All Products
Search

This Product

    Object Storage Service:Manage the access control list of a bucket (Python SDK V2)

    Document Center

    Object Storage Service:Manage the access control list of a bucket (Python SDK V2)

    Last Updated:Jul 31, 2025

    A bucket is a container for objects within OSS. This topic explains how to set and retrieve the access control list (ACL) of a bucket using the Python SDK V2.

    Notes

    • The sample code in this topic uses the cn-hangzhou region ID for China (Hangzhou) as an example. By default, a public endpoint is used. If you want to access OSS from other Alibaba Cloud services in the same region, use an internal endpoint. For more information about the regions and endpoints supported by OSS, see OSS regions and endpoints.

    • You must have the oss:PutBucketAcl permission to set the ACL of a bucket and the oss:GetBucketAcl permission to retrieve the ACL of a bucket. For more information, see Grant custom policies to RAM users.

    Method definition

    Set bucket access control list

    put_bucket_acl(request: PutBucketAclRequest, **kwargs) → PutBucketAclResult

    Obtain bucket access control list

    get_bucket_acl(request: GetBucketAclRequest, **kwargs) → GetBucketAclResult

    Request parameter list

    Parameter name

    Type

    Description

    request

    PutBucketAclRequest

    Set request parameters. For more information, see PutBucketAclRequest

    GetBucketAclRequest

    Set request parameters. For more information, see GetBucketAclRequest

    Return value list

    Type

    Description

    GetBucketAclResult

    Return value. For more information, see GetBucketAclResult

    PutBucketAclResult

    Return value. For more information, see PutBucketAclResult

    For the complete definition of the method to set the bucket ACL, see put_bucket_acl.

    For the complete definition of the method to retrieve the bucket ACL, see get_bucket_acl.

    Types of bucket access control list

    The bucket ACL includes the following three types:

    Access control list

    Description

    Permission value

    Private

    Only the bucket owner and authorized users can perform read and write operations on objects in the bucket. Other users cannot access the objects in the bucket.

    private

    Public read

    Only the bucket owner and authorized users can perform read and write operations on objects in the bucket. Other users, including anonymous users, can only read objects in the bucket. Exercise caution when you use this permission.

    public-read

    Public read-write

    All users can perform read and write operations on objects in the bucket. Exercise caution when you use this permission.

    public-read-write

    Example code

    You can use the code below to set and retrieve the bucket ACL.

    import argparse
import alibabacloud_oss_v2 as oss

# Create a command line argument parser and add description information
parser = argparse.ArgumentParser(description="put bucket acl sample")
# Add required command line arguments: region, bucket, and acl
parser.add_argument('--region', help='The region in which the bucket is located.', required=True)
parser.add_argument('--bucket', help='The name of the bucket.', required=True)
# Add optional command line argument: endpoint, used to specify the domain name for other services to access OSS
parser.add_argument('--endpoint', help='The domain names that other services can use to access OSS')
# Add required command line argument: acl, used to specify the access permission ACL for the bucket, such as private, public-read, public-read-write
parser.add_argument('--acl', help='Specify the access permission ACL for the bucket.', required=True)

def main():
    # Parse command line arguments
    args = parser.parse_args()

    # Load authentication information from environment variables
    credentials_provider = oss.credentials.EnvironmentVariableCredentialsProvider()

    # Use SDK default configuration
    cfg = oss.config.load_default()
    # Set credentials provider
    cfg.credentials_provider = credentials_provider
    # Set region
    cfg.region = args.region
    # If endpoint is provided, update endpoint in the configuration
    if args.endpoint is not None:
        cfg.endpoint = args.endpoint

    # Create OSS client
    client = oss.Client(cfg)

    # Call put_bucket_acl method to set the bucket ACL
    result = client.put_bucket_acl(oss.PutBucketAclRequest(
        bucket=args.bucket,
        acl=args.acl,
    ))

    # Print the status code and request ID of the request
    print(f'status code: {result.status_code}, request id: {result.request_id}')

    # Obtain the ACL of the specified bucket
    result = client.get_bucket_acl(oss.GetBucketAclRequest(
        bucket=args.bucket,
    ))

    # Print the status code, request ID, and ACL information in the result
    print(f'status code: {result.status_code},'
          f' request id: {result.request_id},'
          f' acl: {result.acl},'
    )

if __name__ == "__main__":
    main()

    References

    • For the complete example code to set the bucket ACL, see put_bucket_acl.py.

    • For the complete sample code that shows how to retrieve the ACL of a bucket, see get_bucket_acl.py.