This API is used to query the ACL of an object. To call this API, you need to have permission to read the ACL of the object.
GET /<ObjectKey>?acl HTTP/1.1
Host: <BucketName-APPID>.cos.<Region>.myqcloud.com
Date: GMT Date
Authorization: Auth String
Note:
- In
Host: <bucketname-appid>.cos.<region>.myqcloud.com
,is the bucket name followed by the APPID, such as examplebucket-1250000000
(see Bucket Overview > Basic Information and Bucket Overview > Bucket Naming Conventions), andis a COS region (see Regions and Access Endpoints). - Authorization: Auth String (see Request Signature for more information).
This API has no request parameter.
This API only uses Common Request Headers.
This API does not have a request body.
This API only returns Common Response Headers.
A successful query returns the application/xml data, which contains the object owner and authorization information.
<AccessControlPolicy>
<Owner>
<ID>string</ID>
<DisplayName>string</DisplayName>
</Owner>
<AccessControlList>
<Grant>
<Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group">
<URI>string</URI>
</Grantee>
<Permission>Enum</Permission>
</Grant>
<Grant>
<Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
<ID>string</ID>
<DisplayName>string</DisplayName>
</Grantee>
<Permission>Enum</Permission>
</Grant>
</AccessControlList>
</AccessControlPolicy>
The nodes are described as follows:
Node Name (Keyword) | Parent Node | Description | Type |
---|---|---|---|
AccessControlPolicy | None | Stores the result of GET Object acl . |
Container |
Content of AccessControlPolicy
:
Node Name (Keyword) | Parent Node | Description | Type |
---|---|---|---|
Owner | AccessControlPolicy | Information about the object owner | Container |
AccessControlList | AccessControlPolicy | Information about the grantee and permissions | Container |
Content of AccessControlPolicy.Owner
:
Node Name (Keyword) | Parent Node | Description | Type |
---|---|---|---|
ID | AccessControlPolicy.Owner | Complete ID of the object owner, formatted as qcs::cam::uin/[OwnerUin]:uin/[OwnerUin] Example: qcs::cam::uin/100000000001:uin/100000000001 |
string |
DisplayName | AccessControlPolicy.Owner | Name of the object owner | string |
Content of AccessControlPolicy.AccessControlList
:
Node Name (Keyword) | Parent Node | Description | Type |
---|---|---|---|
Grant | AccessControlPolicy.AccessControlList | A single permission | Container |
Content of AccessControlPolicy.AccessControlList.Grant
:
Node Name (Keyword) | Parent Node | Description | Type |
---|---|---|---|
Grantee | AccessControlPolicy.AccessControlList.Grant | Grantee information. xsi:type can be set to Group or CanonicalUser . If xsi:type is set to Group , the child node can contain only URI . If xsi:type is set to CanonicalUser , the child node can contain only ID and DisplayName . |
Container |
Permission | AccessControlPolicy.AccessControlList.Grant | Permission granted. For the enumerated values, such as READ and FULL_CONTROL , please see Actions on objects in ACL Overview. |
Enum |
Content of AccessControlPolicy.AccessControlList.Grant.Grantee
:
Node Name (Keyword) | Parent Node | Description | Type |
---|---|---|---|
URI | AccessControlPolicy.AccessControlList.Grant.Grantee | Preset user group. For more information, please see Preset user group in ACL Overview. Example: http://cam.qcloud.com/groups/global/AllUsers , http://cam.qcloud.com/groups/global/AuthenticatedUsers |
string |
ID | AccessControlPolicy.AccessControlList.Grant.Grantee | Compete ID of the grantee, formatted as qcs::cam::uin/[OwnerUin]:uin/[OwnerUin] Example: qcs::cam::uin/100000000001:uin/100000000001 |
string |
DisplayName | AccessControlPolicy.AccessControlList.Grant.Grantee | Name of the grantee | string |
This API returns common error responses and error codes. For more information, please see Error Codes.
GET /exampleobject?acl HTTP/1.1
Host: examplebucket-1250000000.cos.ap-beijing.myqcloud.com
Date: Tue, 10 Sep 2019 08:29:26 GMT
Authorization: q-sign-algorithm=sha1&q-ak=AKID8A0fBVtYFrNm02oY1g1JQQF0c3JO****&q-sign-time=1568104166;1568111366&q-key-time=1568104166;1568111366&q-header-list=date;host&q-url-param-list=acl&q-signature=207b3066eaf73a81d80cf12bf9db594a1172****
Connection: close
HTTP/1.1 200 OK
Content-Type: application/xml
Content-Length: 742
Connection: close
Date: Tue, 10 Sep 2019 08:29:26 GMT
Server: tencent-cos
x-cos-request-id: NWQ3NzVlZTZfYmIwMmEwOV83YTQ5XzEzNTcx****
<AccessControlPolicy>
<Owner>
<ID>qcs::cam::uin/100000000001:uin/100000000001</ID>
<DisplayName>qcs::cam::uin/100000000001:uin/100000000001</DisplayName>
</Owner>
<AccessControlList>
<Grant>
<Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group">
<URI>http://cam.qcloud.com/groups/global/AllUsers</URI>
</Grantee>
<Permission>READ</Permission>
</Grant>
<Grant>
<Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
<ID>qcs::cam::uin/100000000002:uin/100000000002</ID>
<DisplayName>qcs::cam::uin/100000000002:uin/100000000002</DisplayName>
</Grantee>
<Permission>READ_ACP</Permission>
</Grant>
</AccessControlList>
</AccessControlPolicy>
Apakah halaman ini membantu?