Configure and query object ACL using the iOS SDK - Object Storage Service

Set the access control list (ACL) of an object to control who can read or write it. OSS supports four ACL values for objects: default, private, public-read, and public-read-write.

Object ACL values

ACL	API value	Access
Inherited from bucket	`default`	The object inherits the ACL of the bucket it belongs to.
Private	`private`	Only the object owner and authorized users have read and write permissions.
Public read	`public-read`	Only the object owner and authorized users have write permissions. All users have read permissions. Use with caution.
Public read/write	`public-read-write`	All users have read and write permissions. Use with caution.

Object ACL takes precedence over bucket ACL. For example, if the bucket ACL is private but the object ACL is public-read-write, all users can read and write the object. If no ACL is set on the object, the object inherits the bucket ACL.

Operations in this topic

API	Description
PutObjectACL	Set the ACL of an object
GetObjectACL	Get the ACL of an object

Prerequisites

Before you begin, ensure that you have:

An initialized OSSClient instance. For details, see Initialization

Set the ACL of an object

The following example sets the ACL of exampleobject.txt in examplebucket to private.

OSSPutObjectACLRequest *request = [OSSPutObjectACLRequest new];
// Bucket name
request.bucketName = @"examplebucket";
// Full object path, excluding the bucket name
request.objectKey = @"exampleobject.txt";
// ACL value. Valid values:
//   default           — inherited from bucket
//   private           — owner and authorized users only
//   public-read       — all users can read; owner and authorized users can write
//   public-read-write — all users can read and write
request.acl = @"private";

OSSTask *putObjectACLTask = [client putObjectACL:request];
[putObjectACLTask continueWithBlock:^id(OSSTask *task) {
    if (!task.error) {
        NSLog(@"put object ACL success!");
    } else {
        NSLog(@"put object ACL failed, error: %@", task.error);
    }
    return nil;
}];
// Uncomment the following line to block until the task completes.
// [putObjectACLTask waitUntilFinished];

Get the ACL of an object

The following example retrieves the ACL of exampleobject.txt in examplebucket.

OSSGetObjectACLRequest *request = [OSSGetObjectACLRequest new];
// Bucket name
request.bucketName = @"examplebucket";
// Full object path, excluding the bucket name
request.objectName = @"exampleobject.txt";

OSSTask *getObjectACLTask = [client getObjectACL:request];
[getObjectACLTask continueWithBlock:^id(OSSTask *task) {
    if (!task.error) {
        OSSGetObjectACLResult *result = task.result;
        NSLog(@"objectACL: %@", result.grant);
    } else {
        NSLog(@"get object ACL failed, error: %@", task.error);
    }
    return nil;
}];
// Uncomment the following line to block until the task completes.
// [getObjectACLTask waitUntilFinished];

What's next

PutObjectACL — API reference for setting object ACL
GetObjectACL — API reference for getting object ACL
Initialization — how to initialize an OSSClient instance