Updated on 2024-04-16 GMT+08:00

Relationship Between a Bucket ACL and a Bucket Policy

Mapping Between Bucket ACLs and Bucket Policies

Bucket ACLs are used to control basic read and write access to buckets. Custom settings of bucket policies support more actions that can be performed on buckets. Bucket policies supplement bucket ACLs. In most cases (granting permissions to log delivery user groups excluded), you can use bucket policies to manage access to buckets. Table 1 shows the mapping between bucket ACL access permissions and bucket policy actions.

Table 1 Mapping between bucket ACL access permissions and bucket policy actions

ACL Permission

Option

Mapped Action in a Custom Bucket Policy

Access to bucket

Read

  • ListBucket
  • ListBucketVersions
  • ListBucketMultipartUploads

Write

  • PutObject
  • DeleteObject
  • DeleteObjectVersion

Access to object

Object read

  • GetObject

Access to ACL

Read

  • GetBucketAcl

Write

  • PutBucketAcl

Mapping Relationship Between Object ACLs and Bucket Policies

Object ACLs are used to control basic read and write access permissions for objects. The custom settings of bucket policies support more actions that can be performed on objects. Table 2 describes the mapping relationship between object ACL access permissions and bucket policy actions.

Table 2 Mapping relationship between object ACLs and bucket policies

Object ACL

Option

Mapped Action in a Custom Bucket Policy

Access to Object

Read

  • GetObject
  • GetObjectVersion

Access to ACL

Read

  • GetObjectAcl
  • GetObjectVersionAcl

Write

  • PutObjectAcl
  • PutObjectVersionAcl