Access control

Last updated: 2020-05-26 18:35:14

    Overview

    This document provides an overview of APIs and SDK code samples related to bucket and object access control lists (ACLs).

    Bucket ACL

    API Operation Name Operation Description
    PUT Bucket acl Setting bucket ACL Sets the ACL for a specified bucket
    GET Bucket acl Querying bucket ACL Gets the ACL of a specified bucket

    Object ACL

    API Operation Name Operation Description
    PUT Object acl Setting object ACL Sets the ACL for a specified object (file/object) in a bucket
    GET Object acl Querying object ACL Queries the ACL of an object (file/object)

    Bucket ACL

    Setting bucket ACL

    Feature description

    This API is used to set the access control list (ACL) for a specified bucket.

    Method prototype

    public Guzzle\Service\Resource\Model putBucketAcl(array $args = array());

    Sample request

    try {
        $result = $cosClient->putBucketAcl(array(
            'Bucket' => 'examplebucket-1250000000', // Format: BucketName-APPID
            'ACL' => 'private',
            'Grants' => array(
                array(
                    'Grantee' => array(
                        'DisplayName' => 'qcs::cam::uin/100000000001:uin/100000000001',
                        'ID' => 'qcs::cam::uin/100000000001:uin/100000000001',
                        'Type' => 'CanonicalUser',
                    ),  
                    'Permission' => 'FULL_CONTROL',
                ),  
                // ... repeated
            ),  
            'Owner' => array(
                'DisplayName' => 'qcs::cam::uin/100000000001:uin/100000000001',
                'ID' => 'qcs::cam::uin/100000000001:uin/100000000001',
            )));
        // Request succeeded
        print_r($result);
    } catch (\Exception $e) {
        // Request failed
        echo "$e\n";
    }

    Parameter description

    Parameter Name Type Description Parent Node
    Bucket String Bucket name in the format of BucketName-APPID None
    Grants Array ACL permissions list None
    Grant Array ACL permission information Grants
    Grantee Array ACL permission information Grant
    Type String Owner permission type Grantee
    Permission String Permission type. Valid values: FULL_CONTROL, WRITE, READ Grant
    ACL String Overall permission type. Valid values: private, public-read, public-read-write None
    Owner String Bucket owner information None
    DisplayName String Permission owner name Grantee/Owner
    ID String Permission owner ID Grantee/Owner

    Querying bucket ACL

    Feature description

    This API is used to get the access control list (ACL) for a specified bucket.

    Method prototype

    public Guzzle\Service\Resource\Model getBucketAcl(array $args = array());

    Sample request

    try {
        $result = $cosClient->getBucketAcl(array(
            'Bucket' => 'examplebucket-1250000000' // Format: BucketName-APPID
        )); 
        // Request succeeded
        print_r($result);
    } catch (\Exception $e) {
        // Request failed
        echo($e);
    }

    Sample return result

    Array
    (
        [data:protected] => Array
            (
              [Owner] => Array
                  (
                     [ID] => qcs::cam::uin/100000000001:uin/100000000001
                     [DisplayName] => qcs::cam::uin/100000000001:uin/100000000001
                  )
    
              [Grants] => Array
                    (
                      [0] => Array
                          (
                            [Grantee] => Array
                               (
                                 [ID] => qcs::cam::uin/100000000001:uin/100000000001
                                 [DisplayName] => qcs::cam::uin/100000000001:uin/100000000001
                               )
    
                            [Permission] => FULL_CONTROL
                          )
    
                    )
    
              [RequestId] => NWE3YzhjMTRfYzdhMzNiMGFfYjdiOF8yYzZmMzU=
            )
    )

    Returned result description

    Parameter Name Type Description Parent Node
    Grants Array ACL permissions list None
    Grant Array ACL permission information Grants
    Grantee Array ACL permission information Grant
    Permission String Permission type. Valid values: FULL_CONTROL, WRITE, READ Grant
    Owner String Bucket owner information None
    DisplayName String Permission owner name Grantee/Owner
    ID String Permission owner ID Grantee/Owner

    Object ACL

    Setting object ACL

    Feature description

    This API (PUT Object acl) is used to set the access control list (ACL) for a specified object.

    Method prototype

    public Guzzle\Service\Resource\Model putObjectAcl(array $args = array());

    Sample request

    try {
        $result = $cosClient->putObjectAcl(array(
            'Bucket' => 'examplebucket-1250000000', // Format: BucketName-APPID
            'Key' => 'exampleobject',
            'ACL' => 'private',
            'Grants' => array(
                array(
                    'Grantee' => array(
                        'DisplayName' => 'qcs::cam::uin/100000000001:uin/100000000001',
                        'ID' => 'qcs::cam::uin/100000000001:uin/100000000001',
                        'Type' => 'CanonicalUser',
                    ),  
                    'Permission' => 'FULL_CONTROL',
                ),  
                // ... repeated
            ),  
            'Owner' => array(
                'DisplayName' => 'qcs::cam::uin/100000000001:uin/100000000001',
                'ID' => 'qcs::cam::uin/100000000001:uin/100000000001',
            )));
        // Request succeeded
        print_r($result);
    } catch (\Exception $e) {
        // Request failed
        echo "$e\n";
    }

    Parameter description

    Parameter Name Type Description Required
    Bucket String Bucket name in the format of BucketName-APPID Yes
    Key String Object key Yes
    Grants Array ACL permission list No
    Grant Array ACL permission information No
    Grantee Array ACL permission information No
    Type String Owner permission type No
    Permission String Permission type. Valid values: FULL_CONTROL, WRITE, READ No
    ACL String Overall permission type. Valid values: private, public-read No
    Owner String Bucket owner information No
    DisplayName String Permission owner name No
    ID String Permission owner ID No

    Querying object ACL

    Feature description

    This API (GET Object acl) is used to query the access control list (ACL) of a specified object.

    Method prototype

    public Guzzle\Service\Resource\Model getObjectAcl(array $args = array());

    Sample request

    try {
        $result = $cosClient->getObjectAcl(array(
            'Bucket' => 'examplebucket-1250000000', // Format: BucketName-APPID
            'Key' => 'exampleobject',
        )); 
        // Request succeeded
        print_r($result);
    } catch (\Exception $e) {
        // Request failed
        echo($e);
    }

    Sample return result

    Array
    (
        [data:protected] => Array
            (
                [Owner] => Array
                    (
                        [ID] => qcs::cam::uin/100000000001:uin/100000000001
                        [DisplayName] => qcs::cam::uin/100000000001:uin/100000000001
                    )
    
                [Grants] => Array
                    (
                        [0] => Array
                            (
                                [Grantee] => Array
                                    (
                                        [ID] => qcs::cam::uin/100000000001:uin/100000000001
                                        [DisplayName] => qcs::cam::uin/100000000001:uin/100000000001
                                    )
    
                                [Permission] => FULL_CONTROL
                            )
    
                    )
    
                [RequestId] => NWE3YzhjMTRfYzdhMzNiMGFfYjdiOF8yYzZmMzU=
            )
    )

    Returned result description

    Parameter Name Type Description Parent Node
    Grants Array ACL permissions list None
    Grant Array ACL permission information Grants
    Grantee Array ACL permission information Grant
    Permission String Permission type. Valid values: FULL_CONTROL, WRITE, READ Grant
    Owner String Bucket owner information None
    DisplayName String Permission owner name Grantee / Owner
    ID String Permission owner ID Grantee / Owner

    Was this page helpful?

    Was this page helpful?

    • Not at all
    • Not very helpful
    • Somewhat helpful
    • Very helpful
    • Extremely helpful
    Send Feedback
    Help