tencent cloud

Cloud Object Storage

문서Cloud Object StorageUser ToolsCOSCLI (Beta)Common CommandsManagement Object ACL - object-acl

Management Object ACL - object-acl

PDF
포커스 모드
폰트 크기
마지막 업데이트 시간: 2025-10-28 15:55:46
The object-acl command is used to set and query object ACL.
Note:
To query object acl, when performing authorization policy, set action to cos:GetObjectACL.
To set object acl, when performing authorization policy, set action to cos:PutObjectACL.
For more authorization, please refer to Business APIs Supporting CAM.

Command Syntax

./coscli object-acl --method [method] cos://<bucket-name>/object
The object-acl command includes the following parameters:
Parameter Format
Description
Example
cos://<bucket-name>
Specify the target bucket. Supports using the bucket alias in configuration parameters or the bucket name for access. If using the bucket name for access, you must also include the endpoint flag.
Access with the bucket alias: cos://example-alias
Access with the bucket name: cos://examplebucket-1250000000
The object-acl command includes the following optional flags:
Flag Abbreviation
Flag Name
Description
-h
--help
Views the usage of this command.
None
--method
Specify the required operation, including put (set object ACL), get (object ACL query).
None
--acl
Set the file's ACL, such as private, public-read.
None
--grant-read
Grant the read permission of the object to the authorized. Format: id="[OwnerUin]", for example id="100000000001". Use comma (half-width) to separate multiple authorized entities, such as id="100000000001",id="100000000002".
None
--grant-read-acp
Grant the authorized permission to read the object's access control list (ACL). Format: id="[OwnerUin]", for example id="100000000001". Use comma (half-width) to separate multiple authorized entities, such as id="100000000001",id="100000000002".
None
--grant-write-acp
Grant the authorized permission to write to the object's access control list (ACL). Format: id="[OwnerUin]", for example id="100000000001". Use comma (half-width) to separate multiple authorized entities, such as id="100000000001",id="100000000002".
None
--grant-full-control
Grant all permissions on the operation object to the authorized. Format: id="[OwnerUin]", for example id="100000000001". Use comma (half-width) to separate multiple authorized entities, such as id="100000000001",id="100000000002".
Note:
For more general options for this command (such as switching buckets or user accounts), see Common Options.

Operation Example

Setting an ACL for an Object

Grant read permission on the object under bucket alias example-alias to 100000000013 and 100000000012. The command is as follows:
./coscli object-acl --method put cos://example-alias/object --grant-read="id=\\"100000000013\\",id=\\"100000000012\\""

Querying an Object ACL

Query the permission list of the object under bucket alias example-alias.
./coscli object-acl --method get cos://example-alias/object
Output the following result.
 SECTION  | KEY          | VALUE                                        
-----------+--------------+----------------------------------------------
  Owner    | UIN          |                                              
+          +--------------+---------------------------------------------+
           | ID           | qcs::cam::uin/1000000000:uin/1000000000      
+          +--------------+                                             +
           | Display Name |                                              
+----------+--------------+---------------------------------------------+
           |              |                                              
+----------+--------------+---------------------------------------------+
  Grant #1 | Permission   | READ                                         
+          +--------------+---------------------------------------------+
           | Grantee Type | CanonicalUser                                
+          +--------------+---------------------------------------------+
           | ID           | qcs::cam::uin/100000000013:uin/100000000013  
+          +--------------+                                             +
           | Display Name |                                              
+----------+--------------+---------------------------------------------+
           |              |                                              
+----------+--------------+---------------------------------------------+
  Grant #2 | Permission   | READ                                         
+          +--------------+---------------------------------------------+
           | Grantee Type | CanonicalUser                                
+          +--------------+---------------------------------------------+
           | ID           | qcs::cam::uin/100000000012:uin/100000000012  
+          +--------------+                                             +
           | Display Name |                                              
-----------+--------------+----------------------------------------------
Access Control List (ACL) Information

Summary:
 - Owner: qcs::cam::uin/1000000000:uin/1000000000 (UIN: )
 - Total Grants: 2
 - Permissions:
   - READ: 2 grants




이전 주제: Managing Bucket ACL - bucket-acl다음 주제: Bucket Policy - bucket-policy

도움말 및 지원

문제 해결에 도움이 되었나요?

피드백