This topic describes how to manage the ACLs for objects in a bucket with versioning enabled or suspended.

Set the ACL for an object

PutObjectACL sets the ACL for the current version of the target object by default. If the current version of the target object is a delete marker, the 404 Not Found error is returned. You can set the versionId in the request to set the ACL for a specified version of the target object.

You can run the following code to set the ACL for an object:
# -*- coding: utf-8 -*-
import oss2

# It is highly risky to log on with the AccessKey of an Alibaba Cloud account because the account has permissions on all the APIs in OSS. We recommend that you log on as a RAM user to access APIs or perform routine operations and maintenance. To create a RAM user account, log on to https://ram.console.aliyun.com.
auth = oss2.Auth('<yourAccessKeyId>', '<yourAccessKeySecret>')
# This example uses the China East 1 (Hangzhou) endpoint. Specify the actual endpoint based on your requirements.
bucket = oss2.Bucket(auth, 'http://oss-cn-hangzhou.aliyuncs.com', '<yourBucketName>')

# Sets the ACL for a specified version of the object. In this example, the ACL for the object is modified to public-read.
params = dict()
params['versionId'] = '<yourObjectVersionId>'
result = bucket.put_object_acl(<'yourObjectName'>, oss2.OBJECT_ACL_PUBLIC_READ, params = params)
# Views the version ID of the object for which the ACL is modified.
print('set acl object versionid:', result.versionid)

For more information about setting the ACL for an object, see PutObjectACL.

Obtain the ACL for an object

GetObjectACL obtains the ACL for the current version of the target object by default. If the current version of the object is a delete marker, the 404 Not Found error is returned. You can specify the versionId in the request to obtain the ACL for a specified version of the target object.

You can run the following code to obtain the ACL for an object:
# -*- coding: utf-8 -*-
import oss2

# It is highly risky to log on with the AccessKey of an Alibaba Cloud account because the account has permissions on all the APIs in OSS. We recommend that you log on as a RAM user to access APIs or perform routine operations and maintenance. To create a RAM user account, log on to https://ram.console.aliyun.com.
auth = oss2.Auth('<yourAccessKeyId>', '<yourAccessKeySecret>')
# This example uses the China East 1 (Hangzhou) endpoint. Specify the actual endpoint based on your requirements.
bucket = oss2.Bucket(auth, 'http://oss-cn-hangzhou.aliyuncs.com', '<yourBucketName>')

# Obtains the ACL for a specified version of the object.
params = dict()
params['versionId'] = '<yourObjectVersionId>'
result = bucket.get_object_acl(<'yourObjectName'>, params = params)
# Views the obtained ACL for the specified version of the object.
print('get object acl :', result.acl)
# Views the version ID of the object for which the ACL is obtained.
print('object version id:', result.versionid)

For more information about obtaining the ACL for an object, see GetObjectACL.