All Products
Search
Document Center

Object Storage Service:Manage the access control list of a bucket (Python SDK V2)

Last Updated:Jun 17, 2026

Set and retrieve the access control list (ACL) of a bucket by using OSS SDK for Python V2.

Notes

  • The sample code in this topic uses the cn-hangzhou region ID as an example and uses a public endpoint by default. To access OSS from other Alibaba Cloud services in the same region, use an internal endpoint. For more information, see OSS regions and endpoints.

  • You must have the oss:PutBucketAcl permission to set the ACL of a bucket and the oss:GetBucketAcl permission to retrieve the ACL of a bucket. For more information, see Grant custom policies to RAM users.

Method definition

Set bucket access control list

put_bucket_acl(request: PutBucketAclRequest, **kwargs) → PutBucketAclResult

Obtain bucket access control list

get_bucket_acl(request: GetBucketAclRequest, **kwargs) → GetBucketAclResult

Request parameter list

Parameter name

Type

Description

request

PutBucketAclRequest

Request parameters. For more information, see PutBucketAclRequest

GetBucketAclRequest

Request parameters. For more information, see GetBucketAclRequest

Return value list

Type

Description

GetBucketAclResult

The return value. For more information, see GetBucketAclResult

PutBucketAclResult

The return value. For more information, see PutBucketAclResult

For the complete definition of the method to set the bucket ACL, see put_bucket_acl.

For the complete definition of the method to retrieve the bucket ACL, see get_bucket_acl.

Types of bucket access control list

Bucket ACLs fall into the following three types:

Access control list

Description

Permission value

Private

Only the bucket owner and authorized users can perform read and write operations on objects in the bucket. Other users cannot access the objects in the bucket.

private

Public read

Only the bucket owner and authorized users can perform read and write operations on objects in the bucket. Other users, including anonymous users, can only read objects in the bucket. Exercise caution when you use this permission.

public-read

Public read-write

All users can perform read and write operations on objects in the bucket. Exercise caution when you use this permission.

public-read-write

Example code

The following sample code shows how to set and retrieve the bucket ACL.

import argparse
import alibabacloud_oss_v2 as oss

# Create a command line argument parser and add description information
parser = argparse.ArgumentParser(description="put bucket acl sample")
# Add required command line arguments: region, bucket, and acl
parser.add_argument('--region', help='The region in which the bucket is located.', required=True)
parser.add_argument('--bucket', help='The name of the bucket.', required=True)
# Add optional command line argument: endpoint, used to specify the domain name for other services to access OSS
parser.add_argument('--endpoint', help='The domain names that other services can use to access OSS')
# Add required command line argument: acl, used to specify the access permission ACL for the bucket, such as private, public-read, public-read-write
parser.add_argument('--acl', help='Specify the access permission ACL for the bucket.', required=True)

def main():
    # Parse command line arguments
    args = parser.parse_args()

    # Load authentication information from environment variables
    credentials_provider = oss.credentials.EnvironmentVariableCredentialsProvider()

    # Use SDK default configuration
    cfg = oss.config.load_default()
    # Set credentials provider
    cfg.credentials_provider = credentials_provider
    # Set region
    cfg.region = args.region
    # If endpoint is provided, update endpoint in the configuration
    if args.endpoint is not None:
        cfg.endpoint = args.endpoint

    # Create OSS client
    client = oss.Client(cfg)

    # Call put_bucket_acl method to set the bucket ACL
    result = client.put_bucket_acl(oss.PutBucketAclRequest(
        bucket=args.bucket,
        acl=args.acl,
    ))

    # Print the status code and request ID of the request
    print(f'status code: {result.status_code}, request id: {result.request_id}')

    # Obtain the ACL of the specified bucket
    result = client.get_bucket_acl(oss.GetBucketAclRequest(
        bucket=args.bucket,
    ))

    # Print the status code, request ID, and ACL information in the result
    print(f'status code: {result.status_code},'
          f' request id: {result.request_id},'
          f' acl: {result.acl},'
    )

if __name__ == "__main__":
    main()

References

  • For the complete example code to set the bucket ACL, see put_bucket_acl.py.

  • For the complete sample code that shows how to retrieve the ACL of a bucket, see get_bucket_acl.py.