Obtaining a Bucket ACL (SDK for Java)
Function
OBS provides access control over buckets. You can use an access policy to define whether a user can perform certain operations on a specific bucket. OBS access control can be implemented using IAM permissions, bucket policies, and ACLs (including bucket and object ACLs). For more information, see Introduction to OBS Access Control.
A bucket ACL applies permissions to a different account and its IAM users, rather than the current account and its IAM users. It can grant access to both a bucket (including the objects in it) and the bucket ACL. The granted access includes view and edit permissions. You must specify a bucket name when configuring a bucket ACL.
This API returns the ACL of a bucket.
Restrictions
- To obtain the ACL of a bucket, you must be the bucket owner or have the required permission (obs:bucket:GetBucketAcl in IAM or GetBucketAcl in a bucket policy). For details, see Introduction to OBS Access Control, IAM Custom Policies, and Creating a Custom Bucket Policy.
Method
obsClient.getBucketAcl(String bucketName)
Request Parameters
Parameter |
Type |
Mandatory (Yes/No) |
Description |
---|---|---|---|
bucketName |
String |
Yes |
Explanation: Bucket name. Restrictions:
Default value: None |
Responses
Parameter |
Type |
Mandatory (Yes/No) |
Type |
---|---|---|---|
owner |
Yes |
Explanation: Bucket owner information. For details, see Table 3. |
|
delivered |
boolean |
No |
Explanation: Whether the bucket ACL is applied to all objects in the bucket. Value range: true: The bucket ACL is applied to all objects in the bucket. false: The bucket ACL is not applied to any objects in the bucket. Default value: false |
grants |
Set<GrantAndPermission> |
No |
Explanation: Grantee information. For details, see Table 4. |
Parameter |
Type |
Mandatory (Yes/No) |
Description |
---|---|---|---|
id |
String |
Yes |
Explanation: Account (domain) ID of the owner. Value range: To obtain the account ID, see How Do I Get My Account ID and User ID? Default value: None |
displayName |
String |
No |
Explanation: Account name of the owner. Value range: To obtain the account name, see How Do I Get My Account ID and User ID? Default value: None |
Parameter |
Type |
Mandatory (Yes/No) |
Description |
---|---|---|---|
grantee |
Yes |
Explanation: Grantees (users or user groups). For details, see Table 5. |
|
permission |
Yes |
Explanation: Permissions to grant. Value range: See Table 8. Default value: None |
|
delivered |
boolean |
No |
Explanation: Whether the bucket ACL is applied to all objects in the bucket. Value range: true: The bucket ACL is applied to all objects in the bucket. false: The bucket ACL is not applied to any objects in the bucket. Default value: false |
Parameter |
Type |
Mandatory (Yes/No) |
Description |
---|---|---|---|
Yes |
Explanation: Grantee (user) information. For details, see Table 6. |
||
Yes |
Explanation: Grantee (user group) information. Value range: See Table 7. Default value: None |
Parameter |
Type |
Mandatory (Yes/No) |
Description |
---|---|---|---|
grantId |
String |
Yes if Type is set to GranteeUser |
Explanation: Account (domain) ID of the grantee. Value range: To obtain the account ID, see How Do I Get My Account ID and User ID? Default value: None |
displayName |
String |
No |
Parameter description: Account name of the grantee. Value range: To obtain the account name, see How Do I Get My Account ID and User ID? Default value: None |
Constant |
Description |
---|---|
ALL_USERS |
All users. |
AUTHENTICATED_USERS |
Authorized users. This constant is deprecated. |
LOG_DELIVERY |
Log delivery group. This constant is deprecated. |
Constant |
Default Value |
Description |
---|---|---|
PERMISSION_READ |
READ |
Read permission. A grantee with this permission for a bucket can obtain the list of objects, multipart uploads, bucket metadata, and object versions in the bucket. A grantee with this permission for an object can obtain the object content and metadata. |
PERMISSION_WRITE |
WRITE |
Write permission. A grantee with this permission for a bucket can upload, overwrite, and delete any object or part in the bucket. This permission is not available for objects. |
PERMISSION_READ_ACP |
READ_ACP |
Permission to read an ACL. A grantee with this permission can obtain the ACL of a bucket or object. A bucket or object owner has this permission for their bucket or object by default. |
PERMISSION_WRITE_ACP |
WRITE_ACP |
Permission to modify an ACL. A grantee with this permission can update the ACL of a bucket or object. A bucket or object owner has this permission for their bucket or object by default. This permission allows the grantee to change the access control policies, meaning the grantee has full control over a bucket or object. |
PERMISSION_FULL_CONTROL |
FULL_CONTROL |
Full control access, including read and write permissions for a bucket and its ACL, or for an object and its ACL. A grantee with this permission for a bucket has READ, WRITE, READ_ACP, and WRITE_ACP permissions for the bucket. A grantee with this permission for an object has READ, WRITE, READ_ACP, and WRITE_ACP permissions for the object. |
Code Examples
This example returns the ACL information of bucket examplebucket.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
import com.obs.services.ObsClient; import com.obs.services.exception.ObsException; import com.obs.services.model.AccessControlList; public class GetBucketAcl001 { public static void main(String[] args) { // Obtain an AK/SK pair using environment variables or import the AK/SK pair in other ways. Using hard coding may result in leakage. // Obtain an AK/SK pair on the management console. String ak = System.getenv("ACCESS_KEY_ID"); String sk = System.getenv("SECRET_ACCESS_KEY_ID"); // (Optional) If you are using a temporary AK/SK pair and a security token to access OBS, you are advised not to use hard coding, which may result in information leakage. // Obtain an AK/SK pair and a security token using environment variables or import them in other ways. // String securityToken = System.getenv("SECURITY_TOKEN"); // Enter the endpoint corresponding to the bucket. EU-Dublin is used here as an example. Replace it with the one in your actual situation. String endPoint = "https://obs.eu-west-101.myhuaweicloud.eu"; // Obtain an endpoint using environment variables or import it in other ways. //String endPoint = System.getenv("ENDPOINT"); // Create an ObsClient instance. // Use the permanent AK/SK pair to initialize the client. ObsClient obsClient = new ObsClient(ak, sk,endPoint); // Use the temporary AK/SK pair and security token to initialize the client. // ObsClient obsClient = new ObsClient(ak, sk, securityToken, endPoint); try { // Example bucket name String exampleBucket = "examplebucket"; // Get the bucket ACL. AccessControlList acl = obsClient.getBucketAcl(exampleBucket); System.out.println("GetBucketAcl successfully"); System.out.println(acl); } catch (ObsException e) { System.out.println("GetBucketAcl failed"); // Request failed. Print the HTTP status code. System.out.println("HTTP Code:" + e.getResponseCode()); // Request failed. Print the server-side error code. System.out.println("Error Code:" + e.getErrorCode()); // Request failed. Print the error details. System.out.println("Error Message:" + e.getErrorMessage()); // Request failed. Print the request ID. System.out.println("Request ID:" + e.getErrorRequestId()); System.out.println("Host ID:" + e.getErrorHostId()); e.printStackTrace(); } catch (Exception e) { System.out.println("GetBucketAcl failed"); // Print other error information. e.printStackTrace(); } } } |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.