All Products
Search

This Product

    Object Storage Service:Manage bucket ACLs (C# SDK V1)

    Document Center

    Object Storage Service:Manage bucket ACLs (C# SDK V1)

    Last Updated:Mar 20, 2026

    OSS supports three canned access control list (ACL) values for buckets: Private, Public-read, and Public-read-write. Use the C# SDK V1 to set or get the ACL of a bucket programmatically.

    Prerequisites

    Before you begin, ensure that you have:

    • The oss:PutBucketAcl permission to set a bucket ACL, or the oss:GetBucketAcl permission to get a bucket ACL. For details, see Attach a custom policy to a RAM user

    • The OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables configured

    Usage notes

    • Examples in this topic use the public endpoint for China (Hangzhou): https://oss-cn-hangzhou.aliyuncs.com. To access OSS from another Alibaba Cloud service in the same region, use the internal endpoint instead. For a full list of endpoints, see Regions and endpoints.

    • The examples create an OSSClient instance using an OSS endpoint. To create an OSSClient instance using a custom domain name or Security Token Service (STS), see Initialization.

    Bucket ACL values

    ACLWho can read objectsWho can write objectsC# enum value
    PrivateBucket owner and authorized usersBucket owner and authorized usersCannedAccessControlList.Private
    Public-readAll usersBucket owner and authorized usersCannedAccessControlList.PublicRead
    Public-read-writeAll usersAll usersCannedAccessControlList.PublicReadWrite
    Warning

    Public-read and Public-read-write grant access to everyone on the internet. Use these ACL values only when public access is required.

    Set the ACL of a bucket

    The following example sets the ACL of a bucket to Public-read.

    using System;
using Aliyun.OSS;
using Aliyun.OSS.Common;

namespace Samples
{
    public class Program
    {
        public static void Main(string[] args)
        {
            // Specify the endpoint of the region where the bucket is located. For example, if the bucket is in the China (Hangzhou) region, set the endpoint to https://oss-cn-hangzhou.aliyuncs.com.
            var endpoint = "https://oss-cn-hangzhou.aliyuncs.com";
            // Obtain access credentials from environment variables. Before you run the sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are configured.
            var accessKeyId = Environment.GetEnvironmentVariable("OSS_ACCESS_KEY_ID");
            var accessKeySecret = Environment.GetEnvironmentVariable("OSS_ACCESS_KEY_SECRET");
            // Specify the bucket name. Example: examplebucket.
            var bucketName = "examplebucket";
            // Specify the region where the bucket is located. For example, if the bucket is in the China (Hangzhou) region, set the region to cn-hangzhou.
            const string region = "cn-hangzhou";
            // Create a ClientConfiguration instance and modify the default parameters as needed.
            var conf = new ClientConfiguration();
            // Use Signature V4.
            conf.SignatureVersion = SignatureVersion.V4;

            // Create an OssClient instance.
            var client = new OssClient(endpoint, accessKeyId, accessKeySecret, conf);
            client.SetRegion(region);

            try
            {
                // Set the bucket ACL to Public-read.
                client.SetBucketAcl(bucketName, CannedAccessControlList.PublicRead);
                Console.WriteLine("Set bucket ACL succeeded");
            }
            catch (Exception ex)
            {
                Console.WriteLine("Set bucket ACL failed. {0}", ex.Message);
            }
        }
    }
}

    For the complete sample, see SetObjectAclSample.cs on GitHub.

    Get the ACL of a bucket

    The following example retrieves and prints the ACL of a bucket.

    using System;
using Aliyun.OSS;
using Aliyun.OSS.Common;

namespace Samples
{
    public class Program
    {
        public static void Main(string[] args)
        {
            // Specify the endpoint of the region where the bucket is located. For example, if the bucket is in the China (Hangzhou) region, set the endpoint to https://oss-cn-hangzhou.aliyuncs.com.
            var endpoint = "https://oss-cn-hangzhou.aliyuncs.com";
            // Obtain access credentials from environment variables. Before you run the sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are configured.
            var accessKeyId = Environment.GetEnvironmentVariable("OSS_ACCESS_KEY_ID");
            var accessKeySecret = Environment.GetEnvironmentVariable("OSS_ACCESS_KEY_SECRET");
            // Specify the bucket name. Example: examplebucket.
            var bucketName = "examplebucket";
            // Specify the region where the bucket is located. For example, if the bucket is in the China (Hangzhou) region, set the region to cn-hangzhou.
            const string region = "cn-hangzhou";
            // Create a ClientConfiguration instance and modify the default parameters as needed.
            var conf = new ClientConfiguration();
            // Use Signature V4.
            conf.SignatureVersion = SignatureVersion.V4;

            // Create an OssClient instance.
            var client = new OssClient(endpoint, accessKeyId, accessKeySecret, conf);
            client.SetRegion(region);

            try
            {
                var acl = client.GetBucketAcl(bucketName);
                Console.WriteLine("Get bucket ACL success {0}", acl.ACL);
            }
            catch (Exception ex)
            {
                Console.WriteLine("Get bucket ACL failed. {0}", ex.Message);
            }
        }
    }
}

    For the complete sample, see GetObjectAclSample.cs on GitHub.

    References