All Products
Search
Document Center

Object Storage Service:GetObjectACL

Last Updated:Aug 28, 2023

Queries the access control list (ACL) of an object in a bucket.

Versioning

By default, when you call the GetObjectACL operation to query the ACL of an object, only the ACL of the current version of the object is returned. You can specify the versionId parameter in the request to query the ACL of a specified version of an object. If the specified version is a delete marker, Object Storage Service (OSS) returns 404 Not Found.

Note

If you call the GetObjectACL operation to query the ACL of an object for which no ACL is configured, OSS returns the default ACL of this object. In this case, the ACL of this object is the same as the ACL of the bucket in which the object is stored. For example, if the ACL of the bucket in which the object is stored is private, the ACL of the object is also private.

Request syntax

GET /ObjectName?acl HTTP/1.1
Host: BucketName.oss-cn-hangzhou.aliyuncs.com
Date: GMT Date
Authorization: SignatureValue

Request headers

This request contains only common request headers. For more information, see Common HTTP headers.

Response headers

This request contains only common response headers. For more information, see Common HTTP headers.

Response elements

Element

Type

Description

AccessControlList

Container

The container that stores the ACL information.

Parent nodes: AccessControlPolicy

AccessControlPolicy

Container

The container that stores the results of the GetObjectACL request.

Parent nodes: none

DisplayName

String

The name of the bucket owner, which is the same as the user ID.

Parent nodes: AccessControlPolicy.Owner

Grant

Enumerated string

The ACL of the object. Default value: default.

Valid values:

  • default: The ACL of the object is the same as the ACL of the bucket in which the object is stored.

  • private: The ACL of the object is private.

  • public-read: The ACL of the object is public read.

  • public-read-write: The ACL of the object is public read/write.

Parent nodes: AccessControlPolicy.AccessControlList

ID

String

The user ID of the bucket owner.

Parent nodes: AccessControlPolicy.Owner

Owner

Container

The container that stores the information about the bucket owner.

Parent nodes: AccessControlPolicy

Examples

  • Query the ACL of an object in an unversioned bucket

    Sample requests

    GET /test-object?acl HTTP/1.1
    Host: oss-example.oss-cn-hangzhou.aliyuncs.com
    Date: Wed, 29 Apr 2015 05:21:12 GMT
    Authorization: OSS qn6qrrqxo2oawuk53otfjbyc:CTkuxpLAi4XZ+WwIfNm0Fmgb****

    Sample responses

    HTTP/1.1 200 OK
    x-oss-request-id: 559CC9BDC755F95A64485981
    Date: Wed, 29 Apr 2015 05:21:12 GMT
    Content-Length: 253
    Content-Type: application/xml
    Connection: keep-alive
    Server: AliyunOSS
    <?xml version="1.0" ?>
    <AccessControlPolicy>
        <Owner>
            <ID>00220120222</ID>
            <DisplayName>00220120222</DisplayName>
        </Owner>
        <AccessControlList>
            <Grant>public-read </Grant>
        </AccessControlList>
    </AccessControlPolicy>
  • Query the ACL of an object in a versioned bucket

    Sample requests

    GET /example?acl&versionId=CAEQMhiBgMC1qpSD0BYiIGQ0ZmI5ZDEyYWVkNTQwMjBiNTliY2NjNmY3ZTVk**** HTTP/1.1
    Host: oss-example.oss-cn-hangzhou.aliyuncs.com
    Date: Tue, 09 Apr 2019 06:30:10 GMT
    Authorization: OSS qctg2ns3l8u51iu:w4DK66Kb/0M9GJKdsrpNs8l1****

    Sample responses

    HTTP/1.1 200 OK
    x-oss-version-id: CAEQMhiBgMC1qpSD0BYiIGQ0ZmI5ZDEyYWVkNTQwMjBiNTliY2NjNmY3ZTVk****
    x-oss-request-id: 5CAC3BF2B7AEADE017000621
    Date: Tue, 09 Apr 2019 06:30:10 GMT
    Content-Length: 261
    Content-Type: application/xml
    Connection: keep-alive
    Server: AliyunOSS
    <?xml version="1.0" encoding="UTF-8"?>
    <AccessControlPolicy>
      <Owner>
        <ID>1234513715092****</ID>
        <DisplayName>1234513715092****</DisplayName>
      </Owner>
      <AccessControlList>
        <Grant>public-read</Grant>
      </AccessControlList>
    </AccessControlPolicy>

SDK

You can use OSS SDKs for the following programming languages to call the GetObjectACL operation:

Error codes

Error code

HTTP status code

Error message

Description

AccessDenied

403

You do not have read acl permission on this object.

The error message returned because you are not authorized to perform the GetObjectACL operation. Only the bucket owner has permissions to call the GetObjectACL operation to query the ACL of an object in the bucket.

FileAlreadyExists

409

The object you specified already exists and is a directory.

The error message returned because the object whose ACL you want to query is a directory in a bucket for which the hierarchical namespace feature is enabled.