Manage the ACL of an object - Object Storage Service - Alibaba Cloud Documentation Center

You can set the access control list (ACL) of an object to one of the following values: Inherited from the bucket, Private, Public Read, and Public Read/Write. This topic describes how to manage the ACL of an object.

Object ACLs


ACL	Description	Value
Inherited from the bucket	The ACL of the object is the same as the ACL of the bucket in which the object is stored.	default
Private	Only the object owner and authorized users are granted the read and write permissions on the object.	private
Public read	Only the object owner and authorized users have read and write permissions on the object. Other users have only read permissions on the object. Exercise caution when you set the ACL of the object to this value.	public-read
Public read/write	All users have read and write permissions on the object. Exercise caution when you set the ACL of the object to this value.	public-read-write

The ACL of the object takes precedence over the ACL of the bucket. For example, if the ACL of a bucket is private and the ACL of an object that is stored in the bucket is public, all users are granted read and write permissions on the object. If the ACL of an object is not configured, the ACL of the object is the same as the ACL of the bucket in which the object is stored.

Configure the ACL of an object

The following code provides an example on how to set the ACL of an object named exampleobject.txt in a bucket named examplebucket to private:

OSSPutObjectACLRequest *request = [OSSPutObjectACLRequest new];
// Specify the name of the bucket. Example: examplebucket. 
request.bucketName = @"examplebucket";
// Specify the full path of the object. The full path cannot contain the bucket name. Example: exampleobject.txt. 
request.objectKey = @"exampleobject.txt";
/**
 * Configure the ACL of the object. 
 * public-read
 * private
 * public-read-write
 * default: inherited from the bucket
 */
request.acl = @"private";

OSSTask * putObjectACLTask = [client putObjectACL:request];
[putObjectACLTask continueWithBlock:^id(OSSTask *task) {
    if (!task.error) {
        NSLog(@"put object ACL success!");
    } else {
        NSLog(@"put object ACL failed, error: %@", task.error);
    }
    return nil;
}];

Query the ACL of an object

The following code provides an example on how to query the ACL of an object named exampleobject.txt in a bucket named examplebucket:

OSSGetObjectACLRequest *request = [OSSGetObjectACLRequest new];
// Specify the name of the bucket. Example: examplebucket. 
request.bucketName = @"examplebucket";
// Specify the full path of the object. The full path cannot contain the bucket name. Example: exampleobject.txt. 
request.objectName = @"exampleobject.txt";

OSSTask * getObjectACLTask = [client getObjectACL:request];
[getObjectACLTask continueWithBlock:^id(OSSTask *task) {
    if (!task.error) {
        OSSGetObjectACLResult *result = task.result;
        NSLog(@"objectACL: %@", result.grant);
    } else {
        NSLog(@"get object ACL failed, error: %@", task.error);
    }
    return nil;
}];

References

For more information about the API operation that you can call to configure the ACL of an object, see PutObjectACL.
For more information about the API operation that you can call to query the ACL of an object, see GetObjectACL.