Overview

You can set access permissions of folders in the COS console, so that specified users can perform specified operations on the content of the folders. You are recommended to follow the principle of least privilege when configuring permissions to protect your data assets.

Note：

COS stores objects in a flat structure with no traditional folder concept. In order to make COS customary, we turn an object into a "folder" by suffixing it with / in its key. In fact, a "folder" in COS is an object with a storage capacity of 0 KB.

Folder permission is essentially access permission at the object level, which takes precedence over the bucket access permission. COS supports two types of object permissions:

• Public permissions: inherited permission, private read/write, and public read/private write. For more information on public permissions, please see Access Permission Types.
• User permissions: the root account has all the permissions of the object by default (i.e., full access). In COS, sub-accounts can be added to read/write data, read/write permissions, and have the full access.

Directions

1. Log in to the COS console.
2. In the left sidebar, click Bucket List to go to the bucket list page.
3. Locate the bucket where the folder is located and click the bucket name to go to the bucket management page.
4. In the left sidebar, choose File List to go to the file list page.
5. Locate the folder for permission setting, and click Permission.
   
6. In the pop-up window, set folder permissions as required.
   
   Permission settings are described as follows:

   Permission Type	Parameter	Description
   Public permission	Inherit	Default value, consistent with the bucket permission.
   	Private Read/Write	Only the root account has the read and write permissions on the folder. Non-root accounts (sub-accounts, the root accounts of other users, or anonymous users) cannot access the folder.
   	Public Read/Private Write	The root account has the read and write permissions on the folder. Non-root accounts (sub-accounts, the root accounts of other users, or anonymous users) can read content in the folder but cannot write new data into the folder.
   	Public Read/Write	Both the root account and non-root accounts (sub-accounts, the root accounts of other users, or anonymous users) have the read and write permissions on the folder.
   User ACL	User Type	`Root account` indicates the root account of other users. `Sub-account` indicates the sub-account under the current root account. To grant the access permission to a sub-account of another root account, you need to grant the access permission to that root account first and then grant the access permission to the sub-account from that root account.
   	Reads	Permission to read data
   	Write	Permission to write data
   	Read ACL	Permission to read folder permission configuration. With this permission, you can obtain folder permission configuration details.
   	Write ACL	Permission to modify folder permission configuration. With this permission, you can modify folder permission configuration details. Exercise caution with this configuration because it will cause permission changes.
   	Full control	Includes the Reads, Write, Read ACL, and Write ACL permissions. Exercise caution with this configuration because it grants a wide range of permissions.

7. Click Save in the Operation column.
8. Click Disable.