This topic describes how to manage the access control lists (ACLs) of objects.

The following table describes the ACLs that you can configure for an object.

Permission Description Value
Inherited from the bucket The ACL of an object is the same as the ACL of the bucket in which the object is stored. CannedAccessControlList::Default
Private Only the object owner and authorized users have read and write permissions on the object. Other users cannot access the object. CannedAccessControlList::Private
Public read Only the object owner and authorized users have read and write permissions on the object. Other users have only read permissions on the object. Exercise caution when you use this permission. CannedAccessControlList::PublicRead
Public read/write All users have read and write permissions on the object. Exercise caution when you use this permission. CannedAccessControlList::PublicReadWrite

The ACL of an object takes precedence over the ACL of the bucket in which the object is stored. For example, if the ACL of an object in a private bucket is public read/write, all users have read and write permissions on the object. If you do not configure the ACL of an object, the ACL of the object is the same as the ACL of the bucket in which the object is stored.

Configure the ACL of an object

The following code provides an example on how to configure the ACL of a specified object:

#include <alibabacloud/oss/OssClient.h>
using namespace AlibabaCloud::OSS;

int main(void)
{
    /* Initialize the information about the account that is used to access Object Storage Service (OSS). */
    std::string AccessKeyId = "yourAccessKeyId";
    std::string AccessKeySecret = "yourAccessKeySecret";
    std::string Endpoint = "yourEndpoint";
    std::string BucketName = "yourBucketName";
    std::string ObjectName = "yourObjectName";


    /* Initialize resources such as networks. */
    InitializeSdk();

    ClientConfiguration conf;
    OssClient client(Endpoint, AccessKeyId, AccessKeySecret, conf);

    /* Configure the ACL of the object. */
    SetObjectAclRequest request(BucketName, ObjectName);
    request.setAcl(CannedAccessControlList::Private);
    auto outcome = client.SetObjectAcl(request);

    if (!outcome.isSuccess()) {
        /* Handle exceptions. */
        std::cout << "SetObjectAcl fail" <<
        ",code:" << outcome.error().Code() <<
        ",message:" << outcome.error().Message() <<
        ",requestId:" << outcome.error().RequestId() << std::endl;
        ShutdownSdk();
        return -1;
    }

    /* Release resources such as networks. */
    ShutdownSdk();
    return 0;
}

Obtain the ACL of an object.

The following code provides an example on how to query the ACL of a specified object:

#include <alibabacloud/oss/OssClient.h>
using namespace AlibabaCloud::OSS;

int main(void)
{
    /* Initialize the information about the account that is used to access OSS. */
    std::string AccessKeyId = "yourAccessKeyId";
    std::string AccessKeySecret = "yourAccessKeySecret";
    std::string Endpoint = "yourEndpoint";
    std::string BucketName = "yourBucketName";
    std::string ObjectName = "yourObjectName";

    /* Initialize resources such as networks. */
    InitializeSdk();

    ClientConfiguration conf;
    OssClient client(Endpoint, AccessKeyId, AccessKeySecret, conf);

    /*Obtain the ACL of the object. */
    GetObjectAclRequest request(BucketName, ObjectName);
    auto outcome = client.GetObjectAcl(request);

    if (!outcome.isSuccess()) {
        /* Handle exceptions. */
        std::cout << "GetObjectAcl fail" <<
        ",code:" << outcome.error().Code() <<
        ",message:" << outcome.error().Message() <<
        ",requestId:" << outcome.error().RequestId() << std::endl;
        ShutdownSdk();
        return -1;
    }
    else { 
        std::cout << " GetObjectAcl success, Acl:" << outcome.result().Acl() << std::endl;
    }

    /* Release resources such as networks. */
    ShutdownSdk();
    return 0;
}