Tetap teratur dengan koleksi
Simpan dan kategorikan konten berdasarkan preferensi Anda.
Halaman ini memberikan ringkasan folder terkelola di Cloud Storage.
Folder terkelola adalah jenis folder yang dapat Anda berikan peran IAM-nya, sehingga Anda memiliki kontrol akses yang lebih terperinci atas kelompok objek tertentu dalam bucket. Folder terkelola ada sebagai resource dalam
Cloud Storage dan berbeda dari
folder simulasi, yang beroperasi dengan namespace datar.
IAM untuk folder terkelola
Saat Anda menerapkan kebijakan IAM pada folder terkelola, akses yang diberikan dalam kebijakan juga berlaku untuk objek apa pun dalam bucket tersebut yang memiliki nama folder terkelola sebagai awalan. Misalnya, jika Anda memberikan peran
Storage Object Viewer (roles/storage.objectViewer) kepada akun utama di folder terkelola
bernama example-bucket/example-managed-folder/, akun utama tersebut dapat melihat objek apa pun
dalam example-managed-folder (seperti
example-bucket/example-managed-folder/example-object.txt).
Saat Anda menyusun folder terkelola, izin yang diberikan melalui
kebijakan IAM diterapkan secara aditif.
Folder terkelola hanya dapat dibuat di bucket yang mengaktifkan akses level bucket yang seragam.
Baca halaman berikut untuk mengetahui informasi selengkapnya tentang folder terkelola:
Nama folder terkelola harus diakhiri dengan /. Maksimal, nama folder terkelola dapat
memiliki 15 /. Dengan kata lain, folder terkelola dapat disusun bertingkat hingga 15 tingkat.
Nama folder terkelola tidak boleh diawali dengan .well-known/acme-challenge/.
Folder terkelola tidak boleh diberi nama . atau ...
Sebaiknya hindari hal-hal berikut dalam nama folder terkelola Anda:
Karakter kontrol yang tidak sah di XML 1.0
(#x7F–#x84 dan #x86–#x9F): karakter ini menyebabkan masalah pencantuman XML
saat Anda mencoba mencantumkan folder terkelola.
Karakter [, ], *, atau ?: Google Cloud CLI menginterpretasikan
karakter ini sebagai karakter pengganti, sehingga menyertakannya dalam nama folder terkelola dapat
membuat operasi karakter pengganti sulit atau tidak mungkin dilakukan dengan
alat. Selain itu, * dan ? bukan karakter yang valid untuk nama file di
Windows.
Informasi identitas pribadi (PII) atau sensitif: nama folder terkelola
terlihat lebih luas daripada data objek. Misalnya, nama folder terkelola
muncul di URL untuk objek dan saat mencantumkan objek di dalam bucket.
Pertimbangan
Saat menggunakan folder terkelola, perhatikan pertimbangan berikut:
Folder terkelola dapat dibuat sebagai pengganti folder simulasi, yang berarti
Anda dapat membuat folder terkelola dan menamainya sesuai dengan awalan objek, selama
belum ada folder terkelola yang menggunakan nama tersebut. Misalnya, Anda
dapat membuat folder terkelola bernama my-folder/, meskipun Anda memiliki
objek bernama my-folder/object.txt. Perhatikan bahwa kebijakan IAM
di folder terkelola my-folder/ kemudian akan berlaku untuk semua objek yang memiliki
my-folder/ sebagai awalan nama.
Anda dapat membuat folder terkelola turunan sebelum folder terkelola induk dibuat. Misalnya, Anda dapat membuat folder terkelola bernama my-folder-A/my-folder-B/ tanpa membuat folder terkelola bernama my-folder-A/ terlebih dahulu.
Secara default, Anda tidak dapat menghapus folder terkelola yang tidak kosong dan berisi objek
atau folder terkelola turunan lainnya. Anda dapat melewati aturan ini saat menggunakan
parameter allowNonEmpty dalam permintaan Delete ManagedFolder JSON API.
Nama folder terkelola terlihat dalam pesan error dan Cloud Audit Logs saat permintaan untuk menghapus folder yang memiliki folder terkelola di jalur yang sama gagal, meskipun tanpa izin storage.managedFolders.get atau storage.managedFolders.list yang eksplisit.
[[["Mudah dipahami","easyToUnderstand","thumb-up"],["Memecahkan masalah saya","solvedMyProblem","thumb-up"],["Lainnya","otherUp","thumb-up"]],[["Sulit dipahami","hardToUnderstand","thumb-down"],["Informasi atau kode contoh salah","incorrectInformationOrSampleCode","thumb-down"],["Informasi/contoh yang saya butuhkan tidak ada","missingTheInformationSamplesINeed","thumb-down"],["Masalah terjemahan","translationIssue","thumb-down"],["Lainnya","otherDown","thumb-down"]],["Terakhir diperbarui pada 2025-08-18 UTC."],[],[],null,["# Managed folders\n\nThis page provides an overview of managed folders in Cloud Storage.\nManaged folders are a type of folder on which you can grant IAM\nroles, so you have more fine-grained access control over specific groups of\nobjects within a bucket. Managed folders exist as resources within\nCloud Storage and are different from\n[simulated folders](/storage/docs/objects#simulated-folders), which operate with a flat namespace.\n\nIAM for managed folders\n-----------------------\n\nWhen you apply an IAM policy on a managed folder, the access\ngranted in the policy also applies to any object within that bucket that has the\nmanaged folder's name as a prefix. For example, if you grant a principal the\nStorage Object Viewer (`roles/storage.objectViewer`) role on a managed folder\nnamed `example-bucket/example-managed-folder/`, the principal can view any\nobject within `example-managed-folder` (such as\n`example-bucket/example-managed-folder/example-object.txt`).\nWhen you nest managed folders, the permissions granted through\nIAM policies are applied additively.\n\nManaged folders can only be created in buckets that have uniform bucket-level access\nenabled.\n\nRead the following pages for more information about managed folders:\n\n- [Creating and managing managed folders](/storage/docs/creating-managing-managed-folders)\n\n- [Control access to managed folders](/storage/docs/access-control/using-iam-for-managed-folders)\n\n- [ManagedFolder reference page](/storage/docs/json_api/v1/managedFolder) for the JSON API\n\nManaged folder names\n--------------------\n\nThe name you give to a managed folder must meet the following requirements:\n\n- Managed folder names can contain any sequence of valid Unicode characters, of\n length 1-1024 bytes when UTF-8 encoded.\n\n- Managed folder names cannot contain\n [Carriage Return or Line Feed characters](https://en.wikipedia.org/wiki/Newline#Unicode).\n\n- Managed folder names must end with `/`. At most, a managed folder name can\n have 15 `/`s. In other words, managed folders can be nested up to 15 levels\n deep.\n\n- Managed folder names cannot start with `.well-known/acme-challenge/`.\n\n- Managed folders cannot be named `.` or `..`.\n\nIt is strongly recommended that you avoid the following in your managed folder\nnames:\n\n- [Control characters](http://www.w3.org/TR/xml/#charsets) that are illegal in XML 1.0\n (#x7F--#x84 and #x86--#x9F): these characters cause XML listing\n issues when you try to list your managed folders.\n\n- The `[`, `]`, `*`, or `?` characters: the Google Cloud CLI interprets\n these characters as wildcards, so including them in managed folder names can\n make it difficult or impossible to perform [wildcard operations](/storage/docs/wildcards) with the\n tool. Additionally, `*` and `?` are not valid characters for file names in\n Windows.\n\n- Sensitive or personally identifiable information (PII): managed folder names\n are more broadly visible than object data. For example, managed folder names\n appear in URLs for the object and when listing objects in a bucket.\n\nConsiderations\n--------------\n\nWhen working with managed folders, note the following considerations:\n\n- Managed folders can be created in place of [simulated folders](/storage/docs/objects#simulated-folders), which means\n that you can create a managed folder and name it after an object's prefix, as\n long as there isn't already a managed folder using that name. For example, you\n can create a managed folder named `my-folder/`, even if you have an existing\n object named `my-folder/object.txt`. Note that the IAM policy\n on the managed folder `my-folder/` will then apply to all objects that has\n `my-folder/` as a name prefix.\n\n- You can create child managed folders before the parent managed folder is\n created. For example, you can create a managed folder named\n `my-folder-A/my-folder-B/` without first creating a managed folder named\n `my-folder-A/`.\n\n- By default, you can't delete a non-empty managed folder that contains objects\n or other child managed folders. You can bypass this rule when using the\n `allowNonEmpty` parameter in a [`Delete` ManagedFolder JSON API request](/storage/docs/json_api/v1/managedFolder/delete).\n\n- Managed folder names are visible in error messages and Cloud Audit Logs when a\n request to delete a [folder](/storage/docs/folders-overview) that has a managed folder at the same path\n fails, even without explicit `storage.managedFolders.get` or\n `storage.managedFolders.list` permissions.\n\nWhat's next\n-----------\n\n- [Create and manage managed folders](/storage/docs/creating-managing-managed-folders).\n\n- Learn about [simulated folders](/storage/docs/objects#simulated-folders).\n\n- [Upload objects](/storage/docs/uploading-objects) to a Cloud Storage bucket."]]
