A bucket is a container for objects stored in OSS. Every object is contained in a bucket. This topic describes how to configure and obtain the access control list (ACL) of a bucket.

Configure the ACL of a bucket

The following table describes the ACLs for buckets.

ACL Description Value
Private Only the owner or authorized users of a bucket have the read and write permissions on objects in the bucket. oss2.BUCKET_ACL_PRIVATE
Public read Only the owner or authorized users of a bucket have the read and write permissions on objects in the bucket. Other users (including anonymous users) have only read permissions on objects in the bucket. Exercise caution when you grant this permission. oss2.BUCKET_ACL_PUBLIC_READ
Public read/write All users of a bucket have the read and write permissions on objects in the bucket. Exercise caution when you grant this permission. oss2.BUCKET_ACL_PUBLIC_READ_WRITE

The following code provides an example on how to configure the ACL for a bucket:

# -*- coding: utf-8 -*-
import oss2

# Security risks may arise if you use the AccessKey pair of an Alibaba Cloud account to log on to OSS, because the account has permissions on all API operations. We recommend that you use a RAM user to call API operations or perform routine operations and maintenance. To create your RAM user, log on to https://ram.console.aliyun.com.
auth = oss2.Auth('<yourAccessKeyId>', '<yourAccessKeySecret>')
# This example uses the endpoint of the China (Hangzhou) region. Specify the actual endpoint based on your requirements.
bucket = oss2.Bucket(auth, 'http://oss-cn-hangzhou.aliyuncs.com', '<yourBucketName>')

# Configure the ACL of the bucket to private.
bucket.put_bucket_acl(oss2.BUCKET_ACL_PRIVATE)            

For more information about how to configure the ACL for a bucket, see PutBucketACL.

Obtain the ACL of a bucket

The following code provides an example on how to obtain the ACL of a bucket:

# -*- coding: utf-8 -*-
import oss2

# Security risks may arise if you use the AccessKey pair of an Alibaba Cloud account to log on to OSS, because the account has permissions on all API operations. We recommend that you use a RAM user to call API operations or perform routine operations and maintenance. To create your RAM user, log on to https://ram.console.aliyun.com.
auth = oss2.Auth('<yourAccessKeyId>', '<yourAccessKeySecret>')
# This example uses the endpoint of the China (Hangzhou) region. Specify the actual endpoint based on your requirements.
bucket = oss2.Bucket(auth, 'http://oss-cn-hangzhou.aliyuncs.com', '<yourBucketName>')

print(bucket.get_bucket_acl().acl)            

For more information about how to obtain the ACL of a bucket, see GetBucketAcl.