Queries the access control list (ACL) of an object in a bucket.
Versioning
By default, when you call the GetObjectACL operation to query the ACL of an object, only the ACL of the current version of the object is returned. You can specify the versionId parameter in the request to query the ACL of a specified version of an object. If the specified version is a delete marker, Object Storage Service (OSS) returns 404 Not Found.
If you call the GetObjectACL operation to query the ACL of an object for which no ACL is configured, OSS returns the default ACL of this object. In this case, the ACL of this object is the same as the ACL of the bucket in which the object is stored. For example, if the ACL of the bucket in which the object is stored is private, the ACL of the object is also private.
Request syntax
GET /ObjectName?acl HTTP/1.1
Host: BucketName.oss-cn-hangzhou.aliyuncs.com
Date: GMT Date
Authorization: SignatureValueRequest headers
This request contains only common request headers. For more information, see Common HTTP headers.
Response headers
This request contains only common response headers. For more information, see Common HTTP headers.
Response elements
Element | Type | Description |
AccessControlList | Container | The container that stores the ACL information. Parent nodes: AccessControlPolicy |
AccessControlPolicy | Container | The container that stores the results of the GetObjectACL request. Parent nodes: none |
DisplayName | String | The name of the bucket owner, which is the same as the user ID. Parent nodes: AccessControlPolicy.Owner |
Grant | Enumerated string | The ACL of the object. Default value: default. Valid values:
Parent nodes: AccessControlPolicy.AccessControlList |
ID | String | The user ID of the bucket owner. Parent nodes: AccessControlPolicy.Owner |
Owner | Container | The container that stores the information about the bucket owner. Parent nodes: AccessControlPolicy |
Examples
Query the ACL of an object in an unversioned bucket
Sample requests
GET /test-object?acl HTTP/1.1 Host: oss-example.oss-cn-hangzhou.aliyuncs.com Date: Wed, 29 Apr 2015 05:21:12 GMT Authorization: OSS qn6q**************:77Dv****************Sample responses
HTTP/1.1 200 OK x-oss-request-id: 559CC9BDC755F95A64485981 Date: Wed, 29 Apr 2015 05:21:12 GMT Content-Length: 253 Content-Type: application/xml Connection: keep-alive Server: AliyunOSS <?xml version="1.0" ?> <AccessControlPolicy> <Owner> <ID>00220120222</ID> <DisplayName>00220120222</DisplayName> </Owner> <AccessControlList> <Grant>public-read </Grant> </AccessControlList> </AccessControlPolicy>Query the ACL of an object in a versioned bucket
Sample requests
GET /example?acl&versionId=CAEQMhiBgMC1qpSD0BYiIGQ0ZmI5ZDEyYWVkNTQwMjBiNTliY2NjNmY3ZTVk**** HTTP/1.1 Host: oss-example.oss-cn-hangzhou.aliyuncs.com Date: Tue, 09 Apr 2019 06:30:10 GMT Authorization: OSS qn6q**************:77Dv****************Sample responses
HTTP/1.1 200 OK x-oss-version-id: CAEQMhiBgMC1qpSD0BYiIGQ0ZmI5ZDEyYWVkNTQwMjBiNTliY2NjNmY3ZTVk**** x-oss-request-id: 5CAC3BF2B7AEADE017000621 Date: Tue, 09 Apr 2019 06:30:10 GMT Content-Length: 261 Content-Type: application/xml Connection: keep-alive Server: AliyunOSS <?xml version="1.0" encoding="UTF-8"?> <AccessControlPolicy> <Owner> <ID>1234513715092****</ID> <DisplayName>1234513715092****</DisplayName> </Owner> <AccessControlList> <Grant>public-read</Grant> </AccessControlList> </AccessControlPolicy>
SDK
You can use OSS SDKs for the following programming languages to call the GetObjectACL operation:
Error codes
Error code | HTTP status code | Error message | Description |
AccessDenied | 403 | You do not have read acl permission on this object. | The error message returned because you are not authorized to perform the GetObjectACL operation. Only the bucket owner has permissions to call the GetObjectACL operation to query the ACL of an object in the bucket. |
FileAlreadyExists | 409 | The object you specified already exists and is a directory. | The error message returned because the object whose ACL you want to query is a directory in a bucket for which the hierarchical namespace feature is enabled. |