Help Center> Object Storage Service> Console Operation Guide> Permission Control> Permission Control Mechanisms> Relationship Between a Bucket ACL and a Bucket Policy
View PDF

Relationship Between a Bucket ACL and a Bucket Policy

Mapping Relationship Between Bucket ACLs and Bucket Policies

Bucket ACLs are used to control basic read and write access permissions for buckets. Custom settings of bucket policies support more actions that can be performed on buckets. Bucket policies, supplements to bucket ACLs, can replace the bucket ACL to manage the access permissions of a bucket. Table 1 shows the mapping between bucket ACL access permissions and bucket policy actions.

Table 1 Mapping relationship between bucket ACLs and bucket policies

ACL Permission

Option

Mapped Action in a Custom Bucket Policy

Access to bucket

Read
  • HeadBucket
  • ListBucket
  • ListBucketVersions
  • ListBucketMultipartUploads

Object read
  • GetObject

Write
  • PutObject
  • DeleteObject
  • DeleteObjectVersion

Access to ACL

Read

GetBucketAcl

Write

PutBucketAcl

Mapping Relationship Between Object ACLs and Bucket Policies

Object ACLs are used to control basic read and write access permissions for objects. The custom settings of bucket policies support more actions that can be performed on objects. Table 2 describes the mapping relationship between object ACL access permissions and bucket policy actions.

Table 2 Mapping relationship between object ACLs and bucket policies

Object ACL

Option

Mapped Action in a Custom Bucket Policy

Access to Object

Read
  • GetObject
  • GetObjectVersion

Access to ACL

Read
  • GetObjectAcl
  • GetObjectVersionAcl

Write
  • PutObjectAcl
  • PutObjectVersionAcl