Use C# SDK V2 to set and get the access control list (ACL) of an OSS object.
Prerequisites
Before you begin, ensure that you have:
The
oss:PutObjectAclpermission to set an object ACLThe
oss:GetObjectAclpermission to get an object ACL
For details, see Grant custom permissions to a RAM user.
ACL types
Each object supports four ACL types:
| Access permission | Description | ACL value |
|---|---|---|
| Inherit from bucket | The object inherits the ACL of its bucket. | default |
| Private | Only the object owner and authorized users have read and write permissions. Other users have no access. | private |
| Public-read | Only the object owner and authorized users have read and write permissions. Other users have read-only access. Use this permission with caution. | public-read |
| Public-read-write | All users have read and write permissions. Use this permission with caution. | public-read-write |
An object's ACL takes priority over the bucket ACL. For example, if the bucket ACL is private and the object ACL is public-read-write, all users have read and write permissions on the object. If no ACL is set on an object, the object inherits the bucket ACL.
Set and get an object ACL
The sample code uses the China (Hangzhou) region (cn-hangzhou) with the public endpoint. To access OSS from other Alibaba Cloud services in the same region, use the internal endpoint instead. For supported regions and endpoints, see Regions and endpoints.
using OSS = AlibabaCloud.OSS.V2; // Alias for the Alibaba Cloud OSS SDK.
var region = "cn-hangzhou"; // Region where the bucket is located.
var endpoint = null as string; // Optional. Overrides the default endpoint when specified.
var bucket = "<your-bucket-name>"; // Name of the bucket.
var key = "<your-object-name>"; // Name of the object.
var acl = "<acl-value>"; // ACL to set: default, private, public-read, or public-read-write.
// Load default SDK configuration. Reads credentials from environment variables
// OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET.
var cfg = OSS.Configuration.LoadDefault();
cfg.CredentialsProvider = new OSS.Credentials.EnvironmentVariableCredentialsProvider();
cfg.Region = region;
if (endpoint != null)
{
cfg.Endpoint = endpoint;
}
// Create the OSS client.
using var client = new OSS.Client(cfg);
// Set the object ACL.
var result1 = await client.PutObjectAclAsync(new OSS.Models.PutObjectAclRequest()
{
Bucket = bucket,
Key = key,
Acl = acl,
});
// Get the object ACL.
var result2 = await client.GetObjectAclAsync(new OSS.Models.GetObjectAclRequest()
{
Bucket = bucket,
Key = key,
});
// Print the result.
Console.WriteLine("GetObjectAcl done");
Console.WriteLine($"HTTP status code: {result2.StatusCode}");
Console.WriteLine($"Request ID: {result2.RequestId}");
Console.WriteLine("Response headers:");
result2.Headers.ToList().ForEach(x => Console.WriteLine(x.Key + " : " + x.Value));
Console.WriteLine($"ACL: {result2.Acl}");Replace the following placeholders with actual values:
| Placeholder | Description | Example |
|---|---|---|
<your-bucket-name> | Name of the bucket | my-bucket |
<your-object-name> | Name of the object | example/photo.jpg |
<acl-value> | ACL to apply | private |
References
Full sample code for setting an object ACL: PutObjectAcl.cs
Full sample code for getting an object ACL: GetObjectAcl.cs