Obtains the ACL for an object in a bucket.

Versioning

GetObjectACL obtains the ACL for the current version of the target object by default. If the current version of the object is a delete marker, the 404 Not Found error is returned. You can specify the versionId in the request to obtain the ACL for a specified version of the target object.

Note If the ACL for an object has not been set, the ObjectACL in the response to the GetObjectACL request is default, which indicates that the ACL for the object is the same as that for the bucket. For example, if the ACL for the bucket is private, the ACL for the object is also private.

Request syntax

GET /ObjectName?acl HTTP/1.1
Host: BucketName.oss-cn-hangzhou.aliyuncs.com
Date: GMT Date
Authorization: SignatureValue

Response elements

Element Type Description
AccessControlList Container Specifies the container used to store the ACL information.

Parent node: AccessControlPolicy

AccessControlPolicy Container Specifies the container that stores the returned result of the GetObjectACL request.

Parent node: None

DisplayName String Indicates the name of the bucket owner, which is the same as the value of ID.

Parent node: AccessControlPolicy.Owner

Grant Enumerated string Indicates the ACL for the object.

Valid values: private, public-read, and public-read-write

Parent node: AccessControlPolicy.AccessControlList

ID String Indicates the user ID of the bucket owner.

Parent node: AccessControlPolicy.Owner

Owner Container Specifies the container used to store the information about the bucket owner.

Parent node: AccessControlPolicy

Examples

  • Normal request example:
    GET /test-object?acl HTTP/1.1
    Host: oss-example.oss-cn-hangzhou.aliyuncs.com
    Date: Wed, 29 Apr 2015 05:21:12 GMT
    Authorization: OSS qn6qrrqxo2oawuk53otfjbyc:CTkuxpLAi4XZ+WwIfNm0Fmgb****

    Response example:

    HTTP/1.1 200 OK
    x-oss-request-id: 559CC9BDC755F95A64485981
    Date: Wed, 29 Apr 2015 05:21:12 GMT
    Content-Length: 253
    Content-Tupe: application/xml
    Connection: keep-alive
    Server: AliyunOSS
    <?xml version="1.0" ?>
    <AccessControlPolicy>
        <Owner>
            <ID>00220120222</ID>
            <DisplayName>00220120222</DisplayName>
        </Owner>
        <AccessControlList>
            <Grant>public-read </Grant>
        </AccessControlList>
    </AccessControlPolicy>
  • Example of a request initiated to obtain the ACL for a specified version of the target object:
    GET /example?acl&versionId=CAEQMhiBgMC1qpSD0BYiIGQ0ZmI5ZDEyYWVkNTQwMjBiNTliY2NjNmY3ZTVk**** HTTP/1.1
    Host: oss-example.oss-cn-hangzhou.aliyuncs.com
    Date: Tue, 09 Apr 2019 06:30:10 GMT
    Authorization: OSS qctg2ns3l8u51iu:w4DK66Kb/0M9GJKdsrpNs8l1****

    Response example:

    HTTP/1.1 200 OK
    x-oss-version-id: CAEQMhiBgMC1qpSD0BYiIGQ0ZmI5ZDEyYWVkNTQwMjBiNTliY2NjNmY3ZTVk****
    x-oss-request-id: 5CAC3BF2B7AEADE017000621
    Date: Tue, 09 Apr 2019 06:30:10 GMT
    Content-Length: 261
    Content-Tupe: application/xml
    Connection: keep-alive
    Server: AliyunOSS
    <?xml version="1.0" encoding="UTF-8"?>
    <AccessControlPolicy>
      <Owner>
        <ID>1234513715092****</ID>
        <DisplayName>1234513715092****</DisplayName>
      </Owner>
      <AccessControlList>
        <Grant>public-read</Grant>
      </AccessControlList>
    </AccessControlPolicy>

SDK

The SDKs of this API are as follows:

Error codes

Error code HTTP Status code Error message Description
AccessDenied 403 You do not have read acl permission on this object.

You do not have the permission to perform the GetObjectACL operation. Only the bucket owner can call GetObjectACL to obtain the ACL for an object in the bucket.