Configuring an ACL Using Header Fields
Access Control Policy
OBS allows you to set the access control policy for a bucket or object through a header field when creating the bucket or uploading the object. For details, see Creating a Bucket – Sample Request and Uploading Objects – Sample Request. However, only the preset access control policies are allowed. The x-obs-acl is special, which can be configured with six types of permissions. No matter what type of permissions is configured, the owner has full control permission for the resource. For details, see the following table.
|
Pre-Defined Access Control Policy |
Description |
|---|---|
|
private |
Indicates that the owner of a bucket or object has the full control permission for the bucket or object. Other users have no permission to access the bucket or object. |
|
public-read |
If this permission is set for a bucket, everyone can obtain the list of objects, multipart tasks, and multiple object versions in the bucket, as well as metadata of the bucket. If this permission is set for an object, everyone can obtain the content and metadata of the object. |
|
public-read-write |
If this permission is set for a bucket, everyone can obtain the object list in the bucket, multipart tasks in the bucket, the bucket metadata; and the bucket versions, and can upload objects; delete objects; initialize multipart upload tasks; upload parts; merge parts; copy parts; and cancel multipart upload tasks. If this permission is set for an object, everyone can obtain the content and metadata of the object. |
|
public-read-delivered |
If this permission is set for a bucket, everyone can obtain the object list, multipart tasks, bucket metadata, and bucket versions, and obtain the content and metadata of the objects in the bucket. It cannot be applied to objects. |
|
public-read-write-delivered |
If this permission is set for a bucket, everyone can obtain the object list in the bucket, multipart tasks in the bucket, the bucket metadata; and the bucket versions, and can upload objects; delete objects; initialize multipart upload tasks; upload parts; merge parts; copy parts; and cancel multipart upload tasks. Users can also obtain content and metadata of objects in the bucket. It cannot be applied to objects. |
|
bucket-owner-full-control |
If this permission is set for a bucket, only the bucket owner has the full control over the bucket, and the bucket cannot be accessed by other users. If this permission is set for an object, only the bucket owner and the object owner have the full control over the object. |
By default, the access control policy is private.
When creating a bucket or uploading an object, you can set other header fields as follows:
|
Header Field |
Description |
|---|---|
|
x-obs-grant-read |
Grant the READ permission to all users in a specified account. |
|
x-obs-grant-write |
Grant the WRITE permission to all users in a specified account. |
|
x-obs-grant-read-acp |
Grant the READ_ACP permission to all users in a specified account. |
|
x-obs-grant-write-acp |
Grant the WRITE_ACP permission to all users in a specified account. |
|
x-obs-grant-full-control |
Grant the FULL_CONTROL permission to all users in a specified account. |
|
x-obs-grant-read-delivered |
Grant the READ permission for buckets and objects in the bucket to all users in a specified account, and objects inherit the permission of the bucket. It cannot be applied to objects. |
|
x-obs-grant- full-control- delivered |
Grant the FULL_CONTROL permission to all users in a specified account, and objects inherit the bucket permission. It cannot be applied to objects. |
Last Article: Configuring ACLs for Existing Resources
Next Article: Conversion Between Two ACL Formats
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.