This topic describes how to manage ACLs of objects in a versioning-enabled bucket.

Configure the ACL of an object

PutObjectACL sets the ACL for the current version of the target object by default. If the current version of the target object is a delete marker, the 404 Not Found error is returned. You can set the versionId in the request to set the ACL for a specified version of the target object.

The following code provides an example on how to configure the ACL of an object:

const OSS = require('ali-oss');

const client = new OSS({
  bucket: '<Your BucketName>',
  // The endpoint of the China (Hangzhou) region is used in this example. Specify the actual endpoint.
  region: '<Your Region>',
  // Security risks may arise if you use the AccessKey pair of an Alibaba Cloud account to log on to OSS because the account has permissions on all API operations. We recommend that you use your RAM user's credentials to call API operations or perform routine operations and maintenance. To create a RAM user, log on to the RAM console.
  accessKeyId: '<Your AccessKeyId>',
  accessKeySecret: '<Your AccessKeySecret>'
});

async function putACL() {
  const name = '<your objectName>'
  const acl = '<your acl>'
  const versionId = 'your versionId' // Configure the ACL of an object with the specified version ID.
 const options = {
    versionId
  };
  const result = client.putACL(name, acl, options);
  console.log(result);
}

putACL();

For more information about setting the ACL for an object, see PutObjectACL.

Obtain the ACL of an object

GetObjectACL obtains the ACL for the current version of the target object by default. If the current version of the object is a delete marker, the 404 Not Found error is returned. You can specify the versionId in the request to obtain the ACL for a specified version of the target object.

The following code provides an example on how to obtain the ACL of an object:

const OSS = require('ali-oss');

const client = new OSS({
  bucket: '<Your BucketName>',
  // The endpoint of the China (Hangzhou) region is used in this example. Specify the actual endpoint.
  region: '<Your Region>',
  // Security risks may arise if you use the AccessKey pair of an Alibaba Cloud account to log on to OSS because the account has permissions on all API operations. We recommend that you use your RAM user's credentials to call API operations or perform routine operations and maintenance. To create a RAM user, log on to the RAM console.
  accessKeyId: '<Your AccessKeyId>',
  accessKeySecret: '<Your AccessKeySecret>'
});

async function getACL() {
  const name = '<your objectName>'
  const versionId = 'your versionId' // View the version ID of the object of which the ACL is obtained.
  const options = {
    versionId
  };
  const result = client.getACL(name, options);
  console.log(result);
}

getACL();

For more information about obtaining the ACL for an object, see GetObjectACL.