A bucket is a container for objects stored in OSS. Every object is contained in a bucket. This topic describes how to configure and obtain the access control list (ACL) of a bucket.

Configure the ACL for a bucket

The following table describes the ACLs for buckets.

ACL Description Value
Private Only the owner or authorized users of a bucket have the read and write permissions on objects in the bucket. CannedAccessControlList.Private
Public read Only the owner or authorized users of a bucket have the read and write permissions on objects in the bucket. Other users have only the read permissions on the objects in the bucket. Exercise caution when you grant this permission. CannedAccessControlList.PublicRead
Public read/write All users of a bucket have the read and write permissions on all objects in the bucket. Exercise caution when you grant this permission. CannedAccessControlList.PublicReadWrite

The following code provides an example on how to configure the ACL for a bucket:

// This example uses the endpoint of the China (Hangzhou) region. Specify the actual endpoint based on your requirements.
String endpoint = "http://oss-cn-hangzhou.aliyuncs.com";
// Security risks may arise if you use the AccessKey pair of an Alibaba Cloud account to log on to OSS, because the account has permissions on all API operations. We recommend that you use a RAM user to call API operations or perform routine operations and maintenance. To create a RAM user, log on to https://ram.console.aliyun.com.
String accessKeyId = "<yourAccessKeyId>";
String accessKeySecret = "<yourAccessKeySecret>";

// Create an OSSClient instance.
OSS ossClient = new OSSClientBuilder().build(endpoint, accessKeyId, accessKeySecret);

// Configure the ACL of the bucket to private.
ossClient.setBucketAcl("<yourBucketName>", CannedAccessControlList.Private);

// Shut down the OSSClient instance.
ossClient.shutdown();            

For more information about how to configure the ACL for a bucket, see PutBucketACL.

Obtain the ACL of a bucket

The following code provides an example on how to obtain the ACL of a bucket:

// This example uses the endpoint of the China (Hangzhou) region. Specify the actual endpoint based on your requirements.
String endpoint = "http://oss-cn-hangzhou.aliyuncs.com";
// Security risks may arise if you use the AccessKey pair of an Alibaba Cloud account to log on to OSS, because the account has permissions on all API operations. We recommend that you use a RAM user to call API operations or perform routine operations and maintenance. To create a RAM user, log on to https://ram.console.aliyun.com.
String accessKeyId = "<yourAccessKeyId>";
String accessKeySecret = "<yourAccessKeySecret>";

// Create an OSSClient instance.
OSS ossClient = new OSSClientBuilder().build(endpoint, accessKeyId, accessKeySecret);
// Obtain the ACL of the bucket.
AccessControlList acl = ossClient.getBucketAcl("<yourBucketName>");
System.out.println(acl.toString());

// Shut down the OSSClient instance.
ossClient.shutdown();            

For more information about how to obtain the ACL of a bucket, see GetBucketAcl.