Document Center

Get Object ACL

Last Updated: Mar 21, 2017

The Get Object ACL operation is used to obtain the permission to access an object in a bucket.

Request syntax

  1. GET /ObjectName?acl HTTP/1.1
  2. Host: BucketName.oss-cn-hangzhou.aliyuncs.com
  3. Date: GMT Date
  4. Authorization: SignatureValue

Response elements

Name Description
AccessControlList Container used for storing the ACL information
Type: container
Parent node: AccessControlPolicy
AccessControlPolicy Specify the container that stores the Get Object ACL result.
Type: container
Parent node: none
DisplayName Name of the bucket owner. (Consistent with the ID at present)
Type: string
Parent node: AccessControlPolicy.Owner
Grant Specify the ACL permission of an object.
Type: enumerative string
Valid values: private,public-read,public-read-write
Parent node: AccessControlPolicy.AccessControlList
ID User ID of the bucket owner
Type: string
Parent node: AccessControlPolicy.Owner
Owner Container used for saving the information about the bucket owner.
Type: container
Parent node: AccessControlPolicy

Detail analysis

  • Only the bucket owner can use Get Object ACL to obtain the ACL of an object in the bucket. If you are not the bucket owner and send a Get Object ACL request, the system will return the 403 Forbidden message. Error code: AccessDenied. The message displayed is: You do not have read acl permission on this object.
  • If a Get Object ACL request is sent but the ACL has never been set for the object, ObjectACL returned by the OSS is default, indicating that the ACL of this object is the same as the bucket ACL. That is, if the access permission of the bucket is private, the access permission of this object is also private; if the access permission of the bucket is public-read-write, the access permission of this object is also public-read-write.

Example

Request example:

  1. GET /test-object?acl HTTP/1.1
  2. Host: oss-example.oss-cn-hangzhou.aliyuncs.com
  3. Date: Wed, 29 Apr 2015 05:21:12 GMT
  4. Authorization: OSS qn6qrrqxo2oawuk53otfjbyc:CTkuxpLAi4XZ+WwIfNm0FmgbrQ0=

Response example:

  1. HTTP/1.1 200 OK
  2. x-oss-request-id: 559CC9BDC755F95A64485981
  3. Date: Wed, 29 Apr 2015 05:21:12 GMT
  4. Content-Length: 253
  5. Content-Tupe: application/xml
  6. Connection: keep-alive
  7. Server: AliyunOSS
  9. <?xml version="1.0" ?>
  10. <AccessControlPolicy>
  11.     <Owner>
  12.         <ID>00220120222</ID>
  13.         <DisplayName>00220120222</DisplayName>
  14.     </Owner>
  15.     <AccessControlList>
  16.         <Grant>public-read </Grant>
  17.     </AccessControlList>
  18. </AccessControlPolicy>
Thank you! We've received your feedback.