Help Center/ Object Storage Service/ Permissions Configuration Guide/ Appendix/ Relationship Between Bucket Policies and Bucket ACLs
Updated on 2024-02-26 GMT+08:00

Relationship Between Bucket Policies and Bucket ACLs

Mapping Between Bucket ACLs and Bucket Policies

Bucket ACLs are used to control basic read and write access to buckets. Custom settings of bucket policies support more actions that can be performed on buckets. Bucket ACLs supplement bucket policies, and in many cases, can be replaced by bucket policies to manage access to buckets, except when permissions are granted to a log delivery user group. Table 1 shows the mapping between bucket ACL access permissions and bucket policy actions.

Table 1 Mapping Between Bucket ACLs and Bucket Policies

ACL Permission

Option

Mapped Action in a Custom Bucket Policy

Access to bucket

Read

  • HeadBucket
  • ListBucket
  • ListBucketVersions
  • ListBucketMultipartUploads

Object read

  • GetObject

Write

  • PutObject
  • DeleteObject
  • DeleteObjectVersion

Access to ACL

Read

  • GetBucketAcl

Write

  • PutBucketAcl

Mapping Between Object ACLs and Bucket Policies

Object ACLs are used to control basic read and write access to objects. The custom settings of bucket policies allow you to specify more actions that can be performed on objects. Table 2 describes the mapping between object ACL access permissions and bucket policy actions.

Table 2 Mapping between object ACLs and bucket policies

Object ACL Permission

Option

Mapped Action in a Custom Bucket Policy

Access to object

Read

  • GetObject
  • GetObjectVersion

Access to ACL

Read

  • GetObjectAcl
  • GetObjectVersionAcl

Write

  • PutObjectAcl
  • PutObjectVersionAcl