Tencent Cloud Documentation

Help & DocumentationCloud Object StorageAPI DocumentationObject APIsAccess Control List (acl)PUT Object acl

PUT Object acl

Last updated: 2019-12-16 17:58:14

Description

This API is used to make ACL configuration for a specified object in a specified bucket. You can pass in the ACL configuration through the x-cos-acl, x-cos-grant-read, and x-cos-grant-full-control headers or through the request body in XML format.

Request

Sample Request

PUT /<ObjectKey>?acl HTTP/1.1
Host: <BucketName-APPID>.cos.<Region>.myqcloud.com
Date: GMT Date
Authorization: Auth String

Authorization: Auth String (see Request Signature for more information).

Request Headers

Common Headers

The implementation of this operation uses common request headers. For more information on common request headers, see Common Request Headers.

Special Headers

Name	Description	Type	Required
x-cos-acl	Defines the ACL attribute of the object. Valid values: `private`, `public-read`, and `default`. Default value: `default` (i.e., inheriting the bucket's permission). Note: currently, there can be up to 1,000 entries in one ACL. If you do not need access control for the object, set `default` for this parameter or simply leave it blank, and the object will inherit the permissions of the bucket	string	No
x-cos-grant-read	Grants the grantee Read access. Format: `x-cos-grant-read: id="[OwnerUin]"`	String	No
x-cos-grant-full-control	Grants the grantee full permission. Format: `x-cos-grant-full-control: id="[OwnerUin]"`	String	No

Request Body

This response body returns application/xml data. The following contains all the node data:

<AccessControlPolicy>
  <Owner>
    <ID>qcs::cam::uin/100000000001:uin/100000000001</ID>
    <DisplayName>qcs::cam::uin/100000000001:uin/100000000001</DisplayName>
  </Owner>
  <AccessControlList>
    <Grant>
      <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group">
           <URI>http://cam.qcloud.com/groups/global/AllUsers</URI>
      </Grantee>
      <Permission>READ</Permission>
    </Grant>
    <Grant>
      <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
        <ID>qcs::cam::uin/100000000001:uin/100000000001</ID>
        <DisplayName>qcs::cam::uin/100000000001:uin/100000000001</DisplayName>
      </Grantee>
      <Permission>FULL_CONTROL</Permission>
     </Grant>
  </AccessControlList>
</AccessControlPolicy>

Detailed data are shown below:

Node Name (Keyword)	Parent Node	Description	Type	Required
AccessControlPolicy	None	Container storing the result of `GET Object acl`	Container	Yes

Content of the Container node AccessControlPolicy:

Node Name (Keyword)	Parent Node	Description	Type	Required
Owner	AccessControlPolicy	Information on the object owner	Container	Yes
AccessControlList	AccessControlPolicy	Information on the grantee and permissions	Container	Yes

Content of the Container node Owner:

Node Name (Keyword)	Parent Node	Description	Type	Required
ID	AccessControlPolicy.Owner	Object owner ID. Format: `qcs::cam::uin/<OwnerUin>:uin/<SubUin>` For root accounts, `<OwnerUin>` and `<SubUin>` have the same value	String	Yes
DisplayName	AccessControlPolicy.Owner	Object owner name	String	Yes

Content of the Container node AccessControlList:

Node Name (Keyword)	Parent Node	Description	Type	Required
Grant	AccessControlPolicy.AccessControlList	Permissions on a single object. One `AccessControlList` can have 100 `Grant` entries	Container	Yes

Content of the Container node Grant:

Node Name (Keyword)	Parent Node	Description	Type	Required
Grantee	AccessControlPolicy.AccessControlList.Grant	Describes the information on the grantee. The type can be `RootAccount` or `Subaccount`. If the type is `RootAccount`, the ID specifies a root account. If the type is `Subaccount`, the ID specifies a sub-account	Container	Yes
Permission	AccessControlPolicy.AccessControlList.Grant	Specifies the permission granted to the grantee. Enumerated values: `READ`, `FULL_CONTROL`	String	Yes

Content of the Container node Grantee:

Node Name (Keyword)	Parent Node	Description	Type	Required
URI	AccessControlPolicy.AccessControlList.Grant.Grantee	Specifies all users	String	Yes
ID	AccessControlPolicy.AccessControlList.Grant.Grantee	User ID in the format of `qcs::cam::uin/<OwnerUin>:uin/<SubUin>` For root accounts, `<OwnerUin>` and `<SubUin>` have the same value	String	Yes
DisplayName	AccessControlPolicy.AccessControlList.Grant.Grantee	Username	String	Yes

Response

Response Headers

Common Response Headers

This response uses common response headers. For more information on common response headers, see Common Response Headers.

Special Response Headers

This request operation does not use any special response header.

Response Body

The response body of this request is empty.

Error Codes

This response may contain the following error codes. For common error messages, see Error Codes.

Error Code	Description	HTTP Status Code
SignatureDoesNotMatch	This error code will be returned if the provided signature does not conform to the rule	403 Forbidden
NoSuchBucket	If the bucket to which you want to add the rule does not exist, this error code will be returned	404 Not Found
MalformedXML	Invalid XML format. Please check against the RESTful API documentation	400 Bad Request
InvalidRequest	Invalid request. If the error message shows "header acl and body acl conflict", it means that you cannot set the ACL parameters in the header and the body at the same time	400 Bad Request

Example

Request

PUT /exampleobject?acl HTTP/1.1
Host: examplebucket-1250000000.cos.ap-beijing.myqcloud.com
Date: Fri, 25 Feb 2017 04:10:22 GMT
Authorization: q-sign-algorithm=sha1&q-ak=AKIDWtTCBYjM5OwLB9CAwA1Qb2ThTSUjfGFO&q-sign-time=1484724784;32557620784&q-key-time=1484724784;32557620784&q-header-list=host&q-url-param-list=acl&q-signature=785d9075b8154119e6a075713c1b9e56ff0bddfc
Content-Length: 229
Content-Type: application/x-www-form-urlencoded

<AccessControlPolicy>
  <Owner>
    <ID>qcs::cam::uin/100000000001:uin/100000000001</ID>
    <DisplayName>qcs::cam::uin/100000000001:uin/100000000001</DisplayName>
  </Owner>
  <AccessControlList>
    <Grant>
      <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group">
           <URI>http://cam.qcloud.com/groups/global/AllUsers</URI>
      </Grantee>
      <Permission>READ</Permission>
    </Grant>
    <Grant>
      <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
        <ID>qcs::cam::uin/100000000001:uin/100000000001</ID>
        <DisplayName>qcs::cam::uin/100000000001:uin/100000000001</DisplayName>
      </Grantee>
      <Permission>FULL_CONTROL</Permission>
     </Grant>
  </AccessControlList>
</AccessControlPolicy>

Response

HTTP/1.1 200 OK
Content-Type: application/xml
Content-Length: 0
Connection: keep-alive
Date: Fri, 25 Feb 2017 04:10:22 GMT\
Server: tencent-cos
x-cos-request-id: NTg3ZjFjMmJfOWIxZjRlXzZmNDhfMjIw

Previous: SELECT Object Content Next: GET Object acl

Feedback

Sales Support

Contact our sales team or business advisors to help your business.

Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

7x24 Phone Support

Hong Kong, China

+852 800-964-163 (Toll Free)

United States

+1 888-652-2736 (Toll Free)

Others

+86 75595716

Tencent Cloud Documentation

PUT Object acl

Contents：

Description

Request

Sample Request

Request Headers

Common Headers

Special Headers

Request Body

Response

Response Headers

Common Response Headers

Special Response Headers

Response Body

Error Codes

Example

Request

Response

Contact Us

User Center

Documentation

Support

7x24 Hotline