A bucket is a container for objects stored in Object Storage Service (OSS). Every object is contained in a bucket. This topic describes how to configure and query the access control list (ACL) of a bucket.

Configure the ACL of a bucket

The following table describes the bucket ACLs.

ACL Description Method
private Only the bucket owner and authorized users can perform read and write operations on objects in the bucket. Other users cannot access the objects in the bucket. CannedAccessControlList.Private
public read Only the bucket owner and authorized users of this bucket can perform read and write operations on objects in the bucket. Other users, including anonymous users, can only read objects in the bucket. Exercise caution when you set the bucket ACL to this value. CannedAccessControlList.PublicRead
public read/write All users, including anonymous users, can perform read and write operations on objects in the bucket. Exercise caution when you set the bucket ACL to this value. CannedAccessControlList.PublicReadWrite

The following code provides an example on how to configure ACL of a bucket:

using Aliyun.OSS;

// Set yourEndpoint to the endpoint of the region in which the bucket is located. For example, if the bucket is located in the China (Hangzhou) region, set yourEndpoint to https://oss-cn-hangzhou.aliyuncs.com. 
var endpoint = "yourEndpoint";
// Security risks may arise if you use the AccessKey pair of an Alibaba Cloud account to access OSS because the account has permissions on all API operations. We recommend that you use a RAM user to call API operations or perform routine O&M. To create a RAM user, log on to the RAM console. 
var accessKeyId = "yourAccessKeyId";
var accessKeySecret = "yourAccessKeySecret";
// Specify the name of the bucket. 
var bucketName = "yourBucketName";

// Initialize an OSSClient instance. 
var client = new OssClient(endpoint, accessKeyId, accessKeySecret);

public void SetBucketAcl(string bucketName)
{
    try
    {
        // Set the ACL of the bucket to public read. 
        client.SetBucketAcl(bucketName, CannedAccessControlList.PublicRead);
        Console.WriteLine("Set bucket ACL succeeded");
    }
    catch (Exception ex)
    {
        Console.WriteLine("Set bucket ACL failed. {0}", ex.Message);
    }
}
            

For more information about how to configure the ACL of a bucket, see PutBucketAcl.

Query the ACL of a bucket

The following code provides an example on how to query the ACL of a bucket:

using Aliyun.OSS;
// Set yourEndpoint to the endpoint of the region in which the bucket is located. For example, if the bucket is located in the China (Hangzhou) region, set yourEndpoint to https://oss-cn-hangzhou.aliyuncs.com. 
var endpoint = "yourEndpoint";
// Security risks may arise if you use the AccessKey pair of an Alibaba Cloud account to access OSS because the account has permissions on all API operations. We recommend that you use a RAM user to call API operations or perform routine O&M. To create a RAM user, log on to the RAM console. 
var accessKeyId = "yourAccessKeyId";
var accessKeySecret = "yourAccessKeySecret";
// Initialize an OSSClient instance. 
var client = new OssClient(endpoint, accessKeyId, accessKeySecret);

// Query the ACL of the bucket. 
public void GetBucketAcl(string bucketName)
{
    try
    {  
        // Specify the name of the bucket. 
        string bucketName = "yourBucketName";
        var acl = client.GetBucketAcl(bucketName);

        Console.WriteLine("Get bucket ACL success", acl.ACL.ToString());
    }
    catch (Exception ex)
    {
        Console.WriteLine("Get bucket ACL failed. {0}", ex.Message);
    }
}
            

For more information about how to query the ACL of a bucket, see GetBucketAcl.