Set and retrieve the access control list (ACL) of an object using OSS SDK for Python V2.
Prerequisites
Before you begin, make sure you have:
An OSS bucket and an object in the bucket
The
oss:PutObjectAclpermission to set an object's ACLThe
oss:GetObjectAclpermission to get an object's ACL
For details on granting these permissions, see Grant custom policies to a RAM user.
ACL types
Four ACL types are available for objects:
| ACL | Description | Value |
|---|---|---|
| Inherit from bucket | The object inherits the ACL from its bucket. | default |
| Private | Only the object owner and authorized users can read and write the object. Other users have no access. | private |
| Public-read | Only the object owner and authorized users can read and write the object. Other users can read the object. Use with caution. | public-read |
| Public-read-write | All users can read and write the object. Use with caution. | public-read-write |
Object ACL takes priority over bucket ACL. For example, if a bucket's ACL is private and an object's ACL is public-read-write, all users can read and write that object. If no ACL is set on an object, the object inherits the bucket's ACL.
Method definitions
Set the ACL of an object:
put_object_acl(request: PutObjectAclRequest, **kwargs) -> PutObjectAclResultGet the ACL of an object:
get_object_acl(request: GetObjectAclRequest, **kwargs) -> GetObjectAclResultParameters:
| Parameter | Type | Description |
|---|---|---|
request | PutObjectAclRequest | Request parameters. See PutObjectAclRequest. |
request | GetObjectAclRequest | Request parameters. See GetObjectAclRequest. |
Return values:
| Type | Fields | Description |
|---|---|---|
PutObjectAclResult | status_code, request_id, version_id | See PutObjectAclResult. |
GetObjectAclResult | status_code, request_id, acl, version_id | See GetObjectAclResult. |
For the complete method definitions, see put_object_acl and get_object_acl.
Sample code
The following example sets and then retrieves the ACL of an object.
import argparse
import alibabacloud_oss_v2 as oss
# Set up command-line arguments.
parser = argparse.ArgumentParser(description="put object acl sample")
parser.add_argument('--region', help='The region in which the bucket is located.', required=True)
parser.add_argument('--bucket', help='The name of the bucket.', required=True)
parser.add_argument('--endpoint', help='The domain names that other services can use to access OSS')
parser.add_argument('--key', help='The name of the object.', required=True)
# Valid ACL values: default | private | public-read | public-read-write
parser.add_argument('--acl', help='The ACL to apply to the object.', required=True)
def main():
args = parser.parse_args()
# Load credentials from environment variables.
credentials_provider = oss.credentials.EnvironmentVariableCredentialsProvider()
# Configure the client.
cfg = oss.config.load_default()
cfg.credentials_provider = credentials_provider
cfg.region = args.region
if args.endpoint is not None:
cfg.endpoint = args.endpoint
client = oss.Client(cfg)
# Set the ACL of the object.
# acl accepts: 'default' | 'private' | 'public-read' | 'public-read-write'
result = client.put_object_acl(oss.PutObjectAclRequest(
bucket=args.bucket,
key=args.key,
acl=args.acl,
))
print(f'status code: {result.status_code},'
f' request id: {result.request_id},'
f' version id: {result.version_id},'
)
# Get the current ACL of the object.
result = client.get_object_acl(oss.GetObjectAclRequest(
bucket=args.bucket,
key=args.key,
))
print(f'status code: {result.status_code},'
f' request id: {result.request_id},'
f' acl: {result.acl},'
f' version id: {result.version_id},'
)
if __name__ == "__main__":
main()The sample code uses the China (Hangzhou) region (cn-hangzhou) and the public endpoint by default. To access OSS from other Alibaba Cloud services in the same region, use the internal endpoint. For a full list of regions and endpoints, see OSS regions and endpoints.References
Complete sample for setting object ACL: put_object_acl.py
Complete sample for getting object ACL: get_object_acl.py