A bucket is a container for objects stored in OSS. Every object is contained in a bucket. This topic describes how to configure and obtain the access control list (ACL) of a bucket.
Configure the ACL for a bucket
The following table describes the ACLs for buckets.
ACL | Description | Value |
---|---|---|
Private | Only the owner or authorized users of a bucket have the read and write permissions on objects in the bucket. | CannedAccessControlList.Private |
Public read | Only the owner or authorized users of a bucket have the read and write permissions on objects in the bucket. Other users have only the read permissions on the objects in the bucket. Exercise caution when you grant this permission. | CannedAccessControlList.PublicRead |
Public read/write | All users of a bucket have the read and write permissions on all objects in the bucket. Exercise caution when you grant this permission. | CannedAccessControlList.PublicReadWrite |
The following code provides an example on how to configure the ACL for a bucket:
// This example uses the endpoint of the China (Hangzhou) region. Specify the actual endpoint based on your requirements.
String endpoint = "http://oss-cn-hangzhou.aliyuncs.com";
// Security risks may arise if you use the AccessKey pair of an Alibaba Cloud account to log on to OSS, because the account has permissions on all API operations. We recommend that you use a RAM user to call API operations or perform routine operations and maintenance. To create a RAM user, log on to https://ram.console.aliyun.com.
String accessKeyId = "<yourAccessKeyId>";
String accessKeySecret = "<yourAccessKeySecret>";
// Create an OSSClient instance.
OSS ossClient = new OSSClientBuilder().build(endpoint, accessKeyId, accessKeySecret);
// Configure the ACL of the bucket to private.
ossClient.setBucketAcl("<yourBucketName>", CannedAccessControlList.Private);
// Shut down the OSSClient instance.
ossClient.shutdown();
For more information about how to configure the ACL for a bucket, see PutBucketACL.
Obtain the ACL of a bucket
The following code provides an example on how to obtain the ACL of a bucket:
// This example uses the endpoint of the China (Hangzhou) region. Specify the actual endpoint based on your requirements.
String endpoint = "http://oss-cn-hangzhou.aliyuncs.com";
// Security risks may arise if you use the AccessKey pair of an Alibaba Cloud account to log on to OSS, because the account has permissions on all API operations. We recommend that you use a RAM user to call API operations or perform routine operations and maintenance. To create a RAM user, log on to https://ram.console.aliyun.com.
String accessKeyId = "<yourAccessKeyId>";
String accessKeySecret = "<yourAccessKeySecret>";
// Create an OSSClient instance.
OSS ossClient = new OSSClientBuilder().build(endpoint, accessKeyId, accessKeySecret);
// Obtain the ACL of the bucket.
AccessControlList acl = ossClient.getBucketAcl("<yourBucketName>");
System.out.println(acl.toString());
// Shut down the OSSClient instance.
ossClient.shutdown();
For more information about how to obtain the ACL of a bucket, see GetBucketAcl.