All Products
Search

This Product

    Object Storage Service:Manage file access permissions (Python SDK V2)

    Document Center

    Object Storage Service:Manage file access permissions (Python SDK V2)

    Last Updated:Jul 31, 2025

    This topic describes how to use Python SDK V2 to set and obtain the access control list (ACL) of a file.

    Notes

    • The sample code in this topic uses the China (Hangzhou) region as an example. The region ID is cn-hangzhou. By default, the public endpoint is used. If you want to access OSS from other Alibaba Cloud services in the same region, use the internal endpoint. For more information about the regions and endpoints that OSS supports, see OSS regions and endpoints.

    • To set the access permissions for an object, you must have the oss:PutObjectAcl permission. To obtain the access permissions for an object, you must have the oss:GetObjectAcl permission. For more information, see Grant custom policies to a RAM user.

    Method definitions

    Set the ACL of a file

    put_object_acl(request: PutObjectAclRequest, **kwargs) → PutObjectAclResult

    Read the ACL of a file

    get_object_acl(request: GetObjectAclRequest, **kwargs) → GetObjectAclResult

    Request parameters

    Parameter name

    Type

    Description

    request

    PutObjectAclRequest

    The request parameters. For more information, see PutObjectAclRequest

    GetObjectAclRequest

    The request parameters. For more information, see GetObjectAclRequest

    Return values

    Type

    Description

    PutObjectAclResult

    The return value. For more information, see PutObjectAclResult

    GetObjectAclResult

    The return value. For more information, see GetObjectAclResult

    For the complete definition of the method for setting the ACL of a file, see put_object_acl.

    For the complete definition of the method for obtaining the ACL of a file, see get_object_acl.

    ACL types

    The following four types of ACLs are available for files:

    ACL

    Description

    ACL value

    Inherit from bucket

    Files inherit access permissions from the bucket.

    default

    Private

    Only the file owner and authorized users can read and write the file. Other users cannot access the file.

    private

    Public-read

    Only the file owner and authorized users can read and write the file. Other users can only read the file. Use this permission with caution.

    public-read

    Public-read-write

    All users can read and write the file. Use this permission with caution.

    public-read-write

    The ACL of a file has a higher priority than the ACL of the bucket in which the file is stored. For example, if the ACL of the bucket is private and the ACL of the file is public-read-write, all users can read and write the file. If no ACL is configured for a file, the file inherits the ACL of the bucket.

    Sample code

    You can use the following code to set and obtain the ACL of a file.

    import argparse
import alibabacloud_oss_v2 as oss

# Create a command-line argument parser.
parser = argparse.ArgumentParser(description="put object acl sample")
# Add required parameters: region, bucket name, object key, and access control list (ACL).
parser.add_argument('--region', help='The region in which the bucket is located.', required=True)
parser.add_argument('--bucket', help='The name of the bucket.', required=True)
parser.add_argument('--endpoint', help='The domain names that other services can use to access OSS')
parser.add_argument('--key', help='The name of the object.', required=True)
parser.add_argument('--acl', help='Specify the access permission ACL for the object.', required=True)

def main():
    # Parse command-line arguments.
    args = parser.parse_args()

    # Load access credential information from environment variables.
    credentials_provider = oss.credentials.EnvironmentVariableCredentialsProvider()

    # Use the default configurations of the SDK.
    cfg = oss.config.load_default()
    # Set the credential provider.
    cfg.credentials_provider = credentials_provider
    # Set the region provided by the user.
    cfg.region = args.region
    # If an endpoint is provided, set the endpoint in the configuration.
    if args.endpoint is not None:
        cfg.endpoint = args.endpoint

    # Create an OSS client.
    client = oss.Client(cfg)

    # Set the ACL of the object.
    result = client.put_object_acl(oss.PutObjectAclRequest(
        bucket=args.bucket,  # The bucket name.
        key=args.key,  # The object key.
        acl=args.acl,  # The new ACL value.
    ))

    # Print the output information after setting the ACL.
    print(f'status code: {result.status_code},'
          f' request id: {result.request_id},'
          f' version id: {result.version_id},'
    )

    # Obtain and print the current ACL settings of the object.
    result = client.get_object_acl(oss.GetObjectAclRequest(
        bucket=args.bucket,
        key=args.key,
    ))

    print(f'status code: {result.status_code},'
          f' request id: {result.request_id},'
          f' acl: {result.acl},'
          f' version id: {result.version_id},'
    )

# Call the main function when this script is run directly.
if __name__ == "__main__":
    main()

    References