Sets or modifies the access control list (ACL) of an object.
Object ACLs take precedence over bucket ACLs. For example, an object with public-read-write stored in a private bucket is readable and writable by all users, regardless of the bucket ACL.
Prerequisites
Before you begin, ensure that you have:
An Alibaba Cloud account (which has the permission by default), or a RAM user or Security Token Service (STS) token with the
oss:PutObjectAclpermission. For setup instructions, see Attach a custom policy to a RAM userBucket owner permissions with read and write access to the bucket that contains the object
Syntax
ossutil api put-object-acl --bucket <bucket-name> --key <object-key> --object-acl <acl-value> [--version-id <version-id>]Parameters without brackets are required.
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
--bucket | string | Yes | Name of the bucket. |
--key | string | Yes | Full path of the object. |
--object-acl | string | Yes | ACL to apply to the object. See ACL values. |
--version-id | string | No | Version ID of the object. Use this parameter to set the ACL on a specific version of a versioned object. |
ACL values
| Value | Description |
|---|---|
private | Only the object owner has read and write access. |
public-read | The object owner has read and write access. All other users have read-only access. |
public-read-write | All users have read and write access. |
default | The object inherits the ACL from its bucket. Use this value to reset an object to follow its bucket's access policy. |
For global flags supported by ossutil, see Command-line options.
Examples
Set an object ACL to private:
ossutil api put-object-acl --bucket examplebucket --key exampleobject --object-acl privateAllow public read access:
ossutil api put-object-acl --bucket examplebucket --key exampleobject --object-acl public-readReset an object to inherit the bucket ACL:
ossutil api put-object-acl --bucket examplebucket --key exampleobject --object-acl defaultSet the ACL on a specific version of an object:
ossutil api put-object-acl --bucket examplebucket --key exampleobject --object-acl private --version-id <version-id>What's next
For the full list of parameters supported by the underlying REST API, see PutObjectACL.