A bucket is a container that stores objects. This topic describes how to use C# SDK V2 to set and obtain bucket access control lists (ACLs).
Precautions
The sample code in this topic uses the China (Hangzhou) region (
cn-hangzhou) as an example. By default, a public endpoint is used. If you want to access OSS from other Alibaba Cloud products in the same region, you can use an internal endpoint. For more information about the endpoints for each region, see OSS regions and endpoints.To set a bucket ACL, you must have the
oss:PutBucketAclpermission. To obtain a bucket ACL, you must have theoss:GetBucketAclpermission. For more information, see Grant custom permissions to a RAM user.
Bucket ACL types
Bucket ACLs include the following three types:
ACL | Description | Permission value |
private | The bucket owner and authorized users have read and write permissions on objects in the bucket. Other users cannot perform operations on the objects. | private |
public-read | The bucket owner and authorized users have read and write permissions on objects in the bucket. Other users have only read permissions. Use this permission with caution. | public-read |
public-read-write | All users have read and write permissions on objects in the bucket. Use this permission with caution. | public-read-write |
Sample code
The following sample code demonstrates how to set and obtain bucket ACLs.
using OSS = AlibabaCloud.OSS.V2; // Create an alias for Alibaba Cloud OSS SDK to simplify subsequent use.
var region = "cn-hangzhou"; // Required. The region where the bucket is located. For example, if the bucket is in the China (Hangzhou) region, set the Region to cn-hangzhou.
var endpoint = null as string; // Optional. The endpoint used to access OSS. For example, if the bucket is in the China (Hangzhou) region, set the Endpoint to https://oss-cn-hangzhou.aliyuncs.com.
var bucket = "your bucket name"; // Required. The bucket name.
var acl = "your bucket Acl"; // Required. The ACL of the destination bucket. Valid values: private, public-read, and public-read-write.
// Load the default configurations of the OSS SDK. The configurations automatically read credential information (such as AccessKey) from environment variables.
var cfg = OSS.Configuration.LoadDefault();
// Explicitly set the use of environment variables to obtain credentials for identity verification (format: OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET).
cfg.CredentialsProvider = new OSS.Credentials.EnvironmentVariableCredentialsProvider();
// Set the region of the bucket in the configuration.
cfg.Region = region;
// If an endpoint is specified, overwrite the default endpoint.
if(endpoint != null)
{
cfg.Endpoint = endpoint;
}
// Create an OSS client instance using the configuration information.
using var client = new OSS.Client(cfg);
// Call the PutBucketAclAsync method to set the ACL of the destination bucket.
var result1 = await client.PutBucketAclAsync(new OSS.Models.PutBucketAclRequest()
{
Bucket = bucket,
Acl = acl
});
// Call the GetBucketAclAsync method to obtain the ACL of the destination bucket.
var result2 = await client.GetBucketAclAsync(new OSS.Models.GetBucketAclRequest()
{
Bucket = bucket
});
// Print the result information.
Console.WriteLine("PutBucketAcl done"); // A message indicating that the operation is complete.
Console.WriteLine($"StatusCode: {result.StatusCode}"); // The HTTP status code.
Console.WriteLine($"RequestId: {result.RequestId}"); // The request ID, which is used for troubleshooting in Alibaba Cloud.
Console.WriteLine("Response Headers:"); // The response header information.
result.Headers.ToList().ForEach(x => Console.WriteLine(x.Key + " : " + x.Value)); // Traverse and print all response headers.
Console.WriteLine($"Acl: {result2.AccessControlPolicy!.AccessControlList!.Grant}"); // Print the ACL of the destination bucket.References
For the complete sample code to set bucket ACLs, see PutBucketAcl.cs.
For the complete sample code to obtain bucket ACLs, see GetBucketAcl.cs.