• Object Storage Service

obs
  1. Help Center
  2. Object Storage Service
  3. User Guide
  4. OBS Browser Operation Guide
  5. Bucket ACL
  6. Bucket ACL Overview

Bucket ACL Overview

OBS can use an ACL to enable bucket access permissions to be assigned to the following types of authorized users, as described in Table 1.

Table 1 Authorized users supported by OBS

Authorized User

Description

Bucket Owner

The owner of a bucket has the ACL View and ACL Edit permissions permanently by default.

Anonymous User

A user that is not registered with OBS. If the access permission for a bucket and objects is assigned to an anonymous user, all users can access the bucket and objects.

Registered User

A user that is registered with OBS. For example, a registered user can access OBS Browser using AKs and SKs.

Log Delivery User

A user that delivers bucket access logs after logging is enabled for a bucket. OBS automatically converts bucket logs into objects following the naming rules and writes the objects into the target bucket. The log delivery user is only available for the log management in OBS.

Table 2 lists the following types of access permissions that OBS supports.

Table 2 Access permissions supported by OBS

Permission

Description

Read

A grantee with this permission for a bucket can obtain the list of objects in the bucket and the metadata of the bucket.

Write

A grantee with this permission for a bucket can upload, overwrite, and delete any object in the bucket.

ACL View

A grantee with this permission can obtain the ACL of a bucket or object. A bucket or object owner has this permission permanently.

ACL Edit

A grantee with this permission can update the ACL of a bucket or object.

A bucket or object owner has this permission permanently.

NOTE:

A grantee with this permission can modify the access control policy and thus the grantee obtains full access permissions. Exercise caution when assigning this permission to other users.

Full Control

A grantee with this permission for a bucket has ReadWriteACL View, and ACL Edit permissions for the bucket.

NOTE:

Users assigned the permission can fully control the bucket and its objects. Exercise caution when assigning this permission to other users.

NOTE:

Granting new permissions for a bucket overwrites the existing permissions for the bucket and no permissions are added for the bucket.