FileZilla Pro - Google Cloud Storage - Project Storage Admin Permission Required?
Posted: 2021-06-14 16:15
Hey all,
I am working with one of my companies vendors who provides data for us via SFTP of CSV files. They are insistent on using FileZilla pro to upload to our GCS bucket we have created for them in our teams GCP project. However, we use this project for many efforts, and simply want them to only have access to the singular bucket we created for them.
During my testing and setup, I cannot get the FileZilla Pro connection to work with my personal gmail and our teams GCP project unless I grant myself 'Storage Admin' role in IAM, which gives Storage Admin access to EVERYTHING in our GCS. All the buckets, read/write privileges, creation/deletion privileges, etc. I have tried to grant Storage Admin on just the bucket that I created for them that we want them to have access to, without having a rule set up in IAM, and that will not work. For other efforts that don't rely on FileZilla, we are able to simply grant access to singular buckets without granting project-wide IAM roles, and this will work. Hence, this seems like a FileZilla limitation to me at the moment, but I could be mistaken.
If we could grant Storage Admin on just the bucket, that would be acceptable. But having to grant project wide Storage Admin via IAM is unacceptable for a multitude of reasons.
Is this expected behavior? Or is there a workaround for this? In the GCS FileZilla documentation I can't seem to find anything about the rules required in GCP for this effort, and in GCP documentation, I can't find anything specific to FileZilla or granting SFTP Clients access either.
I am working with one of my companies vendors who provides data for us via SFTP of CSV files. They are insistent on using FileZilla pro to upload to our GCS bucket we have created for them in our teams GCP project. However, we use this project for many efforts, and simply want them to only have access to the singular bucket we created for them.
During my testing and setup, I cannot get the FileZilla Pro connection to work with my personal gmail and our teams GCP project unless I grant myself 'Storage Admin' role in IAM, which gives Storage Admin access to EVERYTHING in our GCS. All the buckets, read/write privileges, creation/deletion privileges, etc. I have tried to grant Storage Admin on just the bucket that I created for them that we want them to have access to, without having a rule set up in IAM, and that will not work. For other efforts that don't rely on FileZilla, we are able to simply grant access to singular buckets without granting project-wide IAM roles, and this will work. Hence, this seems like a FileZilla limitation to me at the moment, but I could be mistaken.
If we could grant Storage Admin on just the bucket, that would be acceptable. But having to grant project wide Storage Admin via IAM is unacceptable for a multitude of reasons.
Is this expected behavior? Or is there a workaround for this? In the GCS FileZilla documentation I can't seem to find anything about the rules required in GCP for this effort, and in GCP documentation, I can't find anything specific to FileZilla or granting SFTP Clients access either.