Object permission control
Set access permission for an object.
Currently, BOS supports two methods for setting ACLs. The first method is to use Canned ACL. During PutObjectAcl, the object access permission is set via the header "x-bce-acl" or "x-bce-grant-permission". Currently configurable permissions include private and public-read. The two types of headers cannot appear in the same request simultaneously. The second method is to upload an ACL file. For details, refer to Setting Object Permission Control..
-
Set object access permissions by using the "x-bce-acl" header field
Plain Text1// Can only be one of private, public-read, and public-read-write 2let cannedAcl = "private"; 3// cannel acl 4try { 5 await bosClient.putObjectAcl(bucketName, objectName, cannedAcl); 6 logger.info("put object acl success"); 7} catch (bosResponse) { 8 logger.error(`errCode: ${bosResponse.error.code}`) 9 logger.error(`requestId: ${bosResponse.error.requestId}`) 10 logger.error(`errMessage: ${bosResponse.error.message}`) 11 logger.error(`statusCode: ${bosResponse.statusCode}`) 12} -
Set fine-grained permissions
import { ObjectAclConf } from "bos/src/main/ets/bos/api/DataType"
// Grant read permission to user e13b12d0131b4c8bae959df4969387b8 let acl =
{ "accessControlList":[ { "grantee":[{ "id":"e13b12d0131b4c8bae959df4969387b8" }], "permission":["READ"] } ] }let objectAclConf = JSON.parse(acl) as ObjectAclConf;try { await bosClient.putObjectAcl(bucketName, objectName, undefined, undefined, undefined, objectAclConf); logger.info("put object acl success"); } catch (bosResponse) { logger.error(
errCode: ${bosResponse.error.code}) logger.error(requestId: ${bosResponse.error.requestId}) logger.error(errMessage: ${bosResponse.error.message}) logger.error(statusCode: ${bosResponse.statusCode}) }
View object permissions
Example code
1let objectAclConf: ObjectAclConf;
2
3try {
4 objectAclConf = await bosClient.getObjectAcl(bucketName, objectName);
5 logger.info(`get object acl success, info : ${JSON.stringify(objectAclConf)}`)
6} catch (bosResponse) {
7 logger.error(`errCode: ${bosResponse.error.code}`)
8 logger.error(`requestId: ${bosResponse.error.requestId}`)
9 logger.error(`errMessage: ${bosResponse.error.message}`)
10 logger.error(`statusCode: ${bosResponse.statusCode}`)
11}The parameters available for calling in the resolution class returned by the getObjectAcl method are as follows:
| Parameters | Description |
|---|---|
| accessControlList | Identify the permission list of the object |
| grantee | Identify the grantee |
| id | Authorized person ID |
| permission | Identify the grantee permissions |
Delete object permissions
Example code
1try {
2 await bosClient.deleteObjectAcl(bucketName, objectName);
3 logger.info(`delete object acl success`)
4} catch (bosResponse) {
5 logger.error(`errCode: ${bosResponse.error.code}`)
6 logger.error(`requestId: ${bosResponse.error.requestId}`)
7 logger.error(`errMessage: ${bosResponse.error.message}`)
8 logger.error(`statusCode: ${bosResponse.statusCode}`)
9}