Object Storage Service (OSS) allows you to control access at the bucket level.

The following table describes the ACLs for buckets.

ACL Permission Access control
public-read-write Public read/write Anyone, including anonymous users, can perform read and write operations on the objects in the bucket.
Warning All users on the Internet can have access to the objects in the bucket and write data to the bucket. This may result in unexpected access to the data in your bucket and out-of-control costs. If a user uploads prohibited data or information, your legitimate interests and rights may be infringed. Therefore, we recommend that you do not set your bucket ACL to public read/write except in special cases.
public-read Public read and private write Only the bucket owner can perform write operations on the objects in the bucket. Other users, including anonymous users can perform only read operations on the objects in the bucket.
Warning All users on the Internet can have access to the objects in the bucket. This may leak your bucket data and result in out-of-control costs. Therefore, we recommend that you exercise caution when you set your bucket ACL to public read.
private Private read/write Only the bucket owner can perform read and write operations on the objects in the bucket. Other users have no access to the objects in the bucket.
Note
  • When you create a bucket without specifying its ACL, OSS automatically set the ACL of the bucket to private.
  • Before you access a private resource, you must obtain permissions. For more information, see Access control.
  • Only the bucket owner can call the PutBucketAcl operation to modify the ACL of an existing bucket.