This interface is used to set the access control of the bucket. At present, ACL can be set for BOS in two ways. The first one is to set ACL through “x-bce-acl" in the header field using CannedAcl during PutBucketAcl. At present, the settable access control includes private, public-read, and public-read-write (case sensitive). The second one is to upload an ACL file. For the file format, see ACL File Format.
Considerations
Setting the "x-bce-acl" and uploading the ACL file in the same request are not supported for the BOS system.
Only the bucket owner and the user with the FULL_CONTROL permission can set the object ACL.
The bucket ACL is set to private by default during the creation of the bucket.
Request URI
PUT /v1/{bucketName}/?acl
Parameter Name
Parameter Type
Required
Description
Example Value
Parameter Position
bucketName
String
Yes
Bucket name
"bucketName_example"
Path
Request Header Parameters
Parameter Name
Parameter type
Required
Description
Example value
xBceAcl
String
No
The ACL set by the bucket supports private, public-read, and public-read-write.
"xBceAcl_example"
Request Body Parameters
Instructions for Data Structure of Request Body Field
Parameter Name
Parameter Type
Required?
Description
Example Value
accessControlList
List
No
It identifies the beginning of the ACL body, and it consists of one or more ACL configuration items. The ACL configuration item is composed of grantee+permission+resource+condition.
Data Structure Description of AccessControlList Field
Parameter Name
Parameter Type
Required?
Description
Example Value
effect
String
No
Specify whether to run the Request matching the acl configuration item. The value is “Allow” or “Deny”. “Allow” indicates that the request is executeale, and “Deny” indicates that the request is denied for execution.
Allow
grantee
List
Yes
Identify the grantee.
permission
List
Yes
Permission affected by the ACL configuration item. The optional values include READ, LIST, WRITE, and GetObject. For the detailed explanation of the permission, see Permission Supported by Bucket ACL.
resource
List
No
Resource affected by ACL configuration item, which represents the access control set for the resource within the specified range of resources. The wildcard is supported, e.g., /or /xxx. If the resource field is not entered or the bucket name is entered, it is equivalent to setting the Resource field to [, /_]. That is, the access control is set for buckets and all objects.
notResouce
String
No
Resource affected by ACL configuration item, which represents the access control set for the resource outside the specified range of notResource. The wildcard is supported. For example, / or /xxx*, which represents the access control set for the objects other than ObjectKey in BucketName or other than those with the prefix XXX. If the notResource field is not entered, it is equivalent to that notResource is not configured. That is, the default configuration is adopted, and the access control is set for buckets and all objects.
condition
Condition
No
Limitation condition contained in the ACL configuration item, which can be configured with the IP address and referer list.
Data Structure Description of Grantee Field
Parameter Name
Parameter type
Required
Description
Example value
id
String
No
It identifies the account ID of grantee. You can log in to the console and click “User Information” -> “Basic Information” under the account name to view the user account ID.
10eb6f5ff6ff4605bf044313e8f3ffa5
Data Structure Description of Condition Field
Parameter Name
Parameter Type
Required
Description
Example Value
currentTime
CurrentTime
No
Time limitation condition contained in the condition configuration item, which supports the configuration of "dateLessThan", "dateLessThanEquals", "dateGreaterThan", and "dateGreaterThanEquals". You can select any number of four configuration items for setting. The valid matching condition is that all configuration item settings need to be matched.
secureTransport
Boolean
No
Identify whether only the HTTPS access is allowed. The optional values include "true" and "false". If it is not set, it is considered as "false". When it is set to "true", it indicates that only the HTTPS access is allowed.
true
ipAddress
List
No
Identify the IP with access control granted.
referer
Referer
No
Identify the referer with access control granted.
Data Structure Description of CurrentTime Field
Parameter Name
Parameter Type
Required?
Description
Example Value
dateLessThan
String
No
2020-07-01T12:00:00Z
dateGreaterThan
String
No
2018-03-01T15:00:00Z
Data Structure Description of Referer Field
Parameter Name
Parameter Type
Required?
Description
Example Value
stringLike
List
No
stringEquals
List
No
Response Body Parameters
None
Request Example
PUT /v1/bucketName_example/?acl
Common Request Header
x-bce-acl: xBceAcl_example
{"accessControlList":[{"notResouce":"notResouce","condition":{"currentTime":{"dateLessThan":"2020-07-01T12:00:00Z","dateGreaterThan":"2018-03-01T15:00:00Z"},"secureTransport":true,"referer":{"stringLike":["http://www.abc.com/*"],"stringEquals":["http://www.abc.com"]},"ipAddress":["192.168.1.1"]},"resource":["bucket1/*"],"effect":"Allow","grantee":[{"id":"10eb6f5ff6ff4605bf044313e8f3ffa5"}],"permission":["FULL_CONTROL"]}]}