Object Storage Service:Manage object ACLs (C# SDK V2)

Notes

• The sample code in this topic uses the China (Hangzhou) region (cn-hangzhou) as an example. By default, the public endpoint is used. If you want to access OSS from other Alibaba Cloud services in the same region, use an internal endpoint. For more information about the regions and endpoints that OSS supports, see Regions and endpoints.

• To set the ACL of an object, you must have the oss:PutObjectAcl permission. To obtain the ACL of an object, you must have the oss:GetObjectAcl permission. For more information, see Grant custom permissions to a RAM user.

ACL types

Objects have the following four types of ACLs:

An object's ACL has a higher priority than the ACL of the bucket that contains the object. For example, if a bucket's ACL is private and the ACL of an object in the bucket is public-read-write, all users have read and write permissions on the object. If you do not configure an ACL for an object, the object inherits the ACL of its bucket.

Sample code

You can use the following code to set and obtain the ACL of an object.

using OSS = AlibabaCloud.OSS.V2;  // Create an alias for Alibaba Cloud OSS SDK to simplify subsequent use.

var region = "cn-hangzhou";  // Required. Set the region where the bucket is located. In this example, the region is set to China (Hangzhou), and the region ID is set to cn-hangzhou.
var endpoint = null as string;  // Optional. Specify the endpoint that is used to access OSS. In this example, the endpoint is set to https://oss-cn-hangzhou.aliyuncs.com.
var bucket = "your bucket name";  // Required. The name of the destination bucket.
var key = "your object name";  // Required. The name of the destination object.
var acl = "your object Acl";  // Required. The ACL of the destination object. Valid values: default, private, public-read, and public-read-write.

// Load the default configurations of the OSS SDK. The configurations automatically read credential information such as AccessKeys from environment variables.
var cfg = OSS.Configuration.LoadDefault();
// Explicitly set the use of environment variables to obtain credentials for identity verification. Format: OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET.
cfg.CredentialsProvider = new OSS.Credentials.EnvironmentVariableCredentialsProvider();
// Set the region of the bucket in the configuration.
cfg.Region = region;   
// If an endpoint is specified, it overwrites the default endpoint. 
if(endpoint != null) 
{
    cfg.Endpoint = endpoint;
} 

// Create an OSS client instance using the configuration information.
using var client = new OSS.Client(cfg); 

// Call the PutObjectAclAsync method to set the ACL of the destination object.
var result1 = await client.PutObjectAclAsync(new OSS.Models.PutObjectAclRequest()
{
    Bucket = bucket,
    Key = key,
    Acl = acl,
});

// Call the GetObjectAclAsync method to obtain the ACL information of the destination object.
var result2 = await client.GetObjectAclAsync(new OSS.Models.GetObjectAclRequest()
{
    Bucket = bucket,
    Key = key,
});

// Print the result information.
Console.WriteLine("GetObjectAcl done");  // A message indicating that the operation is complete.
Console.WriteLine($"StatusCode: {result2.StatusCode}");  // The HTTP status code.
Console.WriteLine($"RequestId: {result2.RequestId}");  // The request ID, which is used for troubleshooting in Alibaba Cloud.
Console.WriteLine("Response Headers:");  // The response header information.
result2.Headers.ToList().ForEach(x => Console.WriteLine(x.Key + " : " + x.Value));  // Traverse and print all response headers.
Console.WriteLine($"Acl: {result2.Acl}");   // The ACL information of the destination object.

References

• For the complete sample code for setting the ACL of an object, see PutObjectAcl.cs.

• For the complete sample code for obtaining the ACL of an object, see GetObjectAcl.cs.