For the complete code demo of ACL, see GitHub.

The following table describes the permissions included in the Access Control List (ACL) for an object.

Permission Description Value
default The ACL of an object is the same with that of its bucket. oss.ACLDefault
Private Only the object owner and authorized users can read and write the object. oss.ACLPrivate
Public read Only the object owner and authorized users can read and write the object. Other users can only read the object. Authorize this permission with caution. oss.ACLPublicRead
Public read-write All users can read and write the object. Authorize this permission with caution. oss.PublicReadWrite

The ACL privileges of objects take precedence over that of buckets. For example, if the ACL of a bucket is private, while the object ACL is public read-write, all users can read and write the object. If an object is not configured with an ACL, its ACL is the same as that of its bucket by default.

package main

import (
	"fmt"
	"os"
	"github.com/aliyun/aliyun-oss-go-sdk/oss"
)

func main() {
	// Create an OSSClient instance.
	client, err := oss.New("<yourEndpoint>", "<yourAccessKeyId>", "<yourAccessKeySecret>")
	if err ! = nil {
		fmt.Println("Error:", err)
		os.Exit(-1)
	}

	// Obtain the bucket.
	bucket, err := client.Bucket("<yourBucketName>")
	if err ! = nil {
		fmt.Println("Error:", err)
		os.Exit(-1)
	}

	// Configure an ACL for an object.
	err = bucket.SetObjectACL("<yourObjectName>", oss.ACLPublicReadWrite)
	if err ! = nil {
		fmt.Println("Error:", err)
		os.Exit(-1)
	}

	// Obtain the ALC for an object.
	aclRes, err := bucket.GetObjectACL("<yourObjectName>")
	if err ! = nil {
		fmt.Println("Error:", err)
		os.Exit(-1)
	}
	fmt.Println("Object ACL:", aclRes.ACL)
}