PUT Bucket acl¶
OBS allows you to control access permission for buckets. By default, only the creator of a bucket has READ and WRITE permission for the bucket. The creator can also set other access permission. For example, the creator can set a public-read access policy to grant READ permission to other users.
You can set an access control policy when creating a bucket, and modify or obtain the bucket access control list (ACL) using the PUT Bucket acl and GET Bucket acl operations.
Request Syntax¶
PUT /?acl HTTP/1.1
User-Agent: agent
Host: bucketname.obs.example.com
Date: date
Authorization: authorization
Content-Length: length
<AccessControlPolicy>
<Owner>
<ID>ID</ID>
<DisplayName>displayname</DisplayName>
</Owner>
<AccessControlList>
<Grant>
<Grantee>grantee</Grantee>
<Permission>permission</Permission>
</Grant>
</AccessControlList>
</AccessControlPolicy>
Request Parameters¶
This request involves no parameters.
Request Headers¶
You can set the ACL of a bucket to a predefined ACL, also called a canned ACL. Each canned ACL has a predefined set of grantees and permission.
Optional header x-amz-acl is used in this request to specify canned ACLs. Table 1 describes the optional header.
Header | Description | Remarks |
|---|---|---|
x-amz-acl | Indicates the canned ACL applied to a bucket. Type: String Valid values: private| public-read| public-read-write|authenticated-read|bucket-owner-read|bucket-owner-full-control|log-delivery-write | Optional |
x-amz-security-token | Header field used to identify the request of a federated user. When the federal authentication function is enabled, users sending such requests are identified as federated users. Type: string | Optional. This parameter must be carried in the request sent by federated users. |
Request Elements¶
This request uses elements to specify an ACL. Table 2 describes the elements.
Element | Description | Remarks |
|---|---|---|
Owner | Indicates the bucket owner. This element consists of ID and DisplayName. Type: XML | Optional |
ID | Indicates the DomainId of a grantee. Type: String | Optional |
DisplayName | Indicates the name of the grantee. Type: String | Optional |
Grant | Container for the grantee and its permission. Type: XML | Optional |
Grantee | Container for the details about the grantee. For details, see Table 1. Type: XML | Optional |
Permission | Indicates the permission to be granted. For details, see Table 2. Type: Enumeration | Optional |
AccessControlList | Indicates the ACL. This element consists of Grant, Grantee, and Permission. Type: XML | Optional |
Response Syntax¶
HTTP/1.1 status_code
Server: Server Name
x-amz-request-id: request id
x-reserved: amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc
x-amz-id-2: id
Date: date
Content-Length: length
Response Headers¶
This response uses common headers. For details about common response headers, see section Common Response Headers.
Response Elements¶
This response involves no elements.
Error Responses¶
No special error responses are returned. For details about error responses, see Table 1.
Sample Request for Setting the Bucket ACL¶
PUT /?acl HTTP/1.1
User-Agent: Jakarta Commons-HttpClient/3.1
Host: bucketname.obs.example.com
Accept-Encoding: gzip,deflate
Date: Mon, 27 Sep 2010 01:37:17 GMT
Authorization: AWS 04RZT432N80TGDF2Y2G2:9uNLINAQ7IOIrD9OnCpDfY2R6nU=
Content-Length: 598
<AccessControlPolicy>
<Owner>
<ID>bcaf1ffd86f41caff1a493dc2ad8c2c2</ID>
<DisplayName>user</DisplayName>
</Owner>
<AccessControlList>
<Grant>
<Grantee xsi:type="CanonicalUser" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ID>bcaf1ffd86f41caff1a493dc2ad8c2c2</ID>
<DisplayName>user</DisplayName>
</Grantee>
<Permission>READ</Permission>
</Grant>
</AccessControlList>
</AccessControlPolicy>
Sample Response for Setting the Bucket ACL¶
HTTP/1.1 200 OK
Server: OBS
x-amz-request-id: 7B6DFC9BC71DD58B061285551605709
x-reserved: amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc
x-amz-id-2: N0I2REZDOUJDNzFERDU4QjA2MTI4NTU1MTYwNTcwOUFBQUFBQUFBYmJiYmJiYmJD
Date: Mon, 27 Sep 2010 01:40:03 GMT
Content-Length: 0
Sample Request for Setting the Bucket ACL Using Headers¶
PUT /?acl HTTP/1.1
User-Agent: curl/7.19.0
Host: bucketname.obs.example.com
Accept: */*
Date: Mon, 27 Sep 2010 01:37:17 GMT
Authorization: AWS 04RZT432N80TGDF2Y2G2:9uNLINAQ7IOIrD9OnCpDfY2R6nU=
x-amz-acl: private
Sample Response for Setting the Bucket ACL Using Headers¶
HTTP/1.1 200 OK
Server: OBS
x-amz-request-id: 7B6DFC9BC71DD58B061285551605709
x-reserved: amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc
x-amz-id-2: N0I2REZDOUJDNzFERDU4QjA2MTI4NTU1MTYwNTcwOUFBQUFBQUFBYmJiYmJiYmJD
Content-Type: application/xml
Date: Mon, 27 Sep 2010 01:40:03 GMT
Content-Length: 526