tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Cloud Object Storage
    Documentation
    Download PDF

    Access Control

    Last updated: 2024-02-04 14:25:57
    Download PDF

      Overview

      This document provides an overview of APIs and SDK code samples related to the access control lists (ACLs) for buckets and objects.
      Bucket ACL
      API
      Operation
      Description
      Setting a bucket ACL
      Sets an ACL for a bucket
      Querying a bucket ACL
      Gets the ACL of a specified bucket
      Object ACL
      API
      Operation
      Description
      Setting an object ACL
      Sets an ACL for an object (file) in a bucket
      Querying an object ACL
      Queries the ACL of an object (file)

      Bucket ACL

      Setting a bucket ACL

      Description

      This API is used to set an access control list (ACL) for a specified bucket.

      Method prototype

      public Guzzle\\Service\\Resource\\Model putBucketAcl(array $args = array());

      Sample request

      <?php
      
      require dirname(__FILE__) . '/../vendor/autoload.php';
      
      $secretId = "SECRETID"; //Replace it with the actual SecretId, which can be viewed and managed at https://console.tencentcloud.com/cam/capi
      $secretKey = "SECRETKEY"; //Replace it with the actual SecretKey, which can be viewed and managed at https://console.tencentcloud.com/cam/capi
      $region = "ap-beijing"; //Replace it with the actual region, which can be viewed in the console at https://console.tencentcloud.com/cos5/bucket
      $cosClient = new Qcloud\\Cos\\Client(
          array(
              'region' => $region,
              'schema' => 'https', // Protocol header, which is http by default
              'credentials'=> array(
                  'secretId'  => $secretId ,
                  'secretKey' => $secretKey)));
      
      try {
          $result = $cosClient->putBucketAcl(array(
              'Bucket' => 'examplebucket-1250000000', // Bucket name in the format of `BucketName-APPID`, which can be viewed in the COS console at https://console.tencentcloud.com/cos5/bucket
              'ACL' => 'private',
              'Grants' => array(
                  array(
                      'Grantee' => array(
                          'DisplayName' => 'qcs::cam::uin/100000000001:uin/100000000001',
                          'ID' => 'qcs::cam::uin/100000000001:uin/100000000001',
                          'Type' => 'CanonicalUser',
                      ),  
                      'Permission' => 'FULL_CONTROL',
                  ),  
                  // ... repeated
              ),  
              'Owner' => array(
                  'DisplayName' => 'qcs::cam::uin/100000000001:uin/100000000001',
                  'ID' => 'qcs::cam::uin/100000000001:uin/100000000001',
              )));
          // Request succeeded
          print_r($result);
      } catch (\\Exception $e) {
          // Request failed
          echo "$e\\n";
      }

      Parameter description

      Parameter
      Type
      Description
      Parent Node
      Bucket
      String
      Bucket name in the format of BucketName-APPID
      None
      Grants
      Array
      ACL permission list
      None
      Grant
      Array
      ACL permission information
      Grants
      Grantee
      Array
      ACL permission information
      Grant
      Type
      String
      Permission type of the authorized user
      Grantee
      Permission
      String
      Permission type. Valid values: FULL_CONTROL, WRITE, READ
      Grant
      ACL
      String
      Global permission type. Valid values: private, public-read, public-read-write
      None
      Owner
      String
      Information about the bucket owner
      None
      DisplayName
      String
      Name of the bucket owner
      Grantee/Owner
      ID
      String
      ID of the bucket owner
      Grantee/Owner

      Querying a bucket ACL

      Description

      This API is used to query the access control list (ACL) of a specified bucket.

      Method prototype

      public Guzzle\\Service\\Resource\\Model getBucketAcl(array $args = array());

      Sample request

      <?php
      
      require dirname(__FILE__) . '/../vendor/autoload.php';
      
      $secretId = "SECRETID"; //Replace it with the actual SecretId, which can be viewed and managed at https://console.tencentcloud.com/cam/capi
      $secretKey = "SECRETKEY"; //Replace it with the actual SecretKey, which can be viewed and managed at https://console.tencentcloud.com/cam/capi
      $region = "ap-beijing"; //Replace it with the actual region, which can be viewed in the console at https://console.tencentcloud.com/cos5/bucket
      $cosClient = new Qcloud\\Cos\\Client(
          array(
              'region' => $region,
              'schema' => 'https', // Protocol header, which is http by default
              'credentials'=> array(
                  'secretId'  => $secretId ,
                  'secretKey' => $secretKey)));
      
      try {
          $result = $cosClient->getBucketAcl(array(
              'Bucket' => 'examplebucket-1250000000' // Bucket name in the format of `BucketName-APPID`, which can be viewed in the COS console at https://console.tencentcloud.com/cos5/bucket
          )); 
          // Request succeeded
          print_r($result);
      } catch (\\Exception $e) {
          // Request failed
          echo($e);
      }

      Sample response

      Array
      (
          [data:protected] => Array
              (
                [Owner] => Array
                    (
                       [ID] => qcs::cam::uin/100000000001:uin/100000000001
                       [DisplayName] => qcs::cam::uin/100000000001:uin/100000000001
                    )
      
                [Grants] => Array
                      (
                        [0] => Array
                            (
                              [Grantee] => Array
                                 (
                                   [ID] => qcs::cam::uin/100000000001:uin/100000000001
                                   [DisplayName] => qcs::cam::uin/100000000001:uin/100000000001
                                 )
      
                              [Permission] => FULL_CONTROL
                            )
      
                      )
      
                [RequestId] => NWE3YzhjMTRfYzdhMzNiMGFfYjdiOF8yYzZmMzU=
              )
      )

      Response description

      Parameter
      Type
      Description
      Parent Node
      Grants
      Array
      ACL permission list
      None
      Grant
      Array
      ACL permission information
      Grants
      Grantee
      Array
      ACL permission information
      Grant
      Permission
      String
      Permission type. Valid values: FULL_CONTROL, WRITE, READ
      Grant
      Owner
      String
      Information about the bucket owner
      None
      DisplayName
      String
      Name of the bucket owner
      Grantee/Owner
      ID
      String
      ID of the bucket owner
      Grantee/Owner

      Object ACL

      Setting an object ACL

      Description

      This API is used to set the ACL of an object.

      Method prototype

      public Guzzle\\Service\\Resource\\Model putObjectAcl(array $args = array());

      Sample request

      <?php
      
      require dirname(__FILE__) . '/../vendor/autoload.php';
      
      $secretId = "SECRETID"; //Replace it with the actual SecretId, which can be viewed and managed at https://console.tencentcloud.com/cam/capi
      $secretKey = "SECRETKEY"; //Replace it with the actual SecretKey, which can be viewed and managed at https://console.tencentcloud.com/cam/capi
      $region = "ap-beijing"; //Replace it with the actual region, which can be viewed in the console at https://console.tencentcloud.com/cos5/bucket
      $cosClient = new Qcloud\\Cos\\Client(
          array(
              'region' => $region,
              'schema' => 'https', // Protocol header, which is http by default
              'credentials'=> array(
                  'secretId'  => $secretId ,
                  'secretKey' => $secretKey)));
      
      try {
          $result = $cosClient->putObjectAcl(array(
              'Bucket' => 'examplebucket-1250000000', // Bucket name in the format of `BucketName-APPID`, which can be viewed in the COS console at https://console.tencentcloud.com/cos5/bucket
              'Key' => 'exampleobject',
              'ACL' => 'private',
              'Grants' => array(
                  array(
                      'Grantee' => array(
                          'DisplayName' => 'qcs::cam::uin/100000000001:uin/100000000001',
                          'ID' => 'qcs::cam::uin/100000000001:uin/100000000001',
                          'Type' => 'CanonicalUser',
                      ),  
                      'Permission' => 'FULL_CONTROL',
                  ),  
                  // ... repeated
              ),  
              'Owner' => array(
                  'DisplayName' => 'qcs::cam::uin/100000000001:uin/100000000001',
                  'ID' => 'qcs::cam::uin/100000000001:uin/100000000001',
              )));
          // Request succeeded
          print_r($result);
      } catch (\\Exception $e) {
          // Request failed
          echo "$e\\n";
      }

      Parameter description

      Parameter
      Type
      Description
      Required
      Bucket
      String
      Bucket name in the format of BucketName-APPID
      Yes
      Key
      String
      Object key
      Yes
      Grants
      Array
      ACL permission list
      No
      Grant
      Array
      ACL permission information
      No
      Grantee
      Array
      ACL permission information
      No
      Type
      String
      Permission type of the authorized user
      No
      Permission
      String
      Permission type. Valid values: FULL_CONTROL, WRITE, READ
      No
      ACL
      String
      Global permission type. Valid values: private, public-read
      No
      Owner
      String
      Information about the bucket owner
      No
      DisplayName
      String
      Name of the bucket owner
      No
      ID
      String
      ID of the bucket owner
      No

      Querying an object ACL

      Description

      The API is used to query the ACL of an object.

      Method prototype

      public Guzzle\\Service\\Resource\\Model getObjectAcl(array $args = array());

      Sample request

      <?php
      
      require dirname(__FILE__) . '/../vendor/autoload.php';
      
      $secretId = "SECRETID"; //Replace it with the actual SecretId, which can be viewed and managed at https://console.tencentcloud.com/cam/capi
      $secretKey = "SECRETKEY"; //Replace it with the actual SecretKey, which can be viewed and managed at https://console.tencentcloud.com/cam/capi
      $region = "ap-beijing"; //Replace it with the actual region, which can be viewed in the console at https://console.tencentcloud.com/cos5/bucket
      $cosClient = new Qcloud\\Cos\\Client(
          array(
              'region' => $region,
              'schema' => 'https', // Protocol header, which is http by default
              'credentials'=> array(
                  'secretId'  => $secretId ,
                  'secretKey' => $secretKey)));
      
      try {
          $result = $cosClient->getObjectAcl(array(
              'Bucket' => 'examplebucket-1250000000', // Bucket name in the format of `BucketName-APPID`, which can be viewed in the COS console at https://console.tencentcloud.com/cos5/bucket
              'Key' => 'exampleobject',
          )); 
          // Request succeeded
          print_r($result);
      } catch (\\Exception $e) {
          // Request failed
          echo($e);
      }

      Sample response

      Array
      (
          [data:protected] => Array
              (
                  [Owner] => Array
                      (
                          [ID] => qcs::cam::uin/100000000001:uin/100000000001
                          [DisplayName] => qcs::cam::uin/100000000001:uin/100000000001
                      )
      
                  [Grants] => Array
                      (
                          [0] => Array
                              (
                                  [Grantee] => Array
                                      (
                                          [ID] => qcs::cam::uin/100000000001:uin/100000000001
                                          [DisplayName] => qcs::cam::uin/100000000001:uin/100000000001
                                      )
      
                                  [Permission] => FULL_CONTROL
                              )
      
                      )
      
                  [RequestId] => NWE3YzhjMTRfYzdhMzNiMGFfYjdiOF8yYzZmMzU=
              )
      )

      Response description

      Parameter
      Type
      Description
      Parent Node
      Grants
      Array
      ACL permission list
      None
      Grant
      Array
      ACL permission information
      Grants
      Grantee
      Array
      ACL permission information
      Grant
      Permission
      String
      Permission type. Valid values: FULL_CONTROL, WRITE, READ
      Grant
      Owner
      String
      Information about the bucket owner
      None
      DisplayName
      String
      Name of the bucket owner
      Grantee/Owner
      ID
      String
      ID of the bucket owner
      Grantee/Owner
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy