This topic describes how to manage the ACLs for objects in a bucket with versioning enabled or suspended.

Set the ACL for an object

PutObjectACL sets the ACL for the current version of the target object by default. If the current version of the target object is a delete marker, the 404 Not Found error is returned. You can set the versionId in the request to set the ACL for a specified version of the target object.

You can run the following code to set the ACL for an object:
// This example uses the China East 1 (Hangzhou) endpoint. Specify the actual endpoint based on your requirements.
String endpoint = "http://oss-cn-hangzhou.aliyuncs.com";
// It is highly risky to log on with the AccessKey of an Alibaba Cloud account because the account has permissions on all the APIs in OSS. We recommend that you log on as a RAM user to access APIs or perform routine operations and maintenance. To create a RAM user account, log on to https://ram.console.aliyun.com.
String accessKeyId = "<yourAccessKeyId>";
String accessKeySecret = "<yourAccessKeySecret>";
String bucketName = "<yourBucketName>";
String objectName = "<yourObjectName>";
String versionid = "<yourObjectVersionid>";

// Creates an OSSClient instance.
OSS ossClient = new OSSClientBuilder().build(endpoint, accessKeyId, accessKeySecret);

// Creates a SetObjectAclRequest object. In this example, the ACL for the object is set to public-read.
SetObjectAclRequest setObjectAclRequest = new SetObjectAclRequest(bucketName, objectName,
        versionid, CannedAccessControlList.PublicRead);

// Sets the ACL for the specified version of the object.
ossClient.setObjectAcl(setObjectAclRequest);

// Closes the OSSClient instance.
ossClient.shutdown();

For more information about setting the ACL for an object, see PutObjectACL.

Obtain the ACL for an object

GetObjectACL obtains the ACL for the current version of the target object by default. If the current version of the object is a delete marker, the 404 Not Found error is returned. You can specify the versionId in the request to obtain the ACL for a specified version of the target object.

You can run the following code to obtain the ACL for an object:
// This example uses the China East 1 (Hangzhou) endpoint. Specify the actual endpoint based on your requirements.
String endpoint = "http://oss-cn-hangzhou.aliyuncs.com";
// It is highly risky to log on with the AccessKey of an Alibaba Cloud account because the account has permissions on all the APIs in OSS. We recommend that you log on as a RAM user to access APIs or perform routine operations and maintenance. To create a RAM user account, log on to https://ram.console.aliyun.com.
String accessKeyId = "<yourAccessKeyId>";
String accessKeySecret = "<yourAccessKeySecret>";
String bucketName = "<yourBucketName>";
String objectName = "<yourObjectName>";
String versionid = "<yourObjectVersionid>";

// Creates an OSSClient instance.
OSS ossClient = new OSSClientBuilder().build(endpoint, accessKeyId, accessKeySecret);

// Obtains the ACL for the object.
GenericRequest genericRequest = new GenericRequest(bucketName, objectName, versionid);
ObjectAcl objectAcl = ossClient.getObjectAcl(genericRequest);
System.out.println("get object acl: " + objectAcl.getPermission().toString());
System.out.println("object versionid: " + objectAcl.getVersionId());

// Closes the OSSClient instance.
ossClient.shutdown();

For more information about obtaining the ACL for an object, see GetObjectACL.