Object permission control
Updated at:2025-11-03
Set access permission for an object.
Currently, BOS supports two methods for setting ACLs. The first method is to use Canned ACL. During PutObjectAcl, the object access permission is set via the header "x-bce-acl" or "x-bce-grant-permission". Currently configurable permissions include private and public-read. The two types of headers cannot appear in the same request simultaneously. The second method is to upload an ACL file.
For details, refer to Setting Object Permission Control..
- Set object access permission using the headers "x-bce-acl" or "x-bce-grant-permission"
- set object acl First method (Set via request headers)
Java
1SetObjectAclRequest setObjectAclRequest = new SetObjectAclRequest("yourBucketName","objectKey",CannedAccessControlList.PublicRead);
2client.setObjectAcl(setObjectAclRequest);- set object acl First method (Set xBceGrantRead via request headers)
Java
1String xBceGrantRead = "id=\"user_id1\""+",id=\"user_id2\"";
2SetObjectAclRequest setObjectAclRequest = new SetObjectAclRequest();
3setObjectAclRequest.withBucketName("yourBucketName");
4setObjectAclRequest.withKey("objectKey");
5setObjectAclRequest.setxBceGrantRead(xBceGrantRead);
6client.setObjectAcl(setObjectAclRequest);- set object acl First method (Set xBceGrantFullControl via request headers)
Java
1String xBceGrantFullControl = "id=\"user_id1\""+",id=\"user_id2\"";
2SetObjectAclRequest setObjectAclRequest = new SetObjectAclRequest();
3setObjectAclRequest.withBucketName("yourBucketName");
4setObjectAclRequest.withKey("objectKey");
5setObjectAclRequest.setxBceGrantFullControl(xBceGrantFullControl);
6client.setObjectAcl(setObjectAclRequest);- Set object access permission via setObjectAcl
- set object acl Second Method (JSON string)
Java
1String jsonObjectAcl = "{\"accessControlList\":["+ "{\"grantee\":[{\"id\":\"*\"}], "+ "\"permission\":[\"FULL_CONTROL\"]"+"}]}";
2SetObjectAclRequest setObjectAclRequest = new SetObjectAclRequest("yourBucketName","objectKey",jsonObjectAcl);
3client.setObjectAcl(setObjectAclRequest);- set object acl Second Method, by which users only need to specify the specified parameters
Java
1List<Grant> grants = new ArrayList<Grant>();
2List<Grantee> grantees = new ArrayList<Grantee>();
3List<Permission> permissions = new ArrayList<Permission>();
4 // Grant permission to specific user
5grantees.add(new Grantee("user_id1"));
6grantees.add(new Grantee("user_id2"));
7grantees.add(new Grantee("user_id3"));
8 // Set permissions
9permissions.add(Permission.READ);
10grants.add(new Grant().withGrantee(grantees).withPermission(permissions));
11SetObjectAclRequest setObjectAclRequest = new SetObjectAclRequest("yourBucketName","objectKey", grants);
12client.setObjectAcl(setObjectAclRequest);View object permissions
The following code can be used to check the object permissions:
Java
1GetObjectAclRequest getObjectRequest = new GetObjectAclRequest();
2getObjectRequest.withBucketName("yourBucketName");
3getObjectRequest.withKey("objectKey");
4GetObjectAclResponse response = client.getObjectAcl(getObjectRequest);The parameters available for calling in the resolution class returned by the getObjectAcl method are as follows:
| Parameters | Description |
|---|---|
| accessControlList | Identify the permission list of the object |
| grantee | Identify the grantee |
| -id | Authorized person ID |
| permission | Identify the grantee permissions |
Delete object permissions
The following code can be used to delete the object permissions:
Java
1DeleteObjectAclRequest deleteObjectAclRequest = new DeleteObjectAclRequest("yourBucketName","objectKey");
2client.deleteObjectAcl(deleteObjectAclRequest);