A bucket is a container that is used to store objects in Object Storage Service (OSS). All objects are stored in buckets. This topic describes how to configure and query the access control list (ACL) of a bucket.
Usage notes
The sample code in this topic uses the region ID
cn-hangzhoufor the China (Hangzhou) region. By default, a public endpoint is used to access resources in a bucket. If you want to use other Alibaba Cloud products in the same region to access resources in the bucket, use an internal endpoint. For more information about OSS regions and endpoints, see Regions and endpoints.To set the ACL of a bucket, you must have the
oss:PutBucketAclpermission. To obtain the ACL of a bucket, you must have theoss:GetBucketAclpermission. For more information, see Attach a custom policy to a RAM user.
Bucket ACLs
The following table describes the bucket ACLs.
ACL | Description | Method |
Private | Only the bucket owner and authorized users have read and write permissions on objects in the bucket. Other users cannot access objects in the bucket. | oss.BucketACLPrivate |
Public-read | Only the bucket owner and authorized users have read and write permissions on objects in the bucket. Other users have only read permissions on objects in the bucket. Exercise caution when you set the bucket ACL to this value. | oss.BucketACLPublicRead |
Public-read-write | All users have read and write permissions on the objects in the bucket. Exercise caution when you set the bucket ACL to this value. | oss.BucketACLPublicReadWrite |
Examples
1. Configure the bucket access control list.
<?php
// Introduce autoload files to load dependent libraries.
require_once __DIR__ . '/../vendor/autoload.php';
use AlibabaCloud\Oss\V2 as Oss;
// Specify descriptions for command line parameters.
$optsdesc = [
"region" => ['help' => The region in which the bucket is located.', 'required' => True], // (Required) Specify the region in which the bucket is located.
"endpoint" => ['help' => The domain names that other services can use to access OSS', 'required' => False], // (Optional) Specify the endpoint that can be used by other services to access OSS.
"bucket" => ['help' => The name of the bucket, 'required' => True], // (Required) Specify the name of the bucket.
];
// Generate a long options list to parse the command line parameters.
$longopts = \array_map(function ($key) {
return "$key:"; // Add a colon (:) to the end of each parameter to indicate that a value is required.
}, array_keys($optsdesc));
// Parse the command line parameters.
$options = getopt("", $longopts);
// Check whether the required parameters are configured.
foreach ($optsdesc as $key => $value) {
if ($value['required'] === True && empty($options[$key])) {
$help = $value['help'];
echo "Error: the following arguments are required: --$key, $help"; // Specify that the required parameters are not configured.
exit(1);
}
}
// Obtain the values of the command line parameters.
$region = $options["region"]; // The region in which the bucket is located.
$bucket = $options["bucket"]; // The name of the bucket.
// Use environment variables to load the AccessKey ID and AccessKey secret.
$credentialsProvider = new Oss\Credentials\EnvironmentVariableCredentialsProvider();
// Use the default configurations of the SDK.
$cfg = Oss\Config::loadDefault();
// Specify the credential provider.
$cfg->setCredentialsProvider($credentialsProvider);
// Specify the region.
$cfg->setRegion($region);
// Specify the endpoint if an endpoint is provided.
if (isset($options["endpoint"])) {
$cfg->setEndpoint($options["endpoint"]);
}
// Create an OSSClient instance.
$client = new Oss\Client($cfg);
// Create a PutBucketAclRequest object and set the bucket ACL to private.
$request = new Oss\Models\PutBucketAclRequest(
bucket: $bucket,
acl: Oss\Models\BucketACLType::PRIVATE);
// Use the putBucketAcl method to specify the bucket ACL.
$result = $client->putBucketAcl($request);
// Display the result.
printf(
'status code:' . $result->statusCode . PHP_EOL . // The returned HTTP status code.
'request id:' . $result->requestId // The request ID of the request, which is the unique identifier of the request.
);
2. Obtain read/write permissions for the bucket
<?php
// Introduce autoload files to load dependent libraries.
require_once __DIR__ . '/../vendor/autoload.php';
use AlibabaCloud\Oss\V2 as Oss;
// Specify descriptions for command line parameters.
$optsdesc = [
"region" => ['help' => The region in which the bucket is located.', 'required' => True], // (Required) Specify the region in which the bucket is located.
"endpoint" => ['help' => The domain names that other services can use to access OSS', 'required' => False], // (Optional) Specify the endpoint that can be used by other services to access OSS.
"bucket" => ['help' => The name of the bucket, 'required' => True], // (Required) Specify the name of the bucket.
];
// Generate a long options list to parse the command line parameters.
$longopts = \array_map(function ($key) {
return "$key:"; // Add a colon (:) to the end of each parameter to indicate that a value is required.
}, array_keys($optsdesc));
// Parse the command line parameters.
$options = getopt("", $longopts);
// Check whether the required parameters are configured.
foreach ($optsdesc as $key => $value) {
if ($value['required'] === True && empty($options[$key])) {
$help = $value['help'];
echo "Error: the following arguments are required: --$key, $help"; // Display the required but missing parameters.
exit(1);
}
}
// Obtain the values of the command line parameters.
$region = $options["region"]; // The region in which the bucket is located.
$bucket = $options["bucket"]; // The name of the bucket.
// Use environment variables to load the AccessKey ID and AccessKey secret.
$credentialsProvider = new Oss\Credentials\EnvironmentVariableCredentialsProvider();
// Use the default configurations of the SDK.
$cfg = Oss\Config::loadDefault();
// Specify the credential provider.
$cfg->setCredentialsProvider($credentialsProvider);
// Specify the region.
$cfg->setRegion($region);
// Specify the endpoint if an endpoint is provided.
if (isset($options["endpoint"])) {
$cfg->setEndpoint($options["endpoint"]);
}
// Create an OSSClient instance.
$client = new Oss\Client($cfg);
// Create a GetBucketAclRequest object to query the bucket ACL.
$request = new Oss\Models\GetBucketAclRequest(bucket: $bucket);
// Use the getBucketAcl method to query the bucket ACL.
$result = $client->getBucketAcl($request);
// Display the result.
printf(
'status code:' . $result->statusCode . PHP_EOL . // The returned HTTP status code.
'request id:' . $result->requestId . PHP_EOL . // The unique identifier of the request.
'bucket acl:' . $result->accessControlList->grant // The ACL of the bucket.
);
References
For the complete sample code that is used to configure the ACL of a bucket, visit GitHub.
For more information about the API operation that you can call to configure the ACL of a bucket, see PutBucketAcl.
For the complete sample code that is used to query the ACL of a bucket, visit GitHub.
For more information about the API operation that you can call to query the ACL of a bucket, see GetBucketAcl.