All Products
Search
Document Center

Object Storage Service:Manage bucket ACLs

Last Updated:Oct 17, 2023

A bucket is a container for objects stored in Object Storage Service (OSS). All objects in OSS are stored in buckets. This topic describes how to configure and query the access control list (ACL) of a bucket.

The following table describes the bucket ACLs.

ACL

Description

Value

Private

Only the bucket owner and authorized users have read and write permissions on objects in the bucket. Other users cannot access the objects in the bucket.

Aliyun::OSS::ACL::PRIVATE

Public-read

Only the bucket owner and authorized users have read and write permissions on objects in the bucket. Other users, including anonymous users, have only read permissions on the objects in the bucket.

Warning

If you set the ACL of a bucket to public-read, all users can access the objects in the bucket over the Internet. This may result in unauthorized access to the data in your bucket, and you may be charged unexpected fees. We recommend that you exercise caution when you set the ACL of a bucket to this value.

Aliyun::OSS::ACL::PUBLIC_READ

Public-read-write

All users, including anonymous users, have read and write permissions on objects in the bucket.

Warning

If you set the ACL of the objects to Public Read/Write, all users can read and write the objects. This may result in unauthorized access to the data in your bucket, and you may be charged unexpected fees. If a user uploads prohibited data or information, your legitimate interests and rights may be infringed. We recommend that you do not set the ACL of a bucket to this value unless necessary.

Aliyun::OSS::ACL::PUBLIC_READ_WRITE

Configure the ACL of a bucket

The following code provides an example on how to configure the ACL of a bucket:

require 'aliyun/oss'

client = Aliyun::OSS::Client.new(
  # In this example, the endpoint of the China (Hangzhou) region is used. Specify your actual endpoint. 
  endpoint: 'https://oss-cn-hangzhou.aliyuncs.com',
  # Obtain access credentials from environment variables. Before you run the sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are configured. 
  access_key_id: ENV['OSS_ACCESS_KEY_ID'],
  access_key_secret: ENV['OSS_ACCESS_KEY_SECRET']
)
# Specify the name of the bucket. Example: examplebucket. 
bucket = client.get_bucket('examplebucket')
bucket.acl = Aliyun::OSS::ACL::PUBLIC_READ
puts bucket.acl

Query the ACL of a bucket

The following code provides an example on how to query the ACL of a bucket:

require 'aliyun/oss'

client = Aliyun::OSS::Client.new(
  # In this example, the endpoint of the China (Hangzhou) region is used. Specify your actual endpoint. 
  endpoint: 'https://oss-cn-hangzhou.aliyuncs.com',
  # Obtain access credentials from environment variables. Before you run the sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are configured. 
  access_key_id: ENV['OSS_ACCESS_KEY_ID'],
  access_key_secret: ENV['OSS_ACCESS_KEY_SECRET']
)
# Specify the name of the bucket. Example: examplebucket. 
bucket = client.get_bucket('examplebucket')
puts bucket.acl

References

  • For more information about the API operation that you can call to configure the ACL of a bucket, see PutBucketAcl.

  • For more information about the API operation that you can call to query the ACL of a bucket, see GetBucketAcl.