Bucket and Object ACLs
Estimated time to read: 2 minutes
Below you can find default ACLs. Without setting an ACL you have the effects of the private ACL.
| ACL Name | Effect |
|---|---|
| private | Only the bucket/object owner has full control (default). |
| public-read | Anyone can read the bucket/object, but only the owner can modify or delete it. |
| authenticated-read | Any authenticated AWS/Ceph user can read the object, but only the owner can modify or delete it. |
Access Control Bucket Policies CORS
Set Bucket ACL
Get Bucket ACL
To retrieve the current bucket ACL:
aws s3api get-bucket-acl --bucket <bucket_name>
---
{
"Owner": {
"DisplayName": "<user_name>",
"ID": "<tenant>$<user_id>"
},
"Grants": [
{
"Grantee": {
"Type": "Group",
"URI": "http://acs.amazonaws.com/groups/global/AllUsers"
},
"Permission": "READ"
},
{
"Grantee": {
...
},
"Permission": "FULL_CONTROL"
}
]
}
Delete Bucket ACL
It is not possible to delete a bucket ACL, update the bucket ACL to private instead:
Set Object ACL
Get Object ACL
To retrieve the current bucket ACL:
aws s3api get-object-acl --bucket <bucket_name> --key <object_name>
---
{
"Owner": {
"DisplayName": "<user_name>",
"ID": "<tenant>$<user_id>"
},
"Grants": [
{
"Grantee": {
"Type": "Group",
"URI": "http://acs.amazonaws.com/groups/global/AllUsers"
},
"Permission": "READ"
},
{
"Grantee": {
...
},
"Permission": "FULL_CONTROL"
}
]
}
Delete Object ACL
It is not possible to delete a bucket ACL, update the bucket ACL to private instead:
Specific ACLs
It is also possible to make more specific ACLs by using the commands: