All Products
Search

This Product

    Object Storage Service:Manage the ACL of an object

    Document Center

    Object Storage Service:Manage the ACL of an object

    Last Updated:Oct 29, 2024

    In addition to bucket-level access control lists (ACLs), Object Storage Service (OSS) provides object-level ACLs. You can configure the ACL of an object when you upload the object or change the ACL of an uploaded object.

    Object ACLs

    The following table describes the ACLs that you can configure for an object.

    ACL

    Description

    Value

    Inherited from bucket

    The ACL of the object is the same as the ACL of the bucket in which the object is stored.

    default

    Private

    Only the object owner or authorized users have read and write permissions on the object.

    private

    Public read

    Only the object owner and authorized users have read and write permissions on the object. Other users have only read permissions on the object. Exercise caution when you set the ACL to this value.

    public-read

    Public read/write

    All users have read and write permissions on the object. Exercise caution when you set the ACL to this value.

    public-read-write

    Configure the ACL of an object

    The following sample code provides an example on how to configure the ACL of an object:

    const oss = require('ali-oss');

const client = oss({ 
  // Specify the region in which the bucket is located. For example, if the bucket is located in the China (Hangzhou) region, set the region to oss-cn-hangzhou. 
  region: 'yourregion',
  // Obtain access credentials from environment variables. Before you run the sample code, make sure that you have configured environment variables OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET. 
  accessKeyId: process.env.OSS_ACCESS_KEY_ID,
  accessKeySecret: process.env.OSS_ACCESS_KEY_SECRET,
  authorizationV4: true,
  // Specify the name of the bucket. 
  bucket: 'yourbucketname'
});
  
async function setACL() {
  try {
    // Specify the full path of the object. Do not include the bucket name in the full path. 
    await client.putACL('yourObjectName', 'private');
    console.log('Set ACL successfully');
  } catch (e) {
    console.error(e);
  }
}

setACL();

    Query the ACL of an object

    The following sample code provides an example on how to query the ACL of an object:

    const oss = require('ali-oss');

const client = oss({
  // Specify the region in which the bucket is located. For example, if the bucket is located in the China (Hangzhou) region, set the region to oss-cn-hangzhou. 
  region: 'yourregion',
  // Obtain access credentials from environment variables. Before you run the sample code, make sure that you have configured environment variables OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET. 
  accessKeyId: process.env.OSS_ACCESS_KEY_ID,
  accessKeySecret: process.env.OSS_ACCESS_KEY_SECRET,
  authorizationV4: true,
  // Specify the name of the bucket. 
  bucket: 'yourbucketname',
});
  
async function getACL() {
  try {
    // Specify the full path of the object. Do not include the bucket name in the full path. 
    const result = await client.getACL('yourObjectName');
    console.log(result.acl);
  } catch (e) {
    console.error(e);
  }
}

getACL();

    References

    • For the complete sample code that is used to manage the ACL of an object, visit GitHub.

    • For more information about the API operation that you can call to configure the ACL of an object, see PutObjectACL.

    • For more information about the API operation that you can call to query the ACL of an object, see GetObjectACL.