- Release Notes
- Product Introduction
- Purchase Guide
- Getting Started
- Console Guide
- Console Overview
- Bucket Management
- Bucket Overview
- Creating Buckets
- Deleting Buckets
- Querying Buckets
- Empty Buckets
- Setting Access Permission
- Setting Bucket Encryption
- Setting Hotlink Protection
- Setting Origin-Pull
- Setting Cross-Origin Access
- Setting Versioning
- Setting up a Static Website
- Setting Lifecycle
- Setting Logging
- Accessing Bucket List Using Sub-Account
- Adding Bucket Policies
- Setting INTELLIGENT TIERING
- Setting Inventory
- Domain Name Management
- Setting Bucket Tags
- Setting Cross-Bucket Replication
- Enabling Global Acceleration
- Object Management
- Uploading Objects
- Downloading Objects
- Copying Objects
- Viewing Object Information
- Searching for Objects
- Sorting and Filtering Objects
- Direct Upload to COS ARCHIVE Storage
- Modifying Storage Class
- Deleting File Fragments
- Setting Object Access Permission
- Setting Object Encryption
- Custom Headers
- Deleting an Object
- Restoring Archived Objects
- Folder Management
- Data Extraction
- Setting Object Tags
- Exporting Object URLs
- Restoring a Historical Object Version
- Batch Operation
- Monitoring Reports
- Data Processing
- Application Integration
- User Tools
- Tool Overview
- Installation and Configuration of Environment
- COSBrowser
- COSCLI (Beta)
- COSCLI Overview
- Download and Installation Configuration
- Common Commands
- Generating and Modifying Configuration Files - config
- Creating Buckets - mb
- Deleting Buckets - rb
- Querying Bucket/Object List - ls
- Obtaining Statistics on Different Types of Objects - du
- Uploading/Downloading/Copying Objects - cp
- Syncing Upload/Download/Copy - sync
- Deleting Objects - rm
- Getting File Hash Value - hash
- Listing Incomplete Multipart Uploads - lsparts
- Clearing Incomplete Multipart Uploads - abort
- Retrieving Archived Files - restore
- Getting Pre-signed URL - signurl
- FAQs
- COSCMD
- COS Migration
- FTP Server
- COSFS
- Hadoop Tool
- COSDistCp
- Hadoop-cos-DistChecker
- HDFS TO COS
- Diagnostic Tool
- GooseFS
- Update History
- Getting Started
- Key Features
- Deployment Guide
- OPS Guide
- Data Security
- GooseFS on TKE Cloud Native Practices
- Getting Started
- Using GooseFS as Fluid Dataset Runtime
- Multi-Master Node Deployment
- Multiple-Master Affinity Scheduling
- Accelerating Data in COS
- Global Client Deployment
- Using Parameters for Encryption
- Manual Scaling
- Data Caching and Metadata Caching
- Data Affinity Scheduling
- Data Scheduling Based on Tolerations and Taints
- Data Preloading
- Deploying Multiple Datasets on the Same Cluster via Placement
- Best Practice
- Overview
- Access Control and Permission Management
- ACL Practices
- Cloud Access Management Practices
- Granting Sub-accounts Access to COS
- Cases of Permission Setting
- Working with COS API Access Policies
- Temporary Key Security Guide for Frontend Direct Upload to COS
- Generating and Using Temporary Keys
- Grant Sub-account Permissions to Pull Tag List
- Granting Sub-account Under One Root Account Permission to Manipulate Buckets Under Another Root Account
- Performance Optimization
- Data Migration
- Accessing COS Using the AWS S3 SDK
- Data Disaster Recovery and Backup
- Direct Data Upload
- Domain Name Management Practice
- Data Security
- Data Verification
- Big Data Practice
- Using COS in the Third-party Applications
- Using APIs to Zip Files
- Using APIs to Merge Files
- Developer Guide
- Creating Request
- Bucket
- Object
- Data Management
- Data Disaster Recovery
- Data Security
- Cloud Access Management (CAM)
- Batch Processing
- Global Acceleration
- Data Processing
- Metadata Acceleration
- Monitoring and Alarms
- Troubleshooting
- API Documentation
- Introduction
- Common Request Headers
- Common Response Headers
- Error Codes
- Request Signature
- Operation List
- Service APIs
- Bucket APIs
- Basic Operations
- Access Control List (acl)
- Cross-Origin Resource Sharing (cors)
- Lifecycle
- Bucket Policy (policy)
- Hotlink Protection (referer)
- Tag (tagging)
- Static Website (website)
- Intelligent Tiering
- Bucket inventory(inventory)
- Versioning
- Cross-Bucket Replication(replication)
- Log Management(logging)
- Global Acceleration (Accelerate)
- Bucket Encryption (encryption)
- Custom Domain Name (Domain)
- Object APIs
- Batch Operation APIs
- Data Processing APIs
- Image Processing
- Basic Image Processing
- Scaling
- Cropping
- Rotation
- Converting Format
- Quality Change
- Gaussian Blurring
- Adjusting Brightness
- Adjusting Contrast
- Sharpening
- Image Watermarking
- Text Watermarking
- Obtaining Basic Image Information
- Obtaining Image EXIF
- Obtaining Image’s Average Hue
- Removing Image Metadata
- Quick Thumbnail Template
- Limiting Output Image Size
- Pipeline Operators
- Image Advanced Compression
- Persistent Image Processing
- Image Compression
- Basic Image Processing
- Image Processing
- SDK Documentation
- SDK Overview
- Preparations
- Android SDK
- Object Operations
- Uploading and Copying Objects
- Downloading Objects
- Moving an Object
- Listing Objects
- Deleting Objects
- Restoring an Archived Object
- Querying Object Metadata
- Generating Pre-Signed URLs
- Configuring Preflight Requests for Cross-origin Access
- Server-Side Encryption
- Single-Connection Bandwidth Limit
- Extracting Object Content
- Getting Started
- Quick Experience
- Bucket Operations
- Remote Disaster Recovery
- Data Management
- Cloud Access Management
- Setting Custom Headers
- Setting Access Domain Names
- Image Processing
- Troubleshooting
- Object Operations
- C SDK
- C++ SDK
- .NET(C#) SDK
- Getting Started
- Bucket Operations
- Object Operations
- Uploading Objects
- Downloading Objects
- Copying and Moving Objects
- Listing Objects
- Deleting Objects
- Checking Whether Objects Exist
- Restoring Archived Objects
- Querying Object Metadata
- Getting Pre-Signed URLs
- Configuring Preflight Requests for Cross-Origin Access
- Server-Side Encryption
- Single-URL Speed Limits
- Extracting Object Content
- Cross-Region Disaster Recovery
- Data Management
- Cloud Access Management
- Image Processing
- Setting Custom Headers
- Setting Access Domain Names (CDN/Global Acceleration)
- Troubleshooting
- Backward Compatibility
- Go SDK
- iOS SDK
- Java SDK
- JavaScript SDK
- Node.js SDK
- PHP SDK
- Python SDK
- Mini Program SDK
- Error Codes
- FAQs
- Service Agreement
- Glossary
- Release Notes
- Product Introduction
- Purchase Guide
- Getting Started
- Console Guide
- Console Overview
- Bucket Management
- Bucket Overview
- Creating Buckets
- Deleting Buckets
- Querying Buckets
- Empty Buckets
- Setting Access Permission
- Setting Bucket Encryption
- Setting Hotlink Protection
- Setting Origin-Pull
- Setting Cross-Origin Access
- Setting Versioning
- Setting up a Static Website
- Setting Lifecycle
- Setting Logging
- Accessing Bucket List Using Sub-Account
- Adding Bucket Policies
- Setting INTELLIGENT TIERING
- Setting Inventory
- Domain Name Management
- Setting Bucket Tags
- Setting Cross-Bucket Replication
- Enabling Global Acceleration
- Object Management
- Uploading Objects
- Downloading Objects
- Copying Objects
- Viewing Object Information
- Searching for Objects
- Sorting and Filtering Objects
- Direct Upload to COS ARCHIVE Storage
- Modifying Storage Class
- Deleting File Fragments
- Setting Object Access Permission
- Setting Object Encryption
- Custom Headers
- Deleting an Object
- Restoring Archived Objects
- Folder Management
- Data Extraction
- Setting Object Tags
- Exporting Object URLs
- Restoring a Historical Object Version
- Batch Operation
- Monitoring Reports
- Data Processing
- Application Integration
- User Tools
- Tool Overview
- Installation and Configuration of Environment
- COSBrowser
- COSCLI (Beta)
- COSCLI Overview
- Download and Installation Configuration
- Common Commands
- Generating and Modifying Configuration Files - config
- Creating Buckets - mb
- Deleting Buckets - rb
- Querying Bucket/Object List - ls
- Obtaining Statistics on Different Types of Objects - du
- Uploading/Downloading/Copying Objects - cp
- Syncing Upload/Download/Copy - sync
- Deleting Objects - rm
- Getting File Hash Value - hash
- Listing Incomplete Multipart Uploads - lsparts
- Clearing Incomplete Multipart Uploads - abort
- Retrieving Archived Files - restore
- Getting Pre-signed URL - signurl
- FAQs
- COSCMD
- COS Migration
- FTP Server
- COSFS
- Hadoop Tool
- COSDistCp
- Hadoop-cos-DistChecker
- HDFS TO COS
- Diagnostic Tool
- GooseFS
- Update History
- Getting Started
- Key Features
- Deployment Guide
- OPS Guide
- Data Security
- GooseFS on TKE Cloud Native Practices
- Getting Started
- Using GooseFS as Fluid Dataset Runtime
- Multi-Master Node Deployment
- Multiple-Master Affinity Scheduling
- Accelerating Data in COS
- Global Client Deployment
- Using Parameters for Encryption
- Manual Scaling
- Data Caching and Metadata Caching
- Data Affinity Scheduling
- Data Scheduling Based on Tolerations and Taints
- Data Preloading
- Deploying Multiple Datasets on the Same Cluster via Placement
- Best Practice
- Overview
- Access Control and Permission Management
- ACL Practices
- Cloud Access Management Practices
- Granting Sub-accounts Access to COS
- Cases of Permission Setting
- Working with COS API Access Policies
- Temporary Key Security Guide for Frontend Direct Upload to COS
- Generating and Using Temporary Keys
- Grant Sub-account Permissions to Pull Tag List
- Granting Sub-account Under One Root Account Permission to Manipulate Buckets Under Another Root Account
- Performance Optimization
- Data Migration
- Accessing COS Using the AWS S3 SDK
- Data Disaster Recovery and Backup
- Direct Data Upload
- Domain Name Management Practice
- Data Security
- Data Verification
- Big Data Practice
- Using COS in the Third-party Applications
- Using APIs to Zip Files
- Using APIs to Merge Files
- Developer Guide
- Creating Request
- Bucket
- Object
- Data Management
- Data Disaster Recovery
- Data Security
- Cloud Access Management (CAM)
- Batch Processing
- Global Acceleration
- Data Processing
- Metadata Acceleration
- Monitoring and Alarms
- Troubleshooting
- API Documentation
- Introduction
- Common Request Headers
- Common Response Headers
- Error Codes
- Request Signature
- Operation List
- Service APIs
- Bucket APIs
- Basic Operations
- Access Control List (acl)
- Cross-Origin Resource Sharing (cors)
- Lifecycle
- Bucket Policy (policy)
- Hotlink Protection (referer)
- Tag (tagging)
- Static Website (website)
- Intelligent Tiering
- Bucket inventory(inventory)
- Versioning
- Cross-Bucket Replication(replication)
- Log Management(logging)
- Global Acceleration (Accelerate)
- Bucket Encryption (encryption)
- Custom Domain Name (Domain)
- Object APIs
- Batch Operation APIs
- Data Processing APIs
- Image Processing
- Basic Image Processing
- Scaling
- Cropping
- Rotation
- Converting Format
- Quality Change
- Gaussian Blurring
- Adjusting Brightness
- Adjusting Contrast
- Sharpening
- Image Watermarking
- Text Watermarking
- Obtaining Basic Image Information
- Obtaining Image EXIF
- Obtaining Image’s Average Hue
- Removing Image Metadata
- Quick Thumbnail Template
- Limiting Output Image Size
- Pipeline Operators
- Image Advanced Compression
- Persistent Image Processing
- Image Compression
- Basic Image Processing
- Image Processing
- SDK Documentation
- SDK Overview
- Preparations
- Android SDK
- Object Operations
- Uploading and Copying Objects
- Downloading Objects
- Moving an Object
- Listing Objects
- Deleting Objects
- Restoring an Archived Object
- Querying Object Metadata
- Generating Pre-Signed URLs
- Configuring Preflight Requests for Cross-origin Access
- Server-Side Encryption
- Single-Connection Bandwidth Limit
- Extracting Object Content
- Getting Started
- Quick Experience
- Bucket Operations
- Remote Disaster Recovery
- Data Management
- Cloud Access Management
- Setting Custom Headers
- Setting Access Domain Names
- Image Processing
- Troubleshooting
- Object Operations
- C SDK
- C++ SDK
- .NET(C#) SDK
- Getting Started
- Bucket Operations
- Object Operations
- Uploading Objects
- Downloading Objects
- Copying and Moving Objects
- Listing Objects
- Deleting Objects
- Checking Whether Objects Exist
- Restoring Archived Objects
- Querying Object Metadata
- Getting Pre-Signed URLs
- Configuring Preflight Requests for Cross-Origin Access
- Server-Side Encryption
- Single-URL Speed Limits
- Extracting Object Content
- Cross-Region Disaster Recovery
- Data Management
- Cloud Access Management
- Image Processing
- Setting Custom Headers
- Setting Access Domain Names (CDN/Global Acceleration)
- Troubleshooting
- Backward Compatibility
- Go SDK
- iOS SDK
- Java SDK
- JavaScript SDK
- Node.js SDK
- PHP SDK
- Python SDK
- Mini Program SDK
- Error Codes
- FAQs
- Service Agreement
- Glossary
Overview
This document provides an overview of APIs and SDK code samples related to the access control lists (ACLs) for buckets and objects.
Bucket ACL
| API | Operation | Description |
|---|---|---|
| PUT Bucket acl | Setting a bucket ACL | Sets an ACL for a bucket |
| GET Bucket acl | Querying a bucket ACL | Gets the ACL of a specified bucket |
Object ACL
| API | Operation | Description |
|---|---|---|
| PUT Object acl | Setting an object ACL | Sets an ACL for an object (file) in a bucket |
| GET Object acl | Querying an object ACL | Queries the ACL of an object (file) |
Bucket ACL
Setting a bucket ACL
Description
This API is used to set an access control list (ACL) for a specified bucket.
Method prototype
public Guzzle\Service\Resource\Model putBucketAcl(array $args = array());
Sample request
<?php
require dirname(__FILE__) . '/../vendor/autoload.php';
$secretId = "SECRETID"; //Replace it with the actual SecretId, which can be viewed and managed at https://console.cloud.tencent.com/cam/capi
$secretKey = "SECRETKEY"; //Replace it with the actual SecretKey, which can be viewed and managed at https://console.cloud.tencent.com/cam/capi
$region = "ap-beijing"; //Replace it with the actual region, which can be viewed in the console at https://console.cloud.tencent.com/cos5/bucket
$cosClient = new Qcloud\Cos\Client(
array(
'region' => $region,
'schema' => 'https', // Protocol header, which is http by default
'credentials'=> array(
'secretId' => $secretId ,
'secretKey' => $secretKey)));
try {
$result = $cosClient->putBucketAcl(array(
'Bucket' => 'examplebucket-1250000000', // Bucket name in the format of `BucketName-APPID`, which can be viewed in the COS console at https://console.cloud.tencent.com/cos5/bucket
'ACL' => 'private',
'Grants' => array(
array(
'Grantee' => array(
'DisplayName' => 'qcs::cam::uin/100000000001:uin/100000000001',
'ID' => 'qcs::cam::uin/100000000001:uin/100000000001',
'Type' => 'CanonicalUser',
),
'Permission' => 'FULL_CONTROL',
),
// ... repeated
),
'Owner' => array(
'DisplayName' => 'qcs::cam::uin/100000000001:uin/100000000001',
'ID' => 'qcs::cam::uin/100000000001:uin/100000000001',
)));
// Request succeeded
print_r($result);
} catch (\Exception $e) {
// Request failed
echo "$e\n";
}
Parameter description
| Parameter | Type | Description | Parent Node |
|---|---|---|---|
| Bucket | String | Bucket name in the format of BucketName-APPID |
None |
| Grants | Array | ACL permission list | None |
| Grant | Array | ACL permission information | Grants |
| Grantee | Array | ACL permission information | Grant |
| Type | String | Permission type of the authorized user | Grantee |
| Permission | String | Permission type. Valid values: FULL_CONTROL, WRITE, READ |
Grant |
| ACL | String | Global permission type. Valid values: private, public-read, public-read-write |
None |
| Owner | String | Information about the bucket owner | None |
| DisplayName | String | Name of the bucket owner | Grantee/Owner |
| ID | String | ID of the bucket owner | Grantee/Owner |
Querying a bucket ACL
Description
This API is used to query the access control list (ACL) of a specified bucket.
Method prototype
public Guzzle\Service\Resource\Model getBucketAcl(array $args = array());
Sample request
<?php
require dirname(__FILE__) . '/../vendor/autoload.php';
$secretId = "SECRETID"; //Replace it with the actual SecretId, which can be viewed and managed at https://console.cloud.tencent.com/cam/capi
$secretKey = "SECRETKEY"; //Replace it with the actual SecretKey, which can be viewed and managed at https://console.cloud.tencent.com/cam/capi
$region = "ap-beijing"; //Replace it with the actual region, which can be viewed in the console at https://console.cloud.tencent.com/cos5/bucket
$cosClient = new Qcloud\Cos\Client(
array(
'region' => $region,
'schema' => 'https', // Protocol header, which is http by default
'credentials'=> array(
'secretId' => $secretId ,
'secretKey' => $secretKey)));
try {
$result = $cosClient->getBucketAcl(array(
'Bucket' => 'examplebucket-1250000000' // Bucket name in the format of `BucketName-APPID`, which can be viewed in the COS console at https://console.cloud.tencent.com/cos5/bucket
));
// Request succeeded
print_r($result);
} catch (\Exception $e) {
// Request failed
echo($e);
}
Sample response
Array
(
[data:protected] => Array
(
[Owner] => Array
(
[ID] => qcs::cam::uin/100000000001:uin/100000000001
[DisplayName] => qcs::cam::uin/100000000001:uin/100000000001
)
[Grants] => Array
(
[0] => Array
(
[Grantee] => Array
(
[ID] => qcs::cam::uin/100000000001:uin/100000000001
[DisplayName] => qcs::cam::uin/100000000001:uin/100000000001
)
[Permission] => FULL_CONTROL
)
)
[RequestId] => NWE3YzhjMTRfYzdhMzNiMGFfYjdiOF8yYzZmMzU=
)
)
Response description
| Parameter | Type | Description | Parent Node |
|---|---|---|---|
| Grants | Array | ACL permission list | None |
| Grant | Array | ACL permission information | Grants |
| Grantee | Array | ACL permission information | Grant |
| Permission | String | Permission type. Valid values: FULL_CONTROL, WRITE, READ |
Grant |
| Owner | String | Information about the bucket owner | None |
| DisplayName | String | Name of the bucket owner | Grantee/Owner |
| ID | String | ID of the bucket owner | Grantee/Owner |
Object ACL
Setting an object ACL
Description
This API is used to set the ACL of an object.
Method prototype
public Guzzle\Service\Resource\Model putObjectAcl(array $args = array());
Sample request
<?php
require dirname(__FILE__) . '/../vendor/autoload.php';
$secretId = "SECRETID"; //Replace it with the actual SecretId, which can be viewed and managed at https://console.cloud.tencent.com/cam/capi
$secretKey = "SECRETKEY"; //Replace it with the actual SecretKey, which can be viewed and managed at https://console.cloud.tencent.com/cam/capi
$region = "ap-beijing"; //Replace it with the actual region, which can be viewed in the console at https://console.cloud.tencent.com/cos5/bucket
$cosClient = new Qcloud\Cos\Client(
array(
'region' => $region,
'schema' => 'https', // Protocol header, which is http by default
'credentials'=> array(
'secretId' => $secretId ,
'secretKey' => $secretKey)));
try {
$result = $cosClient->putObjectAcl(array(
'Bucket' => 'examplebucket-1250000000', // Bucket name in the format of `BucketName-APPID`, which can be viewed in the COS console at https://console.cloud.tencent.com/cos5/bucket
'Key' => 'exampleobject',
'ACL' => 'private',
'Grants' => array(
array(
'Grantee' => array(
'DisplayName' => 'qcs::cam::uin/100000000001:uin/100000000001',
'ID' => 'qcs::cam::uin/100000000001:uin/100000000001',
'Type' => 'CanonicalUser',
),
'Permission' => 'FULL_CONTROL',
),
// ... repeated
),
'Owner' => array(
'DisplayName' => 'qcs::cam::uin/100000000001:uin/100000000001',
'ID' => 'qcs::cam::uin/100000000001:uin/100000000001',
)));
// Request succeeded
print_r($result);
} catch (\Exception $e) {
// Request failed
echo "$e\n";
}
Parameter description
| Parameter | Type | Description | Required |
|---|---|---|---|
| Bucket | String | Bucket name in the format of BucketName-APPID |
Yes |
| Key | String | Object key | Yes |
| Grants | Array | ACL permission list | No |
| Grant | Array | ACL permission information | No |
| Grantee | Array | ACL permission information | No |
| Type | String | Permission type of the authorized user | No |
| Permission | String | Permission type. Valid values: FULL_CONTROL, WRITE, READ |
No |
| ACL | String | Global permission type. Valid values: private, public-read |
No |
| Owner | String | Information about the bucket owner | No |
| DisplayName | String | Name of the bucket owner | No |
| ID | String | ID of the bucket owner | No |
Querying an object ACL
Description
The API is used to query the ACL of an object.
Method prototype
public Guzzle\Service\Resource\Model getObjectAcl(array $args = array());
Sample request
<?php
require dirname(__FILE__) . '/../vendor/autoload.php';
$secretId = "SECRETID"; //Replace it with the actual SecretId, which can be viewed and managed at https://console.cloud.tencent.com/cam/capi
$secretKey = "SECRETKEY"; //Replace it with the actual SecretKey, which can be viewed and managed at https://console.cloud.tencent.com/cam/capi
$region = "ap-beijing"; //Replace it with the actual region, which can be viewed in the console at https://console.cloud.tencent.com/cos5/bucket
$cosClient = new Qcloud\Cos\Client(
array(
'region' => $region,
'schema' => 'https', // Protocol header, which is http by default
'credentials'=> array(
'secretId' => $secretId ,
'secretKey' => $secretKey)));
try {
$result = $cosClient->getObjectAcl(array(
'Bucket' => 'examplebucket-1250000000', // Bucket name in the format of `BucketName-APPID`, which can be viewed in the COS console at https://console.cloud.tencent.com/cos5/bucket
'Key' => 'exampleobject',
));
// Request succeeded
print_r($result);
} catch (\Exception $e) {
// Request failed
echo($e);
}
Sample response
Array
(
[data:protected] => Array
(
[Owner] => Array
(
[ID] => qcs::cam::uin/100000000001:uin/100000000001
[DisplayName] => qcs::cam::uin/100000000001:uin/100000000001
)
[Grants] => Array
(
[0] => Array
(
[Grantee] => Array
(
[ID] => qcs::cam::uin/100000000001:uin/100000000001
[DisplayName] => qcs::cam::uin/100000000001:uin/100000000001
)
[Permission] => FULL_CONTROL
)
)
[RequestId] => NWE3YzhjMTRfYzdhMzNiMGFfYjdiOF8yYzZmMzU=
)
)
Response description
| Parameter | Type | Description | Parent Node |
|---|---|---|---|
| Grants | Array | ACL permission list | None |
| Grant | Array | ACL permission information | Grants |
| Grantee | Array | ACL permission information | Grant |
| Permission | String | Permission type. Valid values: FULL_CONTROL, WRITE, READ |
Grant |
| Owner | String | Information about the bucket owner | None |
| DisplayName | String | Name of the bucket owner | Grantee/Owner |
| ID | String | ID of the bucket owner | Grantee/Owner |
Yes
No
Was this page helpful?