A bucket is a container used to store objects in Object Storage Service (OSS). Every object is contained in a bucket. This topic describes how to configure and query the access control list (ACL) of a bucket.

Configure the ACL of a bucket

The following table describes the bucket ACLs.

ACL Description Method
Private Only the owner or authorized users of the bucket have read and write permissions on objects in the bucket. Other users cannot access the objects in the bucket. OssClient::OSS_ACL_TYPE_PRIVATE
Public read Only the owner or authorized users of the bucket have read and write permissions on objects in the bucket. Other users have only read permissions on the objects in the bucket. Exercise caution when you set the bucket access control list (ACL) to public read. OssClient::OSS_ACL_TYPE_PUBLIC_READ
Public read/write All users have read and write permissions on objects in the bucket. Exercise caution when you set the bucket ACL to public read/write. OssClient::OSS_ACL_TYPE_PUBLIC_READ_WRITE

The following code provides an example on how to configure the ACL of a bucket:

<?php
if (is_file(__DIR__ . '/../autoload.php')) {
    require_once __DIR__ . '/../autoload.php';
}
if (is_file(__DIR__ . '/../vendor/autoload.php')) {
    require_once __DIR__ . '/../vendor/autoload.php';
}

use OSS\OssClient;
use OSS\Core\OssException;

// The AccessKey pair of an Alibaba Cloud account has permissions on all API operations. Using these credentials to perform operations in OSS is a high-risk operation. We recommend that you use a RAM user to call API operations or perform routine O&M. To create a RAM user, log on to the RAM console. 
$accessKeyId = "yourAccessKeyId";
$accessKeySecret = "yourAccessKeySecret";
// In this example, the endpoint of the China (Hangzhou) region is used. Specify your actual endpoint. 
$endpoint = "https://oss-cn-hangzhou.aliyuncs.com";
// Specify the bucket name. 
$bucket= "yourBucketName";
// Set the bucket ACL to private. 
$acl = OssClient::OSS_ACL_TYPE_PRIVATE;
try {
    $ossClient = new OssClient($accessKeyId, $accessKeySecret, $endpoint);

    $ossClient->putBucketAcl($bucket, $acl);
} catch (OssException $e) {
    printf(__FUNCTION__ . ": FAILED\n");
    printf($e->getMessage() . "\n");
    return;
}
print(__FUNCTION__ . ": OK" . "\n");

Query the ACL of a bucket

The following code provides an example on how to query the ACL of a bucket:

<?php
if (is_file(__DIR__ . '/../autoload.php')) {
    require_once __DIR__ . '/../autoload.php';
}
if (is_file(__DIR__ . '/../vendor/autoload.php')) {
    require_once __DIR__ . '/../vendor/autoload.php';
}

use OSS\OssClient;
use OSS\Core\OssException;

// The AccessKey pair of an Alibaba Cloud account has permissions on all API operations. Using these credentials to perform operations in OSS is a high-risk operation. We recommend that you use a RAM user to call API operations or perform routine O&M. To create a RAM user, log on to the RAM console. 
$accessKeyId = "yourAccessKeyId";
$accessKeySecret = "yourAccessKeySecret";
// In this example, the endpoint of the China (Hangzhou) region is used. Specify your actual endpoint. 
$endpoint = "https://oss-cn-hangzhou.aliyuncs.com";
// Specify the bucket name. 
$bucket= "yourBucketName";

try {
    $ossClient = new OssClient($accessKeyId, $accessKeySecret, $endpoint);
    // Query the ACL of the bucket. 
    $res = $ossClient->getBucketAcl($bucket);
} catch (OssException $e) {
    printf(__FUNCTION__ . ": FAILED\n");
    printf($e->getMessage() . "\n");
    return;
}
print(__FUNCTION__ . ": OK" . "\n");
print('acl: ' . $res);

References

  • For the complete sample code that is used to manage bucket ACLs, visit GitHub.
  • For more information about the API operation that you can call to configure the ACL of a bucket, see PutBucketAcl.
  • For more information about the API operation that you can call to query the ACL of a bucket, see GetBucketAcl.