GET Bucket acl

Last updated: 2021-09-29 10:05:29

    Overview

    This API is used to query the access control list (ACL) of a bucket. To call this API, you need to have permission to read the ACL of the bucket.

    API Explorer is recommended.
    Debug
    API Explorer makes it easy to make online API calls, verify signatures, generate SDK code, search for APIs, etc. You can also use it to query the content of each request as well as its response.

    Request

    Sample request

    GET /?acl HTTP/1.1
    Host: <BucketName-APPID>.cos.<Region>.myqcloud.com
    Date: GMT Date
    Authorization: Auth String
    
    Note:

    Request parameters

    This API has no request parameter.

    Request headers

    This API only uses Common Request Headers.

    Request body

    The request body of this request is empty.

    Response

    Response headers

    This API only returns Common Response Headers.

    Response body

    A successful query returns the application/xml data that includes information about the bucket owner and authorization.

    <AccessControlPolicy>
    <Owner>
    <ID>string</ID>
    <DisplayName>string</DisplayName>
    </Owner>
    <AccessControlList>
    <Grant>
        <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group">
            <URI>string</URI>
        </Grantee>
        <Permission>Enum</Permission>
    </Grant>
    <Grant>
        <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
            <ID>string</ID>
            <DisplayName>string</DisplayName>
        </Grantee>
        <Permission>Enum</Permission>
    </Grant>
    </AccessControlList>
    </AccessControlPolicy>
    

    The nodes are described as follows:

    Node Name (Keyword) Parent Node Description Type
    AccessControlPolicy None Stores the result of GET Bucket acl. Container

    Content of AccessControlPolicy:

    Node Name (Keyword) Parent Node Description Type
    Owner AccessControlPolicy Information about the bucket owner Container
    AccessControlList AccessControlPolicy Information about the grantee and permissions Container

    Content of Owner:

    Node Name (Keyword) Parent Node Description Type
    ID AccessControlPolicy.Owner Complete ID of the bucket owner, formatted as qcs::cam::uin/[OwnerUin]:uin/[OwnerUin]
    Example: qcs::cam::uin/100000000001:uin/100000000001
    string
    DisplayName AccessControlPolicy.Owner Name of the bucket owner string

    Content of AccessControlList:

    Node Name (Keyword) Parent Node Description Type
    Grant AccessControlPolicy.AccessControlList A single permission Container

    Content of AccessControlList.Grant:

    Node Name (Keyword) Parent Node Description Type
    Grantee AccessControlPolicy.AccessControlList.Grant Grantee information. xsi:type can be set to Group or CanonicalUser. If it’s set to Group, the child node can contain only URI. If it’s set to CanonicalUser, the child node can contain only ID and DisplayName. Container
    Permission AccessControlPolicy.AccessControlList.Grant Permission granted. For the enumerated values such as WRITE and FULL_CONTROL, please see Actions on buckets in ACL Overview. Enum

    Content of AccessControlList.Grant.Grantee:

    Node Name (Keyword) Parent Node Description Type
    URI AccessControlPolicy.AccessControlList.Grant.Grantee Preset user group. For more information, please see Preset user group in ACL Overview.
    Examples: http://cam.qcloud.com/groups/global/AllUsers, http://cam.qcloud.com/groups/global/AuthenticatedUsers
    string
    ID AccessControlPolicy.AccessControlList.Grant.Grantee Compete ID of the grantee, formatted as qcs::cam::uin/[OwnerUin]:uin/[OwnerUin]
    Example: qcs::cam::uin/100000000001:uin/100000000001
    string
    DisplayName AccessControlPolicy.AccessControlList.Grant.Grantee Name of the grantee string

    Error codes

    This API returns common error responses and error codes. For more information, please see Error Codes.

    Sample

    Request

    GET /?acl HTTP/1.1
    Host: examplebucket-1250000000.cos.ap-beijing.myqcloud.com
    Date: Mon, 17 Jun 2019 08:37:35 GMT
    Authorization: q-sign-algorithm=sha1&q-ak=AKID8A0fBVtYFrNm02oY1g1JQQF0c3JO****&q-sign-time=1560760655;1560767855&q-key-time=1560760655;1560767855&q-header-list=date;host&q-url-param-list=acl&q-signature=24b9d377eac860917a33c8c298042ce5b1a5****
    Connection: close
    

    Response

    HTTP/1.1 200 OK
    Content-Type: application/xml
    Content-Length: 1035
    Connection: close
    Date: Mon, 17 Jun 2019 08:37:36 GMT
    Server: tencent-cos
    x-cos-request-id: NWQwNzUxNTBfMzdiMDJhMDlfOWM0Nl85NDFk****
    <AccessControlPolicy>
    <Owner>
    <ID>qcs::cam::uin/100000000001:uin/100000000001</ID>
    <DisplayName>qcs::cam::uin/100000000001:uin/100000000001</DisplayName>
    </Owner>
    <AccessControlList>
    <Grant>
        <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group">
            <URI>http://cam.qcloud.com/groups/global/AllUsers</URI>
        </Grantee>
        <Permission>READ</Permission>
    </Grant>
    <Grant>
        <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
            <ID>qcs::cam::uin/100000000002:uin/100000000002</ID>
            <DisplayName>qcs::cam::uin/100000000002:uin/100000000002</DisplayName>
        </Grantee>
        <Permission>WRITE</Permission>
    </Grant>
    <Grant>
        <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
            <ID>qcs::cam::uin/100000000002:uin/100000000002</ID>
            <DisplayName>qcs::cam::uin/100000000002:uin/100000000002</DisplayName>
        </Grantee>
        <Permission>READ_ACP</Permission>
    </Grant>
    </AccessControlList>
    </AccessControlPolicy>