Set Permission to Access Object
Interface Description
This command is used to set the access control of an object. At present, ACL can be set for BOS in two ways. The first method is to use the Canned ACL. The object access control is set through "x-bce-acl" or "x-bce-grant-permission" in the header field during PutObjectAcl. At present, the settable access control includes private and public-read. Two types of headers cannot appear in a request at the same time. The second method is to upload an ACL file. For the file format, see ACL File Format. At present, the ACL file only supports accessControlList, grantee, id, and permission fields.
At present, you cannot set Canned ACL and upload the ACL file in the same request.
Considerations
- Only the bucket owner and the user with the FULL_CONTROL permission can set the object ACL.
- The object ACL is empty by default during the object upload. If failed to set the object ACL, that is, when the object ACL is empty, the bucket ACL should prevail by default.
- When the object ACL is not consistent with the bucket ACL, the object ACL should prevail.
- The object ACL cannot be set when the archive storage object is not restored or the archive file is just uploaded. For the duration, see the restoration duration.
Request URI
PUT /v1/{bucketName}/{objectKey}?acl
Request Header Parameters
| Parameter Name | Parameter type | Required | Description | Example value |
|---|---|---|---|---|
| xBceAcl | String | No | ACL set for object, which can be private and public-read. | "xBceAcl_example" |
| xBceGrantRead | String | No | Object ID authorized to read, which supports multiple IDs separated by commas. | "xBceGrantRead_example" |
| xBceGrantFullControl | String | No | Object ID with access control granted, which supports multiple IDs separated by commas. | "xBceGrantFullControl_example" |
Request Body Parameters
None
Response Body Parameters
None
Request Example
None
Response Example
None
Error Code
Refer to the universal error code.