• Object Storage Service

obs
  1. Help Center
  2. Object Storage Service
  3. Developer Guide (Python SDK)
  4. Object Management
  5. Managing Object ACLs

Managing Object ACLs

Object ACLs, similar to bucket ACLs, support pre-defined access control policies and direct configuration. For details, see Managing Bucket ACLs.

An object ACL can be configured in three modes:

  1. Specify a pre-defined access control policy during object upload.
  2. Call ObsClient.setObjectAcl to specify a pre-defined access control policy.
  3. Call ObsClient.setObjectAcl to set the ACL directly.

Specifying a Pre-defined Access Control Policy During Object Upload

Sample code:

# Import the module.
from com.obs.client.obs_client import ObsClient
 
# Create an instance of ObsClient.
obsClient = ObsClient(
    access_key_id='*** Provide your Access Key ***',    
    secret_access_key='*** Provide your Secret Key ***',    
    server='yourdomainname'
)

from com.obs.models.put_object_header import PutObjectHeader
headers = PutObjectHeader()
# Set the object ACL to public-read.
headers.acl = 'public-read'

resp = obsClient.putFile('bucketname', 'objectkey', 'localfile', headers=headers)
if resp.status < 300:
    print('requestId:', resp.requestId)
else:
    print('errorCode:', resp.errorCode)
    print('errorMessage:', resp.errorMessage)

Setting a Pre-defined Access Control Policy for an Object

Sample code:

# Import the module.
from com.obs.client.obs_client import ObsClient
 
# Create an instance of ObsClient.
obsClient = ObsClient(
    access_key_id='*** Provide your Access Key ***',    
    secret_access_key='*** Provide your Secret Key ***',    
    server='yourdomainname'
)

# Set the object ACL to private.
resp = obsClient.setObjectAcl('bucketname', 'objectkey', aclControl='private')
if resp.status < 300:
    print('requestId:', resp.requestId)
else:
    print('errorCode:', resp.errorCode)
    print('errorMessage:', resp.errorMessage)

Directly Setting an Object ACL

Sample code:

# Import the module.
from com.obs.client.obs_client import ObsClient
 
# Create an instance of ObsClient.
obsClient = ObsClient(
    access_key_id='*** Provide your Access Key ***',    
    secret_access_key='*** Provide your Secret Key ***',    
    server='yourdomainname'
)

from com.obs.models.acl import ACL
from com.obs.models.owner import Owner
from com.obs.models.grant import Grant, Permission
from com.obs.models.grantee import Grantee, Group
owner = Owner(owner_id='ownerid', owner_name='ownername')

# Grant all permissions to a specified user.
grant0 = Grant(grantee=Grantee(grantee_id='userid', grantee_name='username'), permission=Permission.FULL_CONTROL) 

# Grant the READ permission to all users.
grant1 = Grant(grantee=Grantee(group=Group.ALL_USERE), permission=Permission.READ) 

# Grant the WRITE permission to authorized users.
grant2 = Grant(grantee=Grantee(group=Group.ALL_USERE), permission=Permission.WRITE) 
acl = ACL(owner=owner, grants=[grant0, grant1, grant2])

resp = obsClient.setObjectAcl('bucketname', 'objectkey', acl=acl)
if resp.status < 300:    
    print('requestId:', resp.requestId)
else:    
    print('errorCode:', resp.errorCode)    
    print('errorMessage:', resp.errorMessage)
NOTE:
  • The owner or grantee ID needed in the ACL indicates the account ID, which can be viewed on the My Credential page of OBS Console.
  • OBS objects support two types of grantee group:
    • Authorized users: http://acs.amazonaws.com/groups/global/AuthenticatedUsers
    • All users: http://acs.amazonaws.com/groups/global/AllUsers

Obtaining an Object ACL

You can call ObsClient.getObjectAcl to obtain an object ACL. Sample code is as follows:

# Import the module.
from com.obs.client.obs_client import ObsClient
 
# Create an instance of ObsClient.
obsClient = ObsClient(
    access_key_id='*** Provide your Access Key ***',    
    secret_access_key='*** Provide your Secret Key ***',    
    server='yourdomainname'
)

resp = obsClient.getObjectAcl('bucketname', 'objectkey')
if resp.status < 300:
    print('requestId:', resp.requestId)
    print('owner_id:', resp.body.owner.owner_id)
    print('owner_name:', resp.body.owner.owner_name)
    index = 1    
    for grant in resp.body.grants:        
        print('grant [' + str(index) + ']')        
        print('grantee_id:', grant.grantee.grantee_id)        
        print('grantee_name:', grant.grantee.grantee_name)        
        print('group:', grant.grantee.group)        
        print('permission:', grant.permission)        
        index += 1
else:
    print('errorCode:', resp.errorCode)
    print('errorMessage:', resp.errorMessage)