All Products
Search
Document Center

Object Storage Service:Manage object ACLs (C# SDK V2)

Last Updated:Mar 20, 2026

Use C# SDK V2 to set and get the access control list (ACL) of an OSS object.

Prerequisites

Before you begin, ensure that you have:

  • The oss:PutObjectAcl permission to set an object ACL

  • The oss:GetObjectAcl permission to get an object ACL

For details, see Grant custom permissions to a RAM user.

ACL types

Each object supports four ACL types:

Access permissionDescriptionACL value
Inherit from bucketThe object inherits the ACL of its bucket.default
PrivateOnly the object owner and authorized users have read and write permissions. Other users have no access.private
Public-readOnly the object owner and authorized users have read and write permissions. Other users have read-only access. Use this permission with caution.public-read
Public-read-writeAll users have read and write permissions. Use this permission with caution.public-read-write

An object's ACL takes priority over the bucket ACL. For example, if the bucket ACL is private and the object ACL is public-read-write, all users have read and write permissions on the object. If no ACL is set on an object, the object inherits the bucket ACL.

Set and get an object ACL

The sample code uses the China (Hangzhou) region (cn-hangzhou) with the public endpoint. To access OSS from other Alibaba Cloud services in the same region, use the internal endpoint instead. For supported regions and endpoints, see Regions and endpoints.

using OSS = AlibabaCloud.OSS.V2;  // Alias for the Alibaba Cloud OSS SDK.

var region = "cn-hangzhou";       // Region where the bucket is located.
var endpoint = null as string;    // Optional. Overrides the default endpoint when specified.
var bucket = "<your-bucket-name>";  // Name of the bucket.
var key = "<your-object-name>";     // Name of the object.
var acl = "<acl-value>";            // ACL to set: default, private, public-read, or public-read-write.

// Load default SDK configuration. Reads credentials from environment variables
// OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET.
var cfg = OSS.Configuration.LoadDefault();
cfg.CredentialsProvider = new OSS.Credentials.EnvironmentVariableCredentialsProvider();
cfg.Region = region;

if (endpoint != null)
{
    cfg.Endpoint = endpoint;
}

// Create the OSS client.
using var client = new OSS.Client(cfg);

// Set the object ACL.
var result1 = await client.PutObjectAclAsync(new OSS.Models.PutObjectAclRequest()
{
    Bucket = bucket,
    Key = key,
    Acl = acl,
});

// Get the object ACL.
var result2 = await client.GetObjectAclAsync(new OSS.Models.GetObjectAclRequest()
{
    Bucket = bucket,
    Key = key,
});

// Print the result.
Console.WriteLine("GetObjectAcl done");
Console.WriteLine($"HTTP status code: {result2.StatusCode}");
Console.WriteLine($"Request ID: {result2.RequestId}");
Console.WriteLine("Response headers:");
result2.Headers.ToList().ForEach(x => Console.WriteLine(x.Key + " : " + x.Value));
Console.WriteLine($"ACL: {result2.Acl}");

Replace the following placeholders with actual values:

PlaceholderDescriptionExample
<your-bucket-name>Name of the bucketmy-bucket
<your-object-name>Name of the objectexample/photo.jpg
<acl-value>ACL to applyprivate

References