OSS provides an Access Control List (ACL)  for permission control. You can configure an ACL when uploading a file and change the ACL after uploading the file.  If no ACL is configured, the default value is Private.

The OSS ACL provides bucket- and file-level access control. Currently, three access permissions are available:

  • Private: Only the creator of the bucket can perform read and write operations on the files in the bucket. Other users cannot access those files.
    • If the read and write permissions of the bucket are “Private”, you must set a link validity period when obtaining the file access URL.
    • The validity period for URL signature links is calculated based on NTP.  You can give this link to any visitor who can then use it to access the file within the validity period. If the bucket has a private permission,  the obtained addresses are generated using the Add a signature to a URL.
  • Public Read: Only the owner of the bucket can perform write operations on the files in the bucket. Anyone (including anonymous visitors) can perform read operations on the files.
  • Public Read/Write: Anyone (including anonymous visitors) can perform read and write operators on the files in the bucket. Use this permission with caution because the fees incurred by these operations are borne by the owner of the bucket.

Procedure

  1. Log on to the OSS console.
  2. In the left-side bucket list, click the name of the target bucket to open the overview page of the bucket.
  3. Click the Files tab.
  4. Click the name of the target file to open the Preview page of the file.
  5. Click Set ACL to change the read and write permissions of the file. 
    • If the read and write permissions of the bucket are Private, you must set a  link validity period when obtaining the file access URL.
    • On the Preview page of the target file, enter  link validity period (in seconds) in the Signature field.
  6. Click OK.