All Products
Search

This Product

    Object Storage Service:Manage object access permissions (Node.js SDK)

    Document Center

    Object Storage Service:Manage object access permissions (Node.js SDK)

    Last Updated:Mar 20, 2026

    Use the OSS Node.js SDK to set and retrieve the access control list (ACL) of objects in a versioned bucket.

    Prerequisites

    Before you begin, ensure that you have:

    • An OSS bucket with versioning enabled

    • The ali-oss package installed

    • The OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables set with valid access credentials

    How it works

    Both putACL and getACL target the current version of an object by default. To operate on a specific version, pass a versionId in the options object.

    If the current version of an object is a delete marker, Object Storage Service (OSS) returns 404 Not Found.

    Set object ACL

    Call client.putACL(name, acl, options) to set the ACL on an object.

    const OSS = require('ali-oss');

const client = new OSS({
  // Replace yourregion with the region where the bucket is located. For example, if the bucket is in the China (Hangzhou) region, set Region to oss-cn-hangzhou.
  region: 'yourregion',
  // Obtain access credentials from environment variables. Before running this sample code, ensure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are set.
  accessKeyId: process.env.OSS_ACCESS_KEY_ID,
  accessKeySecret: process.env.OSS_ACCESS_KEY_SECRET,
  authorizationV4: true,
  // Replace yourbucketname with the bucket name.
  bucket: 'yourbucketname'
});

async function putACL() {
  // Replace yourobjectName with the full path of the object. The full path of the object cannot include the bucket name.
  const name = 'yourobjectName'
  // Replace 'your acl' with a valid value from the table above: private, public-read, public-read-write, or default.
  const acl = 'your acl'
  // To set the ACL of a specific version, pass its version ID. Remove this line to target the current version.
  const versionId = 'your versionId'
  const options = {
    versionId
  };
  const result = await client.putACL(name, acl, options);
  console.log(result);
}

putACL();

    Get object ACL

    Call client.getACL(name, options) to retrieve the ACL of an object.

    const OSS = require('ali-oss');

const client = new OSS({
  // Replace yourregion with the region where the bucket is located. For example, if the bucket is in the China (Hangzhou) region, set Region to oss-cn-hangzhou.
  region: 'yourregion',
  // Obtain access credentials from environment variables. Before running this sample code, ensure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are set.
  accessKeyId: process.env.OSS_ACCESS_KEY_ID,
  accessKeySecret: process.env.OSS_ACCESS_KEY_SECRET,
  authorizationV4: true,
  // Replace yourbucketname with the bucket name.
  bucket: 'yourbucketname'
});

async function getACL() {
  // Replace yourobjectName with the full path of the object. The full path of the object cannot include the bucket name.
  const name = 'yourobjectName'
  // To get the ACL of a specific version, pass its version ID. Remove this line to target the current version.
  const versionId = 'your versionId'
  const options = {
    versionId
  };
  const result = await client.getACL(name, options);
  console.log(result);
}

getACL();

    References