更新时间:2025-05-16 GMT+08:00
管理对象ACL
访问控制列表(Access Control List,ACL)用于资源拥有者给其他账号授予资源的访问权限。默认情况下,创建存储桶或对象时仅资源拥有者对资源的完全控制权限,即桶创建者对桶拥有完全控制权限,对象上传者对对象拥有完全控制权限,而其他账号默认无权访问资源。如果资源拥有者想授予其他账号资源的读写权限,可以使用ACL实现。OBS桶和对象的ACL是基于账号进行授权,授权后对账号和账号下的IAM用户都生效。
了解更多可参见ACL权限控制方式介绍。
对象ACL可以通过三种方式设置:
- 上传对象时指定预定义ACL。
- 调用ObsClient.SetObjectAcl指定预定义ACL。
- 调用ObsClient.SetObjectAcl自定义设置ACL。
上传对象时指定预定义ACL
以下代码展示如何在上传对象时指定预定义ACL:
// 初始化配置参数 ObsConfig config = new ObsConfig(); config.Endpoint = "https://your-endpoint"; // 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量AccessKeyID和SecretAccessKey。 // 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html string accessKey= Environment.GetEnvironmentVariable("AccessKeyID", EnvironmentVariableTarget.Machine); string secretKey= Environment.GetEnvironmentVariable("SecretAccessKey", EnvironmentVariableTarget.Machine); // 创建ObsClient实例 ObsClient client = new ObsClient(accessKey, secretKey, config); // 上传对象设置预定义ACL try { PutObjectRequest request = new PutObjectRequest { BucketName = "bucketname", ObjectKey = "objectname", // 设置对象ACL为公共读写 CannedAcl = CannedAclEnum.PublicReadWrite, }; PutObjectResponse response = client.PutObject(request); Console.WriteLine("Set object ac response: {0}", response.StatusCode); } catch (ObsException ex) { Console.WriteLine("ErrorCode: {0}", ex.ErrorCode); Console.WriteLine("ErrorMessage: {0}", ex.ErrorMessage); }
为对象设置预定义ACL
以下代码展示如何为对象设置预定义ACL:
// 初始化配置参数 ObsConfig config = new ObsConfig(); config.Endpoint = "https://your-endpoint"; // 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量AccessKeyID和SecretAccessKey。 // 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html string accessKey= Environment.GetEnvironmentVariable("AccessKeyID", EnvironmentVariableTarget.Machine); string secretKey= Environment.GetEnvironmentVariable("SecretAccessKey", EnvironmentVariableTarget.Machine); // 创建ObsClient实例 ObsClient client = new ObsClient(accessKey, secretKey, config); // 为对象设置预定义ACL try { SetObjectAclRequest request = new SetObjectAclRequest(); request.BucketName = "bucketname"; request.ObjectKey = "objectname"; request.CannedAcl = CannedAclEnum.PublicRead; SetObjectAclResponse response = client.SetObjectAcl(request); Console.WriteLine("Set object acl response: {0}", response.StatusCode); } catch (ObsException ex) { Console.WriteLine("ErrorCode: {0}", ex.ErrorCode); Console.WriteLine("ErrorMessage: {0}", ex.ErrorMessage); }
自定义设置对象ACL
以下代码展示如何直接设置对象ACL:
// 初始化配置参数 ObsConfig config = new ObsConfig(); config.Endpoint = "https://your-endpoint"; // 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量AccessKeyID和SecretAccessKey。 // 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html string accessKey= Environment.GetEnvironmentVariable("AccessKeyID", EnvironmentVariableTarget.Machine); string secretKey= Environment.GetEnvironmentVariable("SecretAccessKey", EnvironmentVariableTarget.Machine); // 创建ObsClient实例 ObsClient client = new ObsClient(accessKey, secretKey, config); // 自定义设置对象ACL try { SetObjectAclRequest request = new SetObjectAclRequest(); request.BucketName = "bucketname"; request.ObjectKey = "objectname"; request.AccessControlList = new AccessControlList(); Owner owner = new Owner(); owner.Id = "owerid"; request.AccessControlList.Owner = owner; Grant item = new Grant(); item.Permission = PermissionEnum.FullControl; item.Grantee = new GroupGrantee(GroupGranteeEnum.AllUsers); request.AccessControlList.Grants.Add(item); SetObjectAclResponse response = client.SetObjectAcl(request); Console.WriteLine("Set object acl response: {0}", response.StatusCode); } catch (ObsException ex) { Console.WriteLine("ErrorCode: {0}", ex.ErrorCode); Console.WriteLine("ErrorMessage: {0}", ex.ErrorMessage); }

ACL中需要填写的所有者(Owner)或者被授权用户(Grantee)的ID,是指用户的账号ID,可通过OBS控制台“我的凭证”页面查看。
获取对象ACL
您可以通过ObsClient.GetObjectAcl获取对象ACL。以下代码展示如何获取对象ACL:
// 初始化配置参数 ObsConfig config = new ObsConfig(); config.Endpoint = "https://your-endpoint"; // 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量AccessKeyID和SecretAccessKey。 // 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html string accessKey= Environment.GetEnvironmentVariable("AccessKeyID", EnvironmentVariableTarget.Machine); string secretKey= Environment.GetEnvironmentVariable("SecretAccessKey", EnvironmentVariableTarget.Machine); // 创建ObsClient实例 ObsClient client = new ObsClient(accessKey, secretKey, config); // 获取对象ACL try { GetObjectAclRequest request = new GetObjectAclRequest(); request.BucketName = "bucketname"; request.ObjectKey = "objectname"; GetObjectAclResponse response = client.GetObjectAcl(request); Console.WriteLine("Get bucket acl response: {0}", response.StatusCode); foreach(Grant grant in response.AccessControlList.Grants) { if(grant.Grantee is CanonicalGrantee) { Console.WriteLine("Grantee id: {0}", (grant.Grantee as CanonicalGrantee).Id); }else if(grant.Grantee is GroupGrantee) { Console.WriteLine("Grantee type: {0}", (grant.Grantee as GroupGrantee).GroupGranteeType); } Console.WriteLine("Grant permission: {0}", grant.Permission); } } catch (ObsException ex) { Console.WriteLine("ErrorCode: {0}", ex.ErrorCode); Console.WriteLine("ErrorMessage: {0}", ex.ErrorMessage); }
父主题: 管理对象