Help Center> Object Storage Service> Developer Guide> Permission Control> ACL> Introduction to the ACL
View PDF

Introduction to the ACL

An ACL can be used to manage bucket and object access permissions. A default ACL is generated when a bucket or object is created. You can make an API call to generate a new ACL. Each item in the ACL list contains the permissions granted to the grantee. A bucket ACL supports a maximum of 100 permission grants, and an object ACL also supports a maximum of 100 permission grants. To implement simple and practical authorization for users, the OBS ACL has the following features:

  • The ACL takes effect for both the account and the users under the account.
  • When the owner of a bucket is the same as the owner of an object, the ACL configured on the bucket takes effect on the bucket and objects in the bucket by default.
  • An ACL can be carried when a bucket is created, or an ACL can be configured after a bucket is created. An object can carry an ACL when it is uploaded. You can also configure the ACL after the object is uploaded successfully.

ACLs of buckets and objects can be set in either of the following ways:

  • Call a separate ACL API to configure existing resources (buckets or objects).
  • When creating a bucket or uploading an object, you can set the ACL of the bucket or object based on the header.
Parent topic: ACL