This topic describes how to manage the access control list (ACL) of an object.

The following table describes the ACLs that you can configure for an object.

Permission Description Value
Inherited from bucket The ACL of an object is the same as that of the bucket in which the object is stored. CannedAccessControlList.Default
Private Only the object owner or authorized users can read and write the object. CannedAccessControlList.Private
Public read Only the object owner or authorized users can write the object. Other users, including anonymous users can only read the object. Exercise caution when you configure this ACL. CannedAccessControlList.PublicRead
Public Any users, including anonymous users can read and write the object. Exercise caution when you configure this ACL. CannedAccessControlList.PublicReadWrite

The ACL of an object takes precedence over the ACL of the bucket in which the object is stored. For example, if the ACL of a bucket is private and the ACL of an object that is stored in this bucket is public, all users can read and write the object. If the ACL of an object is not configured, the ACL of the object is the same as that of the bucket in which the object is stored.

For the complete code used to configure the ACL of an object, visit GitHub. For the complete code used to query the ACL of an object, visit GitHub.

Run the following code to configure and query the ACL of the object.

using Aliyun.OSS;
using Aliyun.OSS.Common;

var endpoint = "<yourEndpoint>";
var accessKeyId = "<yourAccessKeyId>";
var accessKeySecret = "<yourAccessKeySecret>";
var bucketName = "<yourBucketName>";
var objectName = "<yourObjectName>";

// Create an OSSClient instance.
var client = new OssClient(endpoint, accessKeyId, accessKeySecret);
// Configure the object ACL.
try
{
    // Use SetObjectAcl to configure the ACL of the object.
    client.SetObjectAcl(bucketName, objectName, CannedAccessControlList.PublicRead);
    Console.WriteLine("Set Object:{0} ACL succeeded ", objectName);
}
catch (Exception ex)
{
    Console.WriteLine("Set Object ACL failed with error info: {0}", ex.Message);
}
// Query the ACL of the object.
try
{
    // Use GetObjectAcl to query the ACL of the object.
    var result = client.GetObjectAcl(bucketName, objectName);
    Console.WriteLine("Get Object ACL succeeded, Id: {0}  ACL: {1}",
        result.Owner.Id, result.ACL.ToString());
}
catch (OssException ex)
{
    Console.WriteLine("Failed with error code: {0}; Error info: {1}. \nRequestID: {2}\tHostID: {3}",
        ex.ErrorCode, ex.Message, ex.RequestId, ex.HostId);
}
catch (Exception ex)
{
    Console.WriteLine("Failed with error info: {0}", ex.Message);
}

For more information about object ACLs, see Overview.