Login
      Contents x
      PutBucketACL
        • Print
        • PDF
        Contents

        PutBucketACL

          • Print
          • PDF
          Article Summary

          Overview

          Creates an access control list (ACL) or updates the existing ACL of a bucket by making a PUT request with parameters to the bucket.
          The ACL allows you to grant different permissions for each storage account by using an account ID or the predefined ACL (default ACL).
          You can grant permissions to access buckets and objects of NAVER Cloud Platform’s Object Storage to the users using the service.
          After signing up NAVER Cloud Platform’s Object Storage, you can get an ID available in Object Storage.
          This ID is used to set access permissions to buckets and objects.
          You can also grant public-read and public-write permissions to allow users to access the resources without authentication.

          The following table describes permission types and operations available for each permission type.

          PermissionGranted to bucketsGranted to objects
          READAllows grantees to read objects in the bucket.Allows grantees to read object data and metadata.
          WRITEAllows grantees to create a new object or overwrite or delete the existing object.N/A
          READ_ACPAllows grantees to read ACLs of buckets.Allows grantees to read ACLs of objects.
          WRITE_ACPAllows grantees to set ACLs of buckets.Allows grantees to set ACLs of objects.
          FULL_CONTROLAllows grantees to perform all the operations available with the READ, WRITE, READ_ACP, and WRITE_ACP permissions.Allows grantees to perform all the operations available with the READ, READ_ACP, and WRITE_ACP permissions.

          The following table describes default ACLs supported by NAVER Cloud Platform’s Object Storage. ACLs not included in the table are not supported.

          Default ACLTargetDescription
          privateBuckets and objectsGrants the owner FULL_CONTROL permissions (default)
          public-readBuckets and objectsGrants the owner FULL_CONTROL permissions, and all users READ permissions.
          public-read-writeBuckets and objectsGrants the owner FULL_CONTROL permissions, and all users READ and WRITE permissions.
          authenticated-readBuckets and objectsGrants the owner FULL_CONTROL permissions, and all users READ permissions.

          When READ permissions including public-read are applied to a bucket, grantees can only read the objects and cannot access them.

          Request

          Syntax

          PUT https://{endpoint}/{bucket-name}?acl= # path style
PUT https://{bucket-name}.{endpoint}?acl= # virtual host style

          Examples

          Request example (Default ACL)

          The following request grants public-read to the bucket with the name of “apiary.” When the permission is granted, all users with storage accounts can view the content of the bucket and its ACL details.

          PUT /apiary?acl= HTTP/1.1
Authorization: {authorization-string}
x-amz-date: 20161011T190354Z
x-amz-acl: public-read
Host: kr.object.ncloudstorage.com

          Response example

          HTTP/1.1 200 OK
Date: Tue, 4 Oct 2016 19:03:55 GMT
Accept-Ranges: bytes
x-amz-request-id: 73d3cd4a-ff1d-4ac9-b9bb-43529b11356a
Content-Length: 0

          Request example (Custom ACL)

          The following request allows other accounts to view ACLs for the bucket with the name of “apiary” but not to view objects in the bucket. The third account, which has full control permissions, can perform all operations in the same bucket. All authorized users can view objects in the bucket.

          PUT /apiary?acl= HTTP/1.1
Authorization: {authorization-string}
x-amz-date: 20161011T190354Z
Host: kr.object.ncloudstorage.com

          <?xml version="1.0" encoding="UTF-8"?>
<AccessControlPolicy xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
  <Owner>
    <ID>{owner-user-id}</ID>
    <DisplayName>{owner-user-id}</DisplayName>
  </Owner>
  <AccessControlList>
    <Grant>
      <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
        <ID>{first-grantee-user-id}</ID>
        <DisplayName>{first-grantee-user-id}</DisplayName>
      </Grantee>
      <Permission>READ_ACP</Permission>
    </Grant>
    <Grant>
      <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
        <ID>{second-grantee-user-id}</ID>
        <DisplayName>{second-grantee-user-id}</DisplayName>
      </Grantee>
      <Permission>FULL_CONTROL</Permission>
    </Grant>
  </AccessControlList>
</AccessControlPolicy>

          Response example

          HTTP/1.1 200 OK
Date: Tue, 4 Oct 2016 19:03:55 GMT
Accept-Ranges: bytes
x-amz-request-id: 73d3cd4a-ff1d-4ac9-b9bb-43529b11356a
          Was this article helpful?
          What's Next
          Change password!
          Changing your password will log you out immediately. Use the new password to log back in.
          Change profile
          Success!
          First name must have atleast 2 characters. Numbers and special characters are not allowed.
          Last name must have atleast 1 characters. Numbers and special characters are not allowed.
          Enter a valid email
          Enter a valid password
          Your profile has been successfully updated.
          Logout