The GetObjectACL operation is used to obtain the permission to access an object in a bucket.
Request syntax
GET /ObjectName? acl HTTP/1.1
Host: BucketName.oss-cn-hangzhou.aliyuncs.com
Date: GMT Date
Authorization: SignatureValueResponse elements
| Name | Type | Description |
|---|---|---|
| AccessControlList | Container | Container used for storing the ACL information Parent node: AccessControlPolicy |
| AccessControlPolicy | Container | Container that stores the Get Object ACL result Parent node: None |
| DisplayName | String | Name of the bucket owner (Currently is consistent with the ID) Parent node: AccessControlPolicy.Owner |
| Grant | Enumerating string | The ACL permission of an object Valid values: private, public-read, and public-read-write Parent node: AccessControlPolicy.AccessControlList |
| ID | String | User ID of the bucket owner Parent node: AccessControlPolicy.Owner |
| Owner | Container | Container used for saving the information about the bucket owner Parent node: AccessControlPolicy |
Detail analysis
- Only the bucket owner can use Get Object ACL to obtain the ACL of an object in the bucket. If you are not the bucket owner and send a Get Object ACL request, the system returns the 403 Forbidden message. Error code: AccessDenied. The message displayed is: You do not have read acl permission on this object.
- If a Get Object ACL request is sent but the ACL has never been set for the object, ObjectACL returned by OSS is default, indicating that the ACL of this object is the same as the bucket ACL. That is, if the access permission of the bucket is private, the access permission of this object is also private; if the access permission of the bucket is public-read-write, the access permission of this object is also public-read-write.
Example
Request example:
GET /test-object? acl HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Date: Wed, 29 Apr 2015 05:21:12 GMT
Authorization: OSS qn6qrrqxo2oawuk53otfjbyc:CTkuxpLAi4XZ+WwIfNm0FmgbrQ0=Response example:
HTTP/1.1 200 OK
x-oss-request-id: 559CC9BDC755F95A64485981
Date: Wed, 29 Apr 2015 05:21:12 GMT
Content-Length: 253
Content-Tupe: application/xml
Connection: keep-alive
Server: AliyunOSS
<? xml version="1.0" ? >
<AccessControlPolicy>
<Owner>
<ID>00220120222</ID>
<DisplayName>00220120222</DisplayName>
</Owner>
<AccessControlList>
<Grant>public-read </Grant>
</AccessControlList>
</AccessControlPolicy>