Access control lists (ACLs) can be used to define the access permissions of users or user groups on data stored in Object Storage Service (OSS). After a request is sent to access data stored in OSS, OSS checks the ACL of the data and verifies whether the requester has required permissions. You can configure the ACL of an object when you upload the object or modify the ACL of an uploaded object.

Prerequisites

  • A bucket is created. For more information, see Create buckets.
  • Objects are uploaded to the bucket. For more information, see Upload objects.

Usage notes

  • If you do not set the object ACL, the object ACL is default. In that case, the ACL of the object is the same as that of the bucket in which the object is stored.
  • If you set the object ACL to a value that is different from the bucket ACL, the object ACL takes precedence. For example, if the ACL of an object is set to public read, all authenticated and anonymous users can read the object regardless of the bucket ACL.

ACL types

The following table describes object ACL types.

ACL Description
public-read-write Public read/write: All users, including anonymous users, can perform read and write operations on objects in the bucket.
Warning When you set the object ACL to this value, all users can access the object over the Internet and write data to the object. This may result in unexpected access to the data in your bucket and unexpectedly high fees. If a user uploads prohibited data or information, your legitimate interests and rights may be infringed. Therefore, we recommend that you do not set the object ACL to public read/write except in special cases.
public-read Only the bucket owner can write data to the object. Other users, including anonymous users, can only read the object.
Warning All users can access the object over the Internet. This may result in unexpected access to the data in your bucket and unexpectedly high fees. Exercise caution when you set the object ACL to public read.
private Private: Only the bucket owner is allowed to perform read and write permissions on the object. Other users cannot access the object.
Note You can configure and send the object URL to share your private objects with your partners. For more information, see Add signatures to URLs.
default Default value: The ACL of the object is the same as that of the bucket in which the object is stored.

Procedure

  1. Log on to the OSS console.
  2. In the left-side navigation pane, click Buckets. On the Buckets page, click the name of the bucket for which you want to modify the ACL.
  3. In the left-side navigation pane, click Files.
  4. Select the object for which you want to modify the ACL. Click the name of the object. In the View Details panel, Click Set ACL.
    Alternatively, move the pointer over More in the Actions column of the object and choose Set ACL from the shortcut menu.
  5. In the Set ACL panel, modify the ACL of the object.
  6. Click OK.