A bucket is a container used to store objects in Object Storage Service (OSS). Every object is contained in a bucket. This topic describes how to configure and query the access control list (ACL) of a bucket.

Configure the ACL of a bucket

The following table describes the bucket ACLs.

ACL Description Method
Private Only the owner or authorized users of the bucket have the read and write permissions on objects in the bucket. Other users cannot access the objects in the bucket. CannedAccessControlList.Private
Public read Only the owner or authorized users of the bucket have the read and write permissions on objects in the bucket. Other users have only the read permissions on the objects in the bucket. Exercise caution when you use this permission. CannedAccessControlList.PublicRead
Public read/write All users have the read and write permissions on the objects in the bucket. Exercise caution when you use this permission. CannedAccessControlList.PublicReadWrite

The following code provides an example on how to configure the access control list (ACL) of a bucket:

using Aliyun.OSS;

// Specify the endpoint of the region in which the bucket is located. For example, if the bucket is located in the China (Hangzhou) region, set the endpoint to https://oss-cn-hangzhou.aliyuncs.com. 
var endpoint = "yourEndpoint";
// The AccessKey pair of an Alibaba Cloud account has permissions on all API operations. Using these credentials to perform operations in OSS is a high-risk operation. We recommend that you use a RAM user to call API operations or perform routine O&M. To create a RAM user, log on to the RAM console. 
var accessKeyId = "yourAccessKeyId";
var accessKeySecret = "yourAccessKeySecret";
// Set yourBucketName to the name of your bucket. 
var bucketName = "yourBucketName";

// Initialize an OSSClient instance. 
var client = new OssClient(endpoint, accessKeyId, accessKeySecret);

public void SetBucketAcl(string bucketName)
{
    try
    {
        // Set the ACL of the bucket to public read. 
        client.SetBucketAcl(bucketName, CannedAccessControlList.PublicRead);
        Console.WriteLine("Set bucket ACL succeeded");
    }
    catch (Exception ex)
    {
        Console.WriteLine("Set bucket ACL failed. {0}", ex.Message);
    }
}

Query the ACL of a bucket

The following code provides an example on how to query the ACL of a bucket:

using Aliyun.OSS;
// Specify the endpoint of the region in which the bucket is located. For example, if the bucket is located in the China (Hangzhou) region, set the endpoint to https://oss-cn-hangzhou.aliyuncs.com. 
var endpoint = "yourEndpoint";
// The AccessKey pair of an Alibaba Cloud account has permissions on all API operations. Using these credentials to perform operations in OSS is a high-risk operation. We recommend that you use a RAM user to call API operations or perform routine O&M. To create a RAM user, log on to the RAM console. 
var accessKeyId = "yourAccessKeyId";
var accessKeySecret = "yourAccessKeySecret";
// Initialize an OSSClient instance. 
var client = new OssClient(endpoint, accessKeyId, accessKeySecret);

// Query the ACL of the bucket. 
public void GetBucketAcl(string bucketName)
{
    try
    {  
        // Set yourBucketName to the name of your bucket. 
        string bucketName = "yourBucketName";
        var acl = client.GetBucketAcl(bucketName);

        Console.WriteLine("Get bucket ACL success", acl.ACL.ToString());
    }
    catch (Exception ex)
    {
        Console.WriteLine("Get bucket ACL failed. {0}", ex.Message);
    }
}

References

  • For the complete sample code that is used to configure the ACL of a bucket, visit GitHub.
  • For the complete sample code that is used to query the ACL of a bucket, visit GitHub.
  • For more information about the API operation that you can call to configure the ACL of a bucket, see PutBucketAcl.
  • For more information about the API operation that you can call to query the ACL of a bucket, see GetBucketAcl.