In addition to bucket-level access control lists (ACLs), Object Storage Service (OSS) provides object-level ACLs. You can configure the ACL of an object when you upload the object or change the ACL of an uploaded object.
Access permission types
Object access permissions (ACLs) are available in the following four types:
Access permission | Description | Access permission value |
Inherit from bucket | The object inherits the access permissions of the bucket. | default |
Private | The object owner and authorized users have read and write permissions. Other users have no permissions to access the object. | private |
Public-read | The object owner and authorized users have read and write permissions. Other users have only read permissions. Use this permission with caution. | public-read |
Public-read-write | All users have read and write permissions on the object. Use this permission with caution. | public-read-write |
Set file access permissions
The following sample code provides an example on how to configure the ACL of an object:
const oss = require('ali-oss');
const client = oss({
// Set region to the region where the bucket is located. For example, if the bucket is in the China (Hangzhou) region, set region to oss-cn-hangzhou.
region: 'yourregion',
// Obtain access credentials from environment variables. Before running the sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are set.
accessKeyId: process.env.OSS_ACCESS_KEY_ID,
accessKeySecret: process.env.OSS_ACCESS_KEY_SECRET,
authorizationV4: true,
// Set bucket to the name of your bucket.
bucket: 'yourbucketname'
});
async function setACL() {
try {
// Set yourObjectName to the full path of the object. The full path cannot contain the bucket name.
await client.putACL('yourObjectName', 'private');
console.log('Set ACL successfully');
} catch (e) {
console.error(e);
}
}
setACL();Get file access permissions
The following sample code provides an example on how to query the ACL of an object:
const oss = require('ali-oss');
const client = oss({
// Set region to the region where the bucket is located. For example, if the bucket is in the China (Hangzhou) region, set region to oss-cn-hangzhou.
region: 'yourregion',
// Obtain access credentials from environment variables. Before running the sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are set.
accessKeyId: process.env.OSS_ACCESS_KEY_ID,
accessKeySecret: process.env.OSS_ACCESS_KEY_SECRET,
authorizationV4: true,
// Set bucket to the name of your bucket.
bucket: 'yourbucketname',
});
async function getACL() {
try {
// Set yourObjectName to the full path of the object. The full path cannot contain the bucket name.
const result = await client.getACL('yourObjectName');
console.log(result.acl);
} catch (e) {
console.error(e);
}
}
getACL();References
For the complete sample code for managing object access permissions, see the GitHub example.
For more information about the API operation for setting object access permissions, see PutObjectACL.
For more information about the API operation for retrieving object access permissions, see GetObjectACL.