Obtains the ACL for an object in a bucket.

Versioning

GetObjectACL obtains the ACL for the current version of the target object by default. If the current version of the object is a delete marker, the 404 Not Found error is returned. You can specify the versionId in the request to obtain the ACL for a specified version of the target object.

Note If the ACL for an object has not been set, the ObjectACL in the response to the GetObjectACL request is default, which indicates that the ACL for the object is the same as that for the bucket. For example, if the ACL for the bucket is private, the ACL for the object is also private.

Request syntax 

GET /ObjectName?acl HTTP/1.1
Host: BucketName.oss-cn-hangzhou.aliyuncs.com
Date: GMT Date
Authorization: SignatureValue

Response elements

Element Type Description
AccessControlList Container Specifies the container used to store the ACL information.

Parent node: AccessControlPolicy
AccessControlPolicy Container Specifies the container that stores the returned result of the GetObjectACL request.

Parent node: None
DisplayName String Indicates the name of the bucket owner, which is the same as the value of ID.

Parent node: AccessControlPolicy.Owner
Grant Enumerated string Indicates the ACL for the object.

Valid values: private, public-read, and public-read-write

Parent node: AccessControlPolicy.AccessControlList
ID String Indicates the user ID of the bucket owner.

Parent node: AccessControlPolicy.Owner
Owner Container Specifies the container used to store the information about the bucket owner.

Parent node: AccessControlPolicy

Examples

  • Normal request example: 
    GET /test-object?acl HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Date: Wed, 29 Apr 2015 05:21:12 GMT
Authorization: OSS qn6qrrqxo2oawuk53otfjbyc:CTkuxpLAi4XZ+WwIfNm0Fmgb****

    Response example:

    HTTP/1.1 200 OK
x-oss-request-id: 559CC9BDC755F95A64485981
Date: Wed, 29 Apr 2015 05:21:12 GMT
Content-Length: 253
Content-Tupe: application/xml
Connection: keep-alive
Server: AliyunOSS
<?xml version="1.0" ?>
<AccessControlPolicy>
    <Owner>
        <ID>00220120222</ID>
        <DisplayName>00220120222</DisplayName>
    </Owner>
    <AccessControlList>
        <Grant>public-read </Grant>
    </AccessControlList>
</AccessControlPolicy>
  • Example of a request initiated to obtain the ACL for a specified version of the target object: 
    GET /example?acl&versionId=CAEQMhiBgMC1qpSD0BYiIGQ0ZmI5ZDEyYWVkNTQwMjBiNTliY2NjNmY3ZTVk**** HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Date: Tue, 09 Apr 2019 06:30:10 GMT
Authorization: OSS qctg2ns3l8u51iu:w4DK66Kb/0M9GJKdsrpNs8l1****

    Response example:

    HTTP/1.1 200 OK
x-oss-version-id: CAEQMhiBgMC1qpSD0BYiIGQ0ZmI5ZDEyYWVkNTQwMjBiNTliY2NjNmY3ZTVk****
x-oss-request-id: 5CAC3BF2B7AEADE017000621
Date: Tue, 09 Apr 2019 06:30:10 GMT
Content-Length: 261
Content-Tupe: application/xml
Connection: keep-alive
Server: AliyunOSS
<?xml version="1.0" encoding="UTF-8"?>
<AccessControlPolicy>
  <Owner>
    <ID>1234513715092****</ID>
    <DisplayName>1234513715092****</DisplayName>
  </Owner>
  <AccessControlList>
    <Grant>public-read</Grant>
  </AccessControlList>
</AccessControlPolicy>

SDK

The SDKs of this API are as follows:

Error codes

Error code HTTP Status code Error message Description
AccessDenied 403 You do not have read acl permission on this object.

You do not have the permission to perform the GetObjectACL operation. Only the bucket owner can call GetObjectACL to obtain the ACL for an object in the bucket.