All Products
Search
Document Center

Object Storage Service:Manage the ACL of an object

Last Updated:Oct 19, 2023

In addition to bucket-level access control lists (ACLs), Object Storage Service (OSS) provides object-level ACLs. You can configure the ACL of an object when you upload the object or change the ACL of an uploaded object.

Object ACLs

The following table describes the ACLs that you can configure for an object.

ACL

Description

Value

Inherited from bucket

The ACL of the object is the same as the ACL of the bucket in which the object is stored.

default

Private

Only the object owner or authorized users have read and write permissions on the object.

private

Public read

Only the object owner and authorized users have read and write permissions on the object. Other users have only read permissions on the object. Exercise caution when you set the ACL to this value.

public-read

Public read/write

All users have read and write permissions on the object. Exercise caution when you set the ACL to this value.

public-read-write

Configure the ACL of an object

The following sample code provides an example on how to configure the ACL of an object:

const oss = require('ali-oss');

const client = oss({ 
  // Specify the region in which the bucket is located. For example, if the bucket is located in the China (Hangzhou) region, set the region to oss-cn-hangzhou. 
  region: 'yourregion',
  // Obtain access credentials from environment variables. Before you run the sample code, make sure that you have configured environment variables OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET. 
  accessKeyId: process.env.OSS_ACCESS_KEY_ID,
  accessKeySecret: process.env.OSS_ACCESS_KEY_SECRET,
  // Specify the name of the bucket. 
  bucket: 'yourbucketname'
});
  
async function setACL() {
  try {
    // Specify the full path of the object. Do not include the bucket name in the full path. 
    await client.putACL('yourObjectName', 'private');
    console.log('Set ACL successfully');
  } catch (e) {
    console.error(e);
  }
}

setACL();

Query the ACL of an object

The following sample code provides an example on how to query the ACL of an object:

const oss = require('ali-oss');

const client = oss({
  // Specify the region in which the bucket is located. For example, if the bucket is located in the China (Hangzhou) region, set the region to oss-cn-hangzhou. 
  region: 'yourregion',
  // Obtain access credentials from environment variables. Before you run the sample code, make sure that you have configured environment variables OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET. 
  accessKeyId: process.env.OSS_ACCESS_KEY_ID,
  accessKeySecret: process.env.OSS_ACCESS_KEY_SECRET,
  // Specify the name of the bucket. 
  bucket: 'yourbucketname',
});
  
async function getACL() {
  try {
    // Specify the full path of the object. Do not include the bucket name in the full path. 
    const result = await client.getACL('yourObjectName');
    console.log(result.acl);
  } catch (e) {
    console.error(e);
  }
}

getACL();

References

  • For the complete sample code that is used to manage the ACL of an object, visit GitHub.

  • For more information about the API operation that you can call to configure the ACL of an object, see PutObjectACL.

  • For more information about the API operation that you can call to query the ACL of an object, see GetObjectACL.