All Products
Search
Document Center

Manage bucket ACLs

Last Updated: Aug 18, 2020

You can configure the access control list (ACL) when you create a bucket, or modify the ACL for a created bucket. This topic describes how to set and query the ACL of a bucket.

Set the ACL of a bucket

The following table describes the ACL of a bucket.

ACL

Description

Value

Private

Only the owner or authorized users of this bucket can read and write objects in the bucket. Other users, including anonymous users cannot access the objects in the bucket without authorization.

private

Public read

Only the owner or authorized users of this bucket can write objects in the bucket. Other users, including anonymous users can only read objects from the bucket. We recommend that you exercise caution when you set the bucket ACL to public read.

public-read

Public read/write

Any users, including anonymous users can read and write objects in the bucket. We recommend that you exercise caution when you set the bucket ACL to public read/write.

public-read-write

  • Set the ACL when you create a bucket

    The following code provides an example on how to set the ACL when you create a bucket:

const OSS = require('ali-oss');

const client = new OSS({
  // The endpoint of the China (Hangzhou) region is used in this example. Specify the actual endpoint.
  region: '<Your region>',
  // Security risks may arise if you use the AccessKey pair of an Alibaba Cloud account to log on to OSS because the account has permissions on all API operations. We recommend that you use your RAM user's credentials to call API operations or perform routine operations and maintenance. To create a RAM user, log on to the RAM console.
  accessKeyId: '<Your AccessKeyId>',
  accessKeySecret: '<Your AccessKeySecret>',
  bucket: '<Your bucket name>',
});
// The following code provides an example on how to set the ACL to public-read when you create a bucket.
async function putBucket() {
  const acl = 'public-read';   try {
    await client.putBucket('<Your Bucket Name>', { acl });
  } catch (error) {
    console.log(error)
  }
}

putBucket()
  • Modify the ACL after you create a bucket

    The following code provides an example on how to modify the ACL after you create a bucket:

    const OSS = require('ali-oss');
    
    const client = new OSS({
      // The endpoint of the China (Hangzhou) region is used in this example. Specify the actual endpoint.
      region: '<Your region>',
      // Security risks may arise if you use the AccessKey pair of an Alibaba Cloud account to log on to OSS because the account has permissions on all API operations. We recommend that you use your RAM user's credentials to call API operations or perform routine operations and maintenance. To create a RAM user, log on to the RAM console.
      accessKeyId: '<Your AccessKeyId>',
      accessKeySecret: '<Your AccessKeySecret>',
      bucket: '<Your bucket name>',
    });
    
    
    async function putBucketACL() {
    // The following code provides an example on how to change the ACL to private after you create a bucket.
      const acl = 'private'  
      try {
        await client.putBucketACL('<Your Bucket Name>', acl)
      } catch (error) {
        console.log(error)
      }
    }
    
    putBucketACL()

Query the ACL of a bucket

The following code provides an example on how to query the ACL of a bucket:

const OSS = require('ali-oss');

const client = new OSS({
  // The endpoint of the China (Hangzhou) region is used in this example. Specify the actual endpoint.
  region: '<Your region>',
  // Security risks may arise if you use the AccessKey pair of an Alibaba Cloud account to log on to OSS because the account has permissions on all API operations. We recommend that you use your RAM user's credentials to call API operations or perform routine operations and maintenance. To create a RAM user, log on to the RAM console.
  accessKeyId: '<Your AccessKeyId>',
  accessKeySecret: '<Your AccessKeySecret>',
  bucket: '<Your bucket name>',
});

// Query the ACL of the bucket.
async function getBucketAcl() {
  const result = await client.getBucketACL('<Your Bucket Name>')
  console.log('acl: ', result.acl)
}

getBucketAcl()