You can set access permissions of folders in the COS console, so that specified users can perform specified operations on the content of the folders. You are recommended to follow the principle of least privilege when configuring permissions to protect your data assets.
COS stores objects in a flat structure with no traditional folder concept. In order to make COS customary, we turn an object into a "folder" by suffixing it with
/in its key. In fact, a "folder" in COS is an object with a storage capacity of 0 KB.
Folder permission is essentially access permission at the object level, which takes precedence over the bucket access permission. COS supports two types of object permissions:
|Public permission||Inherit||Default value, consistent with the bucket permission.|
|Private Read/Write||Only the root account has the read and write permissions on the folder. Non-root accounts (sub-accounts, the root accounts of other users, or anonymous users) cannot access the folder.|
|Public Read/Private Write||The root account has the read and write permissions on the folder. Non-root accounts (sub-accounts, the root accounts of other users, or anonymous users) can read content in the folder but cannot write new data into the folder.|
|Public Read/Write||Both the root account and non-root accounts (sub-accounts, the root accounts of other users, or anonymous users) have the read and write permissions on the folder.|
|User ACL||User Type||`Root account` indicates the root account of other users. `Sub-account` indicates the sub-account under the current root account.
To grant the access permission to a sub-account of another root account, you need to grant the access permission to that root account first and then grant the access permission to the sub-account from that root account.
|Read||Permission to read data|
|Write||Permission to write data|
|Read ACL||Permission to read folder permission configuration. With this permission, you can obtain folder permission configuration details.|
|Write ACL||Permission to modify folder permission configuration. With this permission, you can modify folder permission configuration details. Exercise caution with this configuration because it will cause permission changes.|
|Full control||Includes the Reads, Write, Read ACL, and Write ACL permissions. Exercise caution with this configuration because it grants a wide range of permissions.|