edit-icon download-icon

Set access permissions

Last Updated: Dec 22, 2017

OSS allows you to set access permissions for buckets and objects respectively. This helps you to conveniently control external access to your resources. A bucket is enabled with three types of access permissions:

  • public-read-write: Anonymous users are allowed to create/retrieve/delete objects in the bucket.
  • public-read: Anonymous users are allowed to retrieve objects in the bucket.
  • private: Anonymous users are not allowed to access objects in the bucket. Signature is required for all accesses.

When a bucket is created, the private permission applies by default. You can use bucket.acl= to set the ACL of the bucket.

  1. require 'aliyun/oss'
  2. client = Aliyun::OSS::Client.new(
  3. endpoint: 'endpoint',
  4. access_key_id: 'AccessKeyId', access_key_secret: 'AccessKeySecret')
  5. bucket = client.get_bucket('my-bucket')
  6. puts bucket.acl

An object is enabled with four types of access permissions:

  • default: The object inherits the access permissions of the bucket it belongs to, that is, the access permission of the object is same as the bucket where the object is stored.
  • public-read-write: Anonymous users are allowed to read/write the object.
  • public-read: Anonymous users are allowed to read the object.
  • private: Anonymous users are not allowed to access objects in the bucket. Signature is required for all accesses.

When an object is created, the default permission applies by default. You can use bucket.set_object_acl to configure the ACL of the object.

  1. require 'aliyun/oss'
  2. client = Aliyun::OSS::Client.new(
  3. endpoint: 'endpoint',
  4. access_key_id: 'AccessKeyId', access_key_secret: 'AccessKeySecret')
  5. bucket = client.get_bucket('my-bucket')
  6. acl = bucket.get_object_acl('my-object')
  7. puts acl # default
  8. bucket.set_object_acl('my-object', Aliyun::OSS::ACL::PUBLIC_READ)
  9. acl = bucket.get_object_acl('my-object')
  10. puts acl # public-read

Note:

  • If an object is configured with an ACL policy (not default), the object ACL takes priority during permission authentication when the object is accessed. The bucket ACL is ignored.

  • If anonymous access is allowed (public-read or public-read-write is configured for the object), you can directly access the object using a browser. For example:

    1. http://bucket-name.oss-cn-hangzhou.aliyuncs.com/object.jpg
  • A bucket or an object with the public permission can be accessed by an anonymous client:

    1. require 'aliyun/oss'
    2. # If access_key_id and access_key_secret are not specified, an anonymous client is created. The client can access only
    3. # the buckets and objects with the public permission.
    4. client = Aliyun::OSS::Client.new(endpoint: 'endpoint')
    5. bucket = client.get_bucket('my-bucket')
    6. bucket.get_object('my-object', :file => 'local_file')

    For more information about ACL, see Access Control.

Thank you! We've received your feedback.