更新时间:2025-05-16 GMT+08:00

管理对象ACL

访问控制列表(Access Control List,ACL)用于资源拥有者给其他账号授予资源的访问权限。默认情况下,创建存储桶或对象时仅资源拥有者对资源的完全控制权限,即桶创建者对桶拥有完全控制权限,对象上传者对对象拥有完全控制权限,而其他账号默认无权访问资源。如果资源拥有者想授予其他账号资源的读写权限,可以使用ACL实现。OBS桶和对象的ACL是基于账号进行授权,授权后对账号和账号下的IAM用户都生效。

了解更多可参见ACL权限控制方式介绍

开发过程中,您有任何问题可以在github上提交issue接口参考文档详细介绍了每个接口的参数和使用方法。

对象ACL可以通过三种方式设置:

  1. 上传对象时指定预定义ACL。
  2. 调用ObsClient.SetObjectAcl指定预定义ACL。
  3. 调用ObsClient.SetObjectAcl自定义设置ACL。

上传对象时指定预定义ACL

以下代码展示如何在上传对象时指定预定义ACL:

// 初始化配置参数
ObsConfig config = new ObsConfig();
config.Endpoint = "https://your-endpoint";
// 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量AccessKeyID和SecretAccessKey。
// 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html
string accessKey= Environment.GetEnvironmentVariable("AccessKeyID", EnvironmentVariableTarget.Machine);
string secretKey= Environment.GetEnvironmentVariable("SecretAccessKey", EnvironmentVariableTarget.Machine);
// 创建ObsClient实例
ObsClient client = new ObsClient(accessKey, secretKey, config);
// 上传对象设置预定义ACL
try
{
    PutObjectRequest request = new PutObjectRequest
    {
        BucketName = "bucketname",
        ObjectKey = "objectname",
        // 设置对象ACL为公共读写        
        CannedAcl = CannedAclEnum.PublicReadWrite,
    };
    PutObjectResponse response = client.PutObject(request);
    Console.WriteLine("Set object ac response: {0}", response.StatusCode);
}
catch (ObsException ex)
{
   Console.WriteLine("ErrorCode: {0}", ex.ErrorCode);
   Console.WriteLine("ErrorMessage: {0}", ex.ErrorMessage);
} 

为对象设置预定义ACL

以下代码展示如何为对象设置预定义ACL:

// 初始化配置参数
ObsConfig config = new ObsConfig();
config.Endpoint = "https://your-endpoint";
// 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量AccessKeyID和SecretAccessKey。
// 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html
string accessKey= Environment.GetEnvironmentVariable("AccessKeyID", EnvironmentVariableTarget.Machine);
string secretKey= Environment.GetEnvironmentVariable("SecretAccessKey", EnvironmentVariableTarget.Machine);
// 创建ObsClient实例
ObsClient client = new ObsClient(accessKey, secretKey, config);
// 为对象设置预定义ACL
try
{
    SetObjectAclRequest request = new SetObjectAclRequest();
    request.BucketName = "bucketname";
    request.ObjectKey = "objectname";
    request.CannedAcl = CannedAclEnum.PublicRead;
    SetObjectAclResponse response = client.SetObjectAcl(request);
    Console.WriteLine("Set object acl response: {0}", response.StatusCode);
}
catch (ObsException ex)
{
   Console.WriteLine("ErrorCode: {0}", ex.ErrorCode);
   Console.WriteLine("ErrorMessage: {0}", ex.ErrorMessage);
} 

自定义设置对象ACL

以下代码展示如何直接设置对象ACL:

// 初始化配置参数
ObsConfig config = new ObsConfig();
config.Endpoint = "https://your-endpoint";
// 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量AccessKeyID和SecretAccessKey。
// 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html
string accessKey= Environment.GetEnvironmentVariable("AccessKeyID", EnvironmentVariableTarget.Machine);
string secretKey= Environment.GetEnvironmentVariable("SecretAccessKey", EnvironmentVariableTarget.Machine);
// 创建ObsClient实例
ObsClient client = new ObsClient(accessKey, secretKey, config);
// 自定义设置对象ACL
try
{
    SetObjectAclRequest request = new SetObjectAclRequest();
    request.BucketName = "bucketname"; 
    request.ObjectKey = "objectname";
    request.AccessControlList = new AccessControlList();
    Owner owner = new Owner();
    owner.Id = "owerid";
    request.AccessControlList.Owner = owner;
    Grant item = new Grant();
    item.Permission = PermissionEnum.FullControl;
    item.Grantee = new GroupGrantee(GroupGranteeEnum.AllUsers);
    request.AccessControlList.Grants.Add(item);
    SetObjectAclResponse response = client.SetObjectAcl(request);
    Console.WriteLine("Set object acl response: {0}", response.StatusCode);
}
catch (ObsException ex)
{
   Console.WriteLine("ErrorCode: {0}", ex.ErrorCode);
   Console.WriteLine("ErrorMessage: {0}", ex.ErrorMessage);
} 

ACL中需要填写的所有者(Owner)或者被授权用户(Grantee)的ID,是指用户的账号ID,可通过OBS控制台“我的凭证”页面查看。

获取对象ACL

您可以通过ObsClient.GetObjectAcl获取对象ACL。以下代码展示如何获取对象ACL:
// 初始化配置参数
ObsConfig config = new ObsConfig();
config.Endpoint = "https://your-endpoint";
// 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量AccessKeyID和SecretAccessKey。
// 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html
string accessKey= Environment.GetEnvironmentVariable("AccessKeyID", EnvironmentVariableTarget.Machine);
string secretKey= Environment.GetEnvironmentVariable("SecretAccessKey", EnvironmentVariableTarget.Machine);
// 创建ObsClient实例
ObsClient client = new ObsClient(accessKey, secretKey, config);
// 获取对象ACL
try
{
    GetObjectAclRequest request = new GetObjectAclRequest();
    request.BucketName = "bucketname";
    request.ObjectKey = "objectname";
    GetObjectAclResponse response = client.GetObjectAcl(request);
    Console.WriteLine("Get bucket acl response: {0}", response.StatusCode);
    foreach(Grant grant in response.AccessControlList.Grants)
    {
        if(grant.Grantee is CanonicalGrantee)
        {
              Console.WriteLine("Grantee id: {0}", (grant.Grantee as CanonicalGrantee).Id);
        }else if(grant.Grantee is GroupGrantee)
        {
              Console.WriteLine("Grantee type: {0}", (grant.Grantee as GroupGrantee).GroupGranteeType);
        }
              Console.WriteLine("Grant permission: {0}", grant.Permission);
        }
    }
catch (ObsException ex)
{
    Console.WriteLine("ErrorCode: {0}", ex.ErrorCode);
    Console.WriteLine("ErrorMessage: {0}", ex.ErrorMessage);
}