Configuring an Object ACL
Functions
OBS supports the control of access permission for objects. By default, only the object creator has the read and write permissions for the object. However, the creator can set a public access policy to assign the read permission to all other users. Even if the ACL is configured for an object encrypted in the SSE-KMS mode, the inter-tenant access is unavailable.
You can set an access control policy when uploading an object or make a call of an API operation to modify or obtain the object ACL. An object ACL supports a maximum of 100 grants.
This section explains how to modify an object ACL and change access permission on an object.
Versioning
By default, this operation modifies the ACL of the latest version of an object. To specify a specified version, the request can carry the versionId parameter.
Request Syntax
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
PUT /ObjectName?acl HTTP/1.1 Host: bucketname.obs.region.myhuaweicloud.com Date: date Authorization: authorization <AccessControlPolicy> <Owner> <ID>ID</ID> </Owner> <Delivered>true</Delivered> <AccessControlList> <Grant> <Grantee> <ID>ID</ID> </Grantee> <Permission>permission</Permission> </Grant> </AccessControlList> </AccessControlPolicy> |
Request Parameters
Table 1 describes the request parameters.
Parameter |
Mandatory (Yes/No) |
Type |
Description |
---|---|---|---|
versionId |
No |
String |
Definition: Object version ID The ACL of the specified object version is to be changed. For details about how to obtain the version ID of an object, see Listing Objects in a Bucket. Constraints: None Range: The value must contain 32 characters. Default value: None. If this parameter is not configured, the latest version of the object is specified. |
Request Headers
This request uses common headers. For details, see Table 3.
Request Elements
The request message carries the ACL information of the object by using message elements. For the meanings of the elements, see Table 2.
Parameter |
Mandatory (Yes/No) |
Type |
Description |
---|---|---|---|
AccessControlList |
Yes |
XML |
Definition: Access control list. AccessControlList is the parent node of Grant, Grantee, and Permission. Constraints: None Range: For details, see Table 3. Default value: None |
Owner |
Yes |
XML |
Definition: Owner information of a bucket. Owner is the parent node of ID. Constraints: None Range: For details, see Table 4. Default value: None |
Canned |
No |
String |
Definition: Grants permissions to all users. Constraints: None Range: Everyone Default value: None |
Parameter |
Mandatory (Yes/No) |
Type |
Description |
---|---|---|---|
Grant |
No |
XML |
Definition: Used to identify users and their permissions. Grant is the parent node of Grantee and Delivered. Constraints: An ACL of an object can contain a maximum of 100 grants. Range: For details, see Table 5. Default value: None |
Grantee |
No |
XML |
Definition: Grantee information Constraints: None Range: None Default value: None |
Permission |
No |
String |
Definition: Granted permissions Constraints: None Range:
Default value: None |
Parameter |
Mandatory (Yes/No) |
Type |
Description |
---|---|---|---|
ID |
Yes |
String |
Definition: Account ID of the authorized user. Constraints: None Range: For details about how to obtain the domain ID of a user, see Obtaining Account, IAM User, Project, User Group, Region, and Agency Information. Default value: None |
Parameter |
Mandatory (Yes/No) |
Type |
Description |
---|---|---|---|
Grantee |
No |
XML |
Definition: Grantee information Constraints: None Range: None Default value: None |
Delivered |
No |
Boolean |
Definition: Whether an object ACL inherits the ACL of a bucket. Constraints: None Range:
Default value: true |
Response Syntax
1 2 3 |
HTTP/1.1 status_code Content-Length: length Content-Type: application/xml |
Response Headers
The response to the request uses common headers. For details, see Table 1.
In addition to the common response headers, the headers listed in Table 6 may be used.
Response Elements
This response contains no elements.
Error Responses
No special error responses are returned. For details about error responses, see Table 2.
Sample Request
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
PUT /obj2?acl HTTP/1.1 User-Agent: curl/7.29.0 Host: examplebucket.obs.region.myhuaweicloud.com Accept: */* Date: WED, 01 Jul 2015 04:42:34 GMT Authorization: OBS H4IPJX0TQTHTHEBQQCEC:8xAODun1ofjkwHm8YhtN0QEcy9M= Content-Length: 727 <AccessControlPolicy xmlns="http://obs.ap-southeast-1.myhuaweicloud.com/doc/2015-06-30/"> <Owner> <ID>b4bf1b36d9ca43d984fbcb9491b6fce9</ID> </Owner> <Delivered>false</Delivered> <AccessControlList> <Grant> <Grantee> <ID>b4bf1b36d9ca43d984fbcb9491b6fce9</ID> </Grantee> <Permission>FULL_CONTROL</Permission> </Grant> <Grant> <Grantee> <ID>783fc6652cf246c096ea836694f71855</ID> </Grantee> <Permission>READ</Permission> </Grant> <Grant> <Grantee> <Canned>Everyone</Canned> </Grantee> <Permission>READ</Permission> </Grant> </AccessControlList> </AccessControlPolicy> |
Sample Response
1 2 3 4 5 6 |
HTTP/1.1 200 OK Server: OBS x-obs-request-id: 8DF400000163D3F0FD2A03D2D30B0542 x-obs-id-2: 32AAAUgAIAABAAAQAAEAABAAAQAAEAABCTjCqTmsA1XRpIrmrJdvcEWvZyjbztdd Date: WED, 01 Jul 2015 04:42:34 GMT Content-Length: 0 |
Sample Request: Configuring the ACL for a Specific Object Version
PUT /object01?acl&versionId=G001118A6803675AFFFFD3043F7F91D0 HTTP/1.1 Authorization: OBS H4IPJX0TQTHTHEBQQCEC:iqSPeUBl66PwXDApxjRKk6hlcN4= User-Agent: curl/7.29.0 Host: examplebucket.obs.region.myhuaweicloud.com Date: WED, 01 Jul 2015 02:37:22 GMT Content-Type: application/xml <AccessControlPolicy xmlns="http://obs.region.myhuaweicloud.com/doc/2015-06-30/"> <Owner> <ID>d029cb567d46458sp0x75800575ee4cf</ID> </Owner> <Delivered>false</Delivered> <AccessControlList> <Grant> <Grantee> <ID>f98sx63gg849422e8f330af1349c588f</ID> </Grantee> <Permission>FULL_CONTROL</Permission> </Grant> <Grant> <Grantee> <ID>fa558a82a84946sn98u30af195as3hi5</ID> </Grantee> <Permission>READ</Permission> </Grant> <Grant> <Grantee> <Canned>Everyone</Canned> </Grantee> <Permission>READ</Permission> </Grant> </AccessControlList> </AccessControlPolicy>
Sample Response: Configuring the ACL for a Specific Object Version
x-obs-id-2: 32AAAQAAEAABSAAgAAEAABAAAQAAEAABCSmpL2dv6zZLM2HmUrXKTAi258MPqmrp x-obs-request-id: 0000018A2A73AF59D3085C8F8ABF0C65 Server: OBS Content-Length: 0 Date: WED, 01 Jul 2015 02:37:22 GMT x-obs-version-id: G001118A6803675AFFFFD3043F7F91D0
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot