You can set the access control list (ACL) for a bucket when you create it. You can also modify a bucket's ACL after it is created. This topic describes how to set and retrieve the ACL of a bucket.
Read/write permission types
A bucket has three types of access permissions:
Access permission | Description | ACL value |
private | The bucket owner and authorized users have read and write permissions on files in the bucket. Other users cannot access the files in the bucket. | private |
public-read | The bucket owner and authorized users have read and write permissions on files in the bucket. Other users have only read permissions on the files. Use this permission with caution. | public-read |
public-read-write | All users have read and write permissions on files in the bucket. Use this permission with caution. | public-read-write |
Set the ACL of a bucket
Set the ACL when you create a bucket
The following code shows how to set the ACL of a bucket when you create it:
const OSS = require('ali-oss');
const client = new OSS({
// Set yourregion to the region where the bucket is located. For example, if the bucket is in the China (Hangzhou) region, set Region to oss-cn-hangzhou.
region: 'yourregion',
// Obtain access credentials from environment variables. Before you run this code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are set.
accessKeyId: process.env.OSS_ACCESS_KEY_ID,
accessKeySecret: process.env.OSS_ACCESS_KEY_SECRET,
authorizationV4: true,
// Specify the bucket name.
bucket: 'yourbucketname'
});
// This example shows how to set the ACL of a bucket to public-read when you create the bucket.
async function putBucket() {
const acl = 'public-read'; try {
await client.putBucket('yourbucketname', { acl });
} catch (error) {
console.log(error)
}
}
putBucket()Modify the ACL after you create a bucket
The following code shows how to modify the ACL of a bucket after it is created:
const OSS = require('ali-oss');
const client = new OSS({
// Set yourregion to the region where the bucket is located. For example, if the bucket is in the China (Hangzhou) region, set Region to oss-cn-hangzhou.
region: 'yourregion',
// Obtain access credentials from environment variables. Before you run this code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are set.
accessKeyId: process.env.OSS_ACCESS_KEY_ID,
accessKeySecret: process.env.OSS_ACCESS_KEY_SECRET,
authorizationV4: true,
// Specify the bucket name.
bucket: 'yourbucketname'
});
async function putBucketACL() {
// This example shows how to modify the ACL of a bucket to private after the bucket is created.
const acl = 'private'
try {
await client.putBucketACL('yourbucketname', acl)
} catch (error) {
console.log(error)
}
}
putBucketACL()Obtaining access permissions for a bucket
The following code retrieves the access permissions for a bucket:
const OSS = require('ali-oss');
const client = new OSS({
// Set yourregion to the region where the bucket is located. For example, if the bucket is in the China (Hangzhou) region, set Region to oss-cn-hangzhou.
region: 'yourregion',
// Obtain access credentials from environment variables. Before you run this code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are set.
accessKeyId: process.env.OSS_ACCESS_KEY_ID,
accessKeySecret: process.env.OSS_ACCESS_KEY_SECRET,
authorizationV4: true,
// Specify the bucket name.
bucket: 'yourbucketname'
});
// Get the ACL of the bucket.
async function getBucketAcl() {
const result = await client.getBucketACL('yourbucketname')
console.log('acl: ', result.acl)
}
getBucketAcl()References
For the complete sample code for managing bucket ACLs, see GitHub examples.
For more information about the API operation for setting a bucket ACL, see PutBucketAcl.
For more information about the API operation for retrieving a bucket ACL, see GetBucketAcl.