Obtaining an Object ACL (SDK for Python)
Function
This API returns the ACL of an object in a specified bucket.
Restrictions
- To obtain an object ACL, you must be the bucket owner or have the required permission (obs:object:GetObjectAcl in IAM or GetObjectAcl in a bucket policy). For details, see Introduction to OBS Access Control, IAM Custom Policies, and Configuring an Object Policy.
- The mapping between OBS regions and endpoints must comply with what is listed in Regions and Endpoints.
- To call this API, you must have the read permission on the ACL of the object.
Method
ObsClient.getObjectAcl(bucketName, objectKey, versionId)
Request Parameters
Parameter |
Type |
Mandatory (Yes/No) |
Description |
---|---|---|---|
bucketName |
str |
Yes |
Explanation: Bucket name Restrictions:
Default value: None |
objectKey |
str |
Yes |
Explanation: Object name. An object is uniquely identified by an object name in a bucket. An object name is a complete path that does not contain the bucket name. For example, if the address for accessing the object is examplebucket.obs.ap-southeast-1.myhuaweicloud.com/folder/test.txt, the object name is folder/test.txt. Value range: The value must contain 1 to 1,024 characters. Default value: None |
versionId |
str |
No |
Explanation: Object version ID, for example, G001117FCE89978B0000401205D5DC9A Value range: The value must contain 32 characters. Default value: None |
Responses
Type |
Description |
---|---|
Explanation: SDK common results |
Parameter |
Type |
Description |
---|---|---|
status |
int |
Explanation: HTTP status code Value range: A status code is a group of digits ranging from 2xx (indicating successes) to 4xx or 5xx (indicating errors). It indicates the status of a response. For more information, see Status Code. Default value: None |
reason |
str |
Explanation: Reason description. Default value: None |
errorCode |
str |
Explanation: Error code returned by the OBS server. If the value of status is less than 300, this parameter is left blank. Default value: None |
errorMessage |
str |
Explanation: Error message returned by the OBS server. If the value of status is less than 300, this parameter is left blank. Default value: None |
requestId |
str |
Explanation: Request ID returned by the OBS server Default value: None |
indicator |
str |
Explanation: Error indicator returned by the OBS server. Default value: None |
hostId |
str |
Explanation: Requested server ID. If the value of status is less than 300, this parameter is left blank. Default value: None |
resource |
str |
Explanation: Error source (a bucket or an object). If the value of status is less than 300, this parameter is left blank. Default value: None |
header |
list |
Explanation: Response header list, composed of tuples. Each tuple consists of two elements, respectively corresponding to the key and value of a response header. Default value: None |
body |
object |
Explanation: Result content returned after the operation is successful. If the value of status is larger than 300, this parameter is left blank. The value varies with the API being called. For details, see Bucket-Related APIs (SDK for Python) and Object-Related APIs (SDK for Python). Default value: None |
GetResult.body Type |
Description |
---|---|
Explanation: Access permissions on the object. For details, see Table 5. Default value: None |
Parameter |
Type |
Mandatory (Yes/No) |
Description |
---|---|---|---|
owner |
Yes if used as a request parameter |
Explanation: Bucket owner. For details, see Table 6. Restrictions: owner and grants must be used together and they cannot be used with ACL. Default value: None |
|
grants |
list of Grant |
Yes if used as a request parameter |
Explanation: List of grantees' permission information. For details, see Table 7. Default value: None |
delivered |
bool |
No if used as a request parameter |
Explanation: Whether the bucket ACL is applied to all objects in the bucket Value range: True: The bucket ACL is applied to all objects in the bucket. False: The bucket ACL is not applied to all objects in the bucket. Default value: False |
Parameter |
Type |
Mandatory (Yes/No) |
Description |
---|---|---|---|
owner_id |
str |
Yes if used as a request parameter |
Explanation: Account (domain) ID of the owner Value range: To obtain the account ID, see How Do I Get My Account ID and IAM User ID? (SDK for Python) Default value: None |
owner_name |
str |
No if used as a request parameter |
Explanation: Account name of the owner Value range: To obtain the account ID, see How Do I Get My Account ID and IAM User ID? (SDK for Python) Default value: None |
Parameter |
Type |
Mandatory (Yes/No) |
Description |
---|---|---|---|
grantee |
Yes if used as a request parameter |
Explanation: Grantee information. For details, see Table 9. Default value: None |
|
permission |
str |
Yes if used as a request parameter |
Explanation: Granted permission Value range: See Table 8. Default value: None |
delivered |
bool |
No if used as a request parameter |
Explanation: Whether the bucket ACL is applied to all objects in the bucket Value range: True: The bucket ACL is applied to all objects in the bucket. False: The bucket ACL is not applied to all objects in the bucket. Default value: False |
Constant |
Description |
---|---|
READ |
Read permission A grantee with this permission for a bucket can obtain the list of objects, multipart uploads, bucket metadata, and object versions in the bucket. A grantee with this permission for an object can obtain the object content and metadata. |
WRITE |
Write permission A grantee with this permission for a bucket can upload, overwrite, and delete any object or part in the bucket. Such permission for an object is not applicable. |
READ_ACP |
Permission to read ACL configurations A grantee with this permission can obtain the ACL of a bucket or object. A bucket or object owner has this permission for the bucket or object permanently. |
WRITE_ACP |
Permission to modify ACL configurations A grantee with this permission can update the ACL of a bucket or object. A bucket or object owner has this permission for the bucket or object permanently. A grantee with this permission can modify the access control policy and thus the grantee obtains full access permissions. |
FULL_CONTROL |
Full control access, including read and write permissions for a bucket and its ACL, or for an object and its ACL. A grantee with this permission for a bucket has READ, WRITE, READ_ACP, and WRITE_ACP permissions for the bucket. A grantee with this permission for an object has READ, READ_ACP, and WRITE_ACP permissions for the object. |
Parameter |
Type |
Mandatory (Yes/No) |
Description |
---|---|---|---|
grantee_id |
str |
Yes if the parameter is used as a request parameter and group is left blank |
Explanation: Account (domain) ID of the grantee Value range: To obtain an account ID, see Obtaining the Account ID. Default value: None |
grantee_name |
str |
No if used as a request parameter |
Explanation: Account name of the grantee Restrictions:
Default value: None |
group |
str |
Yes if the parameter is used as a request parameter and grantee_id is left blank |
Explanation: Authorized user group Value range: See Table 10. Default value: None |
Code Examples
This example returns the object ACL information of object objectname.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
from obs import ObsClient import os import traceback # Obtain an AK and SK pair using environment variables or import the AK and SK pair in other ways. Using hard coding may result in leakage. # Obtain an AK and SK pair on the management console. For details, see https://support.huaweicloud.com/intl/en-us/usermanual-ca/ca_01_0003.html. ak = os.getenv("AccessKeyID") sk = os.getenv("SecretAccessKey") # (Optional) If you use a temporary AK and SK pair and a security token to access OBS, obtain them from environment variables. security_token = os.getenv("SecurityToken") # Set server to the endpoint corresponding to the bucket. Here uses CN-Hong Kong as an example. Replace it with the one in use. server = "https://obs.ap-southeast-1.myhuaweicloud.com" # Create an obsClient instance. # If you use a temporary AK and SK pair and a security token to access OBS, you must specify security_token when creating an instance. obsClient = ObsClient(access_key_id=ak, secret_access_key=sk, server=server) try: bucketName = "examplebucket" objectKey = "objectname" # Obtain the object ACL. resp = obsClient.getObjectAcl(bucketName, objectKey) # If status code 2xx is returned, the API is called successfully. Otherwise, the API call fails. if resp.status < 300: print('Get Object Acl Succeeded') print('requestId:', resp.requestId) print('owner_id:', resp.body.owner.owner_id) print('owner_name:', resp.body.owner.owner_name) index = 1 for grant in resp.body.grants: print('grant [' + str(index) + ']') print('grantee_id:', grant.grantee.grantee_id) print('grantee_name:', grant.grantee.grantee_name) print('group:', grant.grantee.group) print('permission:', grant.permission) index += 1 else: print('Get Object Acl Failed') print('requestId:', resp.requestId) print('errorCode:', resp.errorCode) print('errorMessage:', resp.errorMessage) except: print('Get Object Acl Failed') print(traceback.format_exc()) |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot