved that value that I copied from FileZilla. Then, on the more limited account, I pasted that value in the target path via Site Manager. My issue was that value looked like this : google://data-project-example-name@storage.googleapis.com/test-data-export , and I used that as the target path in Site Manager.

But simply doing , /test-data-export , worked!

Post Reply