This topic was translated by AI and is currently in queue for revision by our editors. Alibaba Cloud does not guarantee the accuracy of AI-translated content. Request expedited revision
Home PageObject Storage ServiceDeveloper ReferenceDeveloper GuideAPI ReferenceObject operationsACLGetObjectACL
Search for Help Content

GetObjectACL

Updated at: 2025-02-18 03:29
Product
Community

Use the GetObjectACL operation to retrieve the access control list (ACL) for a file (Object) within a bucket.

Versioning

By default, invoking the GetObjectACL operation retrieves the ACL for the current version of the object. To access the ACL of a specific version, include the versionId parameter. If the specified version is a delete marker, OSS will return a 404 Not Found error.

Note

If an object has not been assigned an ACL, invoking the GetObjectACL operation will return 'default' as the ObjectACL, indicating that the object inherits the bucket's ACL settings. For instance, if the bucket's access privileges are set to private, the object's access privileges will also be private.

Request syntax

GET /ObjectName?acl HTTP/1.1
Host: BucketName.oss-cn-hangzhou.aliyuncs.com
Date: GMT Date
Authorization: SignatureValue

Request headers

All headers in a DescribeRegions request are common request headers. For more information, see Common request headers.

Response headers

The response to a CopyObject request contains only common response headers. For more information, see Common response headers.

Response elements

Name

Type

Sample value

Description

Name

Type

Sample value

Description

AccessControlList

Container

N/A

The container that stores the ACL information.

Parent node: AccessControlPolicy

AccessControlPolicy

Container

N/A

The container that stores the results of the GetObjectACL request.

Parent node: None

DisplayName

String

0022012****

The name of the bucket owner, which is the same as the user ID.

Parent node: AccessControlPolicy.Owner

Grant

Enumerated string

private

The ACL of the object.

Valid values:

  • default (default): inherit bucket ACL

  • private: private

  • public-read: public-read

  • public-read-write: public-read-write

Parent node: AccessControlPolicy.AccessControlList

ID

String

0022012****

The user ID of the bucket owner.

Parent node: AccessControlPolicy.Owner

Owner

Container

N/A

The container that stores information about the bucket owner.

Parent node: AccessControlPolicy

Examples

  • Unversioned

    Sample Request

    GET /test-object?acl HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Date: Wed, 29 Apr 2015 05:21:12 GMT
Authorization: OSS qn6q**************:77Dv****************

    Sample Response

    HTTP/1.1 200 OK
x-oss-request-id: 559CC9BDC755F95A64485981
Date: Wed, 29 Apr 2015 05:21:12 GMT
Content-Length: 253
Content-Type: application/xml
Connection: keep-alive
Server: AliyunOSS

<?xml version="1.0" ?>
<AccessControlPolicy>
    <Owner>
        <ID>0022012****</ID>
        <DisplayName>0022012****</DisplayName>
    </Owner>
    <AccessControlList>
        <Grant>public-read </Grant>
    </AccessControlList>
</AccessControlPolicy>

  • Versioned

    Sample Request

    GET /example?acl&versionId=CAEQMhiBgMC1qpSD0BYiIGQ0ZmI5ZDEyYWVkNTQwMjBiNTliY2NjNmY3ZTVk**** HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Date: Tue, 09 Apr 2019 06:30:10 GMT
Authorization: OSS qn6q**************:77Dv****************

    Sample Response

    HTTP/1.1 200 OK
x-oss-version-id: CAEQMhiBgMC1qpSD0BYiIGQ0ZmI5ZDEyYWVkNTQwMjBiNTliY2NjNmY3ZTVk****
x-oss-request-id: 5CAC3BF2B7AEADE017000621
Date: Tue, 09 Apr 2019 06:30:10 GMT
Content-Length: 261
Content-Type: application/xml
Connection: keep-alive
Server: AliyunOSS

<?xml version="1.0" encoding="UTF-8"?>
<AccessControlPolicy>
  <Owner>
    <ID>1234513715092****</ID>
    <DisplayName>1234513715092****</DisplayName>
  </Owner>
  <AccessControlList>
    <Grant>public-read</Grant>
  </AccessControlList>
</AccessControlPolicy>

SDKs

The GetObjectACL operation can be called using OSS SDKs for the following programming languages:

Command line tool ossutil

For the ossutil command corresponding to the GetObjectACL operation, refer to get-object-acl.

Error codes

Error code

HTTP status code

Error message

Description

Error code

HTTP status code

Error message

Description

AccessDenied

403

You do not have read acl permission on this object.

You do not have the permissions to perform the operation. Only the bucket owner has permissions to call the GetObjectACL operation to query the ACL of an object in the bucket.

FileAlreadyExists

409

The object you specified already exists and is a directory.

The error message returned because the object whose ACL you want to query is a directory in a bucket for which the hierarchical namespace feature is enabled.

Previous: PutObjectACLNext: Symbolic link
  • On this page (1)
  • Versioning
  • Request syntax
  • Request headers
  • Response headers
  • Response elements
  • Examples
  • SDKs
  • Command line tool ossutil
  • Error codes
Feedback
phone Contact Us

Chat now with Alibaba Cloud Customer Service to assist you in finding the right products and services to meet your needs.

alicare alicarealicarealicare