Help Center> Object Storage Service> Console Operation Guide> Permissions Control> Configuring a Bucket ACL
Updated on 2024-04-01 GMT+08:00
View PDF

Configuring a Bucket ACL

Prerequisites

You are the bucket owner or you have the permission to write the bucket ACL.

Procedure

  1. In the navigation pane of OBS Console, choose Object Storage.
  2. In the bucket list, click the bucket you want to operate to go to the Objects page.
  3. In the navigation pane, choose Permissions > Bucket ACLs.
  4. On the Bucket ACLs page, choose a permission from Private, Public Read, and Public Read/Write to grant bucket ACL permission for anonymous users.

    1. After you change Public Read or Public Read/Write to Private, only the bucket owner or object owner has the access.
    2. After you change Private to Public Read, anyone can read objects in the bucket. No identity authentication is required.
    3. After you change Private to Public Read/Write, anyone can read, write, and delete objects in the bucket. No identity authentication is required.
    Figure 1 Changing a public access permission

  5. In the Operation column, click Edit to grant the owner, anonymous user, or log delivery user required ACL permissions for the bucket.
  6. In the middle of the page, click Export to get the bucket ACL configuration. The file includes the user type, account, bucket access, and ACL access.
  7. In the middle of the page, click Add to apply specific ACL permissions to an account.

    Enter an account ID and specify ACL permissions for the account. You can obtain the account ID from the My Credentials page.

    Click OK.

    To select Object read for Object Permission, you must select Read for Access to Bucket.

    Figure 2 Granting permissions

Follow-up Procedure

After a specified account is granted the ACL permissions for a bucket, the authorized user can use the AK and SK to access that bucket by adding the bucket to OBS Browser+.

After certain permissions are granted to an anonymous user, the anonymous user can access the bucket without any authentication. The anonymous user can be either registered or non-registered. A registered anonymous user can use either of the methods above to access the bucket, while a non-registered anonymous user can access the bucket in any of the following ways:

  • Access the bucket's domain name in a browser to view the objects in the bucket.
  • Configure the bucket's domain name in a third-party system to directly connect to the bucket.
Parent topic: Permissions Control