Bucket permission control

Last Updated: Mar 20, 2017

OSS provides an Access Control List (ACL) for bucket-level access control. Currently, three access permissions are available for a bucket: public-read-write, public-read, and private.

  • public-read-write: Anyone (including anonymous users) can perform Put, Get, and Delete operations on the objects in the bucket. The expenses incurred by these operations shall be borne by the creator of the bucket. Please use this permission with caution.
  • public-read: Only the creator of a bucket can perform write operations (including Put Object and Delete Object) on objects in the bucket. Other users (including anonymous users) can perform read operations (Get Object) on objects in the bucket.
  • private: Only the creator of a bucket can perform read and write operations (including Put Object, Delete Object, and Get Object) on objects in the bucket. Other users cannot access objects in the bucket.

When a user creates a new bucket without designating the bucket permission, the OSS will automatically set the permission to private. For an existing bucket, only the creator of the bucket can change its permissions by using the Put Bucket Acl interface provided by the OSS.

Thank you! We've received your feedback.