Object Privilege Control
Last Updated:2020-10-23
Basic Introduction
At present, BOS also provides object level fine grain access control, that is, different objects in the bucket have different access control privileges for different users. Users can control the access privilege of a single object by CannedACL and ACL files. At present, object supports READ and FULL_CONTROL privilege types.
Note
- By default, the ACL of the newly created object is empty, and the bucket ACL is used for user access.
- In case the object does not have privilege set, the object ACL is empty, and it is subject to bucket privilege by default.
- The priority of the object ACL is higher than that of the bucket ACL. For example, the user has set the privilege of the object to be public-read. No matter what the privilege of the bucket is, the object can be accessed.
- At present, the object ACL authentication is only valid for GetobjectMeta, Getobject, Copyobject and UploadPartCopy interfaces.
- To obtain, set and delete an object Acl, you need to have the FULL_CONTROL privilege of the object. In case the object ACL is empty, it is needed to have the FULL_CONTROL privilege of the bucket or the user is the bucket Owner.