You can set the ACL of an object to one of the following value: Inherited from bucket, Private, Public Read, and Public Read/Write. This topic describes how to manage the ACL of an object.

Object ACLs

Permission Description Value
Inherited from bucket The ACL of an object complies with that of its bucket. default
Private Only the object owner or authorized users have read and write permissions on the object. private
Public Read Only the object owner or authorized users can write the object. Other users, including anonymous users can only read the object. Exercise caution when you use this operation. public-read
Public Read/Write Any users, including anonymous users can read and write the object. Exercise caution when you use this operation. public-read-write

The ACL privileges of objects take precedence over those of buckets. For example, if the ACL of a bucket is private and the ACL of an object that is stored in this bucket is public, all users can read and write the object. If the ACL of an object is not configured, the ACL of the object is the same as that of the bucket in which the object is stored.

Configure the ACL of an object

The following code provides an example on how to set the ACL of an object named exampleobject.txt in a bucket named examplebucket to private:

OSSPutObjectACLRequest *request = [OSSPutObjectACLRequest new];
// Specify the bucket name.
request.bucketName = @"examplebucket";
// Specify the complete path of the object, which does not include the bucket name.
request.objectKey = @"exampleobject.txt";
/**
 * Configure the object ACL.
 * public-read
 * private
 * public-read-write
 * default: inherited from the bucket
 */
request.acl = @"private";

OSSTask * putObjectACLTask = [client putObjectACL:request];
[putObjectACLTask continueWithBlock:^id(OSSTask *task) {
    if (!task.error) {
        NSLog(@"put object ACL success!");
    } else {
        NSLog(@"put object ACL failed, error: %@", task.error);
    }
    return nil;
}];

For more information about object ACLs, see PutObjectACL.

Query the ACL of an object

The following code provides an example on how to query the ACL of an object named exampleobject.txt in a bucket named examplebucket:

OSSGetObjectACLRequest *request = [OSSGetObjectACLRequest new];
// Specify the bucket name.
request.bucketName = @"examplebucket";
// Specify the complete path of the object, which does not include the bucket name.
request.objectName = @"exampleobject.txt";

OSSTask * getObjectACLTask = [client getObjectACL:request];
[getObjectACLTask continueWithBlock:^id(OSSTask *task) {
    if (!task.error) {
        OSSGetObjectACLResult *result = task.result;
        NSLog(@"objectACL: %@", result.grant);
    } else {
        NSLog(@"get object ACL failed, error: %@", task.error);
    }
    return nil;
}];

For more information about how to query object ACLs, see GetObjectACL.