Updated on 2024-10-24 GMT+08:00

Configuring an Object ACL

Prerequisites

You are the object owner or you have the permission to write the object ACL.

An object owner is the account that uploads the object, but may not be the owner of the bucket that stores the object. For example, account B is granted the permission to access a bucket of account A, and account B uploads a file to the bucket. In that case, account B, instead of the bucket owner account A, is the owner of the object. By default, account A is not allowed to access this object and cannot read or modify the object ACL.

Procedure

  1. In the navigation pane of OBS Console, choose Object Storage.
  2. In the bucket list, click the bucket you want to operate. The Objects page is displayed.
  3. Click a desired object.
  4. On the Object ACL page, choose a permission from Private and Public Read to grant object ACL permission for anonymous users.

    1. After you change Public Read to Private, only the bucket owner or object owner has the access.
    2. After you change Private to Public Read, anyone can read the object content and metadata. No identity authentication is required.
    Figure 1 Changing a public access permission

  5. Click Edit to grant the owner, anonymous user, or other accounts required permissions for the object.

    ACL permissions for encrypted objects cannot be granted to registered users or anonymous users.

    Click Export to get the object ACL configuration. The file includes the user type, account, object access, and ACL access.

    Click Add to apply specific ACL permissions to an account.

    Enter an account ID and specify ACL permissions for the account. You can obtain the account ID from the My Credentials page.

    Click OK.

    Figure 2 Granting permissions