You can set the access control list (ACL) of an object to one of the following values: Inherited from bucket, Private, Public Read, and Public Read/Write. This topic describes how to manage the ACL of an object.
Usage notes
Before you run the sample code in this topic, you must create an OSSClient instance by using methods such as using a custom domain name or Security Token Service (STS). For more information, see Initialization.
Object ACLs
ACL | Description | Value |
Inherited from bucket | The ACL of the object is the same as the ACL of the bucket in which the object is stored. | default |
Private | Only the object owner and authorized users have read and write permissions on the object. | private |
Public read | Only the object owner and authorized users have read and write permissions on the object. All users have read permissions on the object. Exercise caution when you set the object ACL to this value. | public-read |
Public read/write | All users have read and write permissions on the object. Exercise caution when you set the object ACL to this value. | public-read-write |
The ACL of an object takes precedence over the ACL of the bucket in which the object is stored. For example, if the ACL of a bucket is private and the ACL of an object in the bucket is public read/write, all users are granted the read and write permissions on the object. If the ACL of an object is not configured, the ACL of the object is the same as that of the bucket in which the object is stored.
Configure the ACL of an object
The following sample code provides an example on how to set the ACL of the exampleobject.txt object in a bucket named examplebucket to private:
OSSPutObjectACLRequest *request = [OSSPutObjectACLRequest new];
// Specify the name of the bucket. Example: examplebucket.
request.bucketName = @"examplebucket";
// Specify the full path of the object. Do not include the bucket name in the full path. Example: exampleobject.txt.
request.objectKey = @"exampleobject.txt";
/**
* Configure the object ACL.
* public-read
* private
* public-read-write
* default
*/
request.acl = @"private";
OSSTask * putObjectACLTask = [client putObjectACL:request];
[putObjectACLTask continueWithBlock:^id(OSSTask *task) {
if (!task.error) {
NSLog(@"put object ACL success!");
} else {
NSLog(@"put object ACL failed, error: %@", task.error);
}
return nil;
}];
// Implement synchronous blocking to wait for the task to complete.
// [putObjectACLTask waitUntilFinished];Query the ACL of an object
The following sample code provides an example on how to query the ACL of an object named exampleobject.txt in a bucket named examplebucket:
OSSGetObjectACLRequest *request = [OSSGetObjectACLRequest new];
// Specify the name of the bucket. Example: examplebucket.
request.bucketName = @"examplebucket";
// Specify the full path of the object. Do not include the bucket name in the full path. Example: exampleobject.txt.
request.objectName = @"exampleobject.txt";
OSSTask * getObjectACLTask = [client getObjectACL:request];
[getObjectACLTask continueWithBlock:^id(OSSTask *task) {
if (!task.error) {
OSSGetObjectACLResult *result = task.result;
NSLog(@"objectACL: %@", result.grant);
} else {
NSLog(@"get object ACL failed, error: %@", task.error);
}
return nil;
}];
// Implement synchronous blocking to wait for the task to complete.
// [putObjectACLTask waitUntilFinished];References
For more information about the API operation that you can call to configure the ACL of an object, see PutObjectACL.
For more information about the API operation that you can call to query the ACL of an object, see GetObjectACL.
For more information about how to initialize an OSSClient instance, see Initialization.