This topic describes how to manage the access control lists (ACLs) of objects in a versioned bucket.

Configure the ACL of an object

By default, the PutObjectACL operation configures the ACL of the current version of an object. If the current version of the object is a delete marker, Object Storage Service (OSS) returns 404 Not Found. You can specify a version ID in the request to configure the ACL of a specified version of an object.

The following code provides an example on how to configure the ACL of an object:
# -*- coding: utf-8 -*-
import oss2
# The AccessKey pair of an Alibaba Cloud account has permissions on all API operations. Using these credentials to perform operations in OSS is a high-risk operation. We recommend that you use a RAM user to call API operations or perform routine O&M. To create a RAM user, log on to the RAM console. 
auth = oss2.Auth('yourAccessKeyId', 'yourAccessKeySecret')
# Specify the endpoint of the region in which the bucket is located. For example, if the bucket is located in the China (Hangzhou) region, set the endpoint to https://oss-cn-hangzhou.aliyuncs.com. 
# Specify the bucket name. Example: examplebucket. 
bucket = oss2.Bucket(auth, 'https://oss-cn-hangzhou.aliyuncs.com', 'examplebucket')

# Change the ACL of the specified version of an object. In this example, the ACL of the specified version of an object is changed to public read. 
params = dict()
params['versionId'] = 'yourObjectVersionId'
result = bucket.put_object_acl('yourObjectName', oss2.OBJECT_ACL_PUBLIC_READ, params = params)
# Query the version ID of the object whose ACL is changed. 
print('set acl object versionid:', result.versionid)

Query the ACL of an object

By default, the GetObjectACL operation queries the ACL of the current version of an object. If the current version of the object is a delete marker, OSS returns 404 Not Found. You can specify a version ID in the request to query the ACL of the specified version of an object.

The following code provides an example on how to query the ACL of an object:
# -*- coding: utf-8 -*-
import oss2
# The AccessKey pair of an Alibaba Cloud account has permissions on all API operations. Using these credentials to perform operations in OSS is a high-risk operation. We recommend that you use a RAM user to call API operations or perform routine O&M. To create a RAM user, log on to the RAM console. 
auth = oss2.Auth('yourAccessKeyId', 'yourAccessKeySecret')
# Specify the endpoint of the region in which the bucket is located. For example, if the bucket is located in the China (Hangzhou) region, set the endpoint to https://oss-cn-hangzhou.aliyuncs.com. 
# Specify the bucket name. Example: examplebucket. 
bucket = oss2.Bucket(auth, 'https://oss-cn-hangzhou.aliyuncs.com', 'examplebucket')

# Query the ACL of the specified version of an object. 
params = dict()
params['versionId'] = 'yourObjectVersionId'
result = bucket.get_object_acl('yourObjectName', params = params)
# Display the ACL. 
print('get object acl :', result.acl)
# Display the version ID of the object whose ACL is queried. 
print('object version id:', result.versionid)

References

  • For more information about the API operation that you can call to configure the ACL of an object, see PutObjectACL.
  • For more information about the API operation that you can call to query the ACL of an object, see GetObjectACL.