Object Storage Service:Manage file access permissions (PHP SDK V1)

Prerequisites

Before you begin, ensure that you have:

• An OSS bucket and an object to manage

• The oss:PutObjectAcl permission to set an object ACL. For more information, see Grant custom access policies to a RAM user

• The oss:GetObjectAcl permission to retrieve an object ACL. For more information, see Grant custom access policies to a RAM user

• An OSSClient instance initialized with a valid endpoint. For custom domain names or Security Token Service (STS) authentication, see Create an OSSClient instance

The examples in this topic use the public endpoint for the China (Hangzhou) region. To access OSS from other Alibaba Cloud services in the same region, use the internal endpoint. For a full list of regions and endpoints, see Regions and endpoints.

Object ACL types

OSS supports four ACL values for objects:

Object ACLs take precedence over bucket ACLs. For example, if a bucket is private but an object is set to public-read-write, all users can read and write that object regardless of bucket-level permissions. If an object has no ACL set, it inherits the bucket's ACL.

Set an object ACL

$bucket and $object are required. The $acl parameter accepts one of four values: default|private|public-read|public-read-write.

<?php
if (is_file(__DIR__ . '/../autoload.php')) {
    require_once __DIR__ . '/../autoload.php';
}
if (is_file(__DIR__ . '/../vendor/autoload.php')) {
    require_once __DIR__ . '/../vendor/autoload.php';
}
use OSS\Credentials\EnvironmentVariableCredentialsProvider;
use OSS\OssClient;
use OSS\Core\OssException;

// Load credentials from environment variables.
// Set OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET before running this code.
$provider = new EnvironmentVariableCredentialsProvider();

// Replace with your actual endpoint and region.
$endpoint = "http://oss-cn-hangzhou.aliyuncs.com";

$bucket = "<your-bucket-name>";   // REQUIRED
$object = "<your-object-name>";   // REQUIRED

// Set the ACL. Accepted values: default|private|public-read|public-read-write
$acl = "public-read";

try {
    $config = array(
        "provider"         => $provider,
        "endpoint"         => $endpoint,
        "signatureVersion" => OssClient::OSS_SIGNATURE_VERSION_V4,
        "region"           => "cn-hangzhou"
    );
    $ossClient = new OssClient($config);

    $ossClient->putObjectAcl($bucket, $object, $acl);
} catch (OssException $e) {
    printf(__FUNCTION__ . ": FAILED\n");
    printf($e->getMessage() . "\n");
    return;
}
print(__FUNCTION__ . ": OK" . "\n");

Get an object ACL

Retrieve the current ACL of an object.

<?php
if (is_file(__DIR__ . '/../autoload.php')) {
    require_once __DIR__ . '/../autoload.php';
}
if (is_file(__DIR__ . '/../vendor/autoload.php')) {
    require_once __DIR__ . '/../vendor/autoload.php';
}
use OSS\Credentials\EnvironmentVariableCredentialsProvider;
use OSS\OssClient;
use OSS\Core\OssException;

// Load credentials from environment variables.
// Set OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET before running this code.
$provider = new EnvironmentVariableCredentialsProvider();

// Replace with your actual endpoint and region.
$endpoint = "http://oss-cn-hangzhou.aliyuncs.com";

$bucket = "<your-bucket-name>";   // REQUIRED
$object = "<your-object-name>";   // REQUIRED

try {
    $config = array(
        "provider"         => $provider,
        "endpoint"         => $endpoint,
        "signatureVersion" => OssClient::OSS_SIGNATURE_VERSION_V4,
        "region"           => "cn-hangzhou"
    );
    $ossClient = new OssClient($config);

    $objectAcl = $ossClient->getObjectAcl($bucket, $object);
} catch (OssException $e) {
    printf(__FUNCTION__ . ": FAILED\n");
    printf($e->getMessage() . "\n");
    return;
}
print(__FUNCTION__ . ": OK" . "\n");
var_dump($objectAcl);