- Print
- PDF
PutBucketACL
- Print
- PDF
Overview
Creates an access control list (ACL) or updates the existing ACL of a bucket by making a PUT request with parameters to the bucket.
The ACL allows you to grant different permissions for each storage account by using an account ID or the predefined ACL (default ACL).
You can grant permissions to access buckets and objects of NAVER Cloud Platform’s Object Storage to the users using the service.
After signing up NAVER Cloud Platform’s Object Storage, you can get an ID available in Object Storage.
This ID is used to set access permissions to buckets and objects.
You can also grant public-read and public-write permissions to allow users to access the resources without authentication.
The following table describes permission types and operations available for each permission type.
Permission | Granted to buckets | Granted to objects |
---|---|---|
READ | Allows grantees to read objects in the bucket. | Allows grantees to read object data and metadata. |
WRITE | Allows grantees to create a new object or overwrite or delete the existing object. | N/A |
READ_ACP | Allows grantees to read ACLs of buckets. | Allows grantees to read ACLs of objects. |
WRITE_ACP | Allows grantees to set ACLs of buckets. | Allows grantees to set ACLs of objects. |
FULL_CONTROL | Allows grantees to perform all the operations available with the READ, WRITE, READ_ACP, and WRITE_ACP permissions. | Allows grantees to perform all the operations available with the READ, READ_ACP, and WRITE_ACP permissions. |
The following table describes default ACLs supported by NAVER Cloud Platform’s Object Storage. ACLs not included in the table are not supported.
Default ACL | Target | Description |
---|---|---|
private | Buckets and objects | Grants the owner FULL_CONTROL permissions (default) |
public-read | Buckets and objects | Grants the owner FULL_CONTROL permissions, and all users READ permissions. |
public-read-write | Buckets and objects | Grants the owner FULL_CONTROL permissions, and all users READ and WRITE permissions. |
authenticated-read | Buckets and objects | Grants the owner FULL_CONTROL permissions, and all users READ permissions. |
When READ permissions including public-read are applied to a bucket, grantees can only read the objects and cannot access them.
Request
Syntax
PUT https://{endpoint}/{bucket-name}?acl= # path style
PUT https://{bucket-name}.{endpoint}?acl= # virtual host style
Examples
Request example (Default ACL)
The following request grants public-read to the bucket with the name of “apiary.” When the permission is granted, all users with storage accounts can view the content of the bucket and its ACL details.
PUT /apiary?acl= HTTP/1.1
Authorization: {authorization-string}
x-amz-date: 20161011T190354Z
x-amz-acl: public-read
Host: kr.object.ncloudstorage.com
Response example
HTTP/1.1 200 OK
Date: Tue, 4 Oct 2016 19:03:55 GMT
Accept-Ranges: bytes
x-amz-request-id: 73d3cd4a-ff1d-4ac9-b9bb-43529b11356a
Content-Length: 0
Request example (Custom ACL)
The following request allows other accounts to view ACLs for the bucket with the name of “apiary” but not to view objects in the bucket. The third account, which has full control permissions, can perform all operations in the same bucket. All authorized users can view objects in the bucket.
PUT /apiary?acl= HTTP/1.1
Authorization: {authorization-string}
x-amz-date: 20161011T190354Z
Host: kr.object.ncloudstorage.com
<?xml version="1.0" encoding="UTF-8"?>
<AccessControlPolicy xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<Owner>
<ID>{owner-user-id}</ID>
<DisplayName>{owner-user-id}</DisplayName>
</Owner>
<AccessControlList>
<Grant>
<Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
<ID>{first-grantee-user-id}</ID>
<DisplayName>{first-grantee-user-id}</DisplayName>
</Grantee>
<Permission>READ_ACP</Permission>
</Grant>
<Grant>
<Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
<ID>{second-grantee-user-id}</ID>
<DisplayName>{second-grantee-user-id}</DisplayName>
</Grantee>
<Permission>FULL_CONTROL</Permission>
</Grant>
</AccessControlList>
</AccessControlPolicy>
Response example
HTTP/1.1 200 OK
Date: Tue, 4 Oct 2016 19:03:55 GMT
Accept-Ranges: bytes
x-amz-request-id: 73d3cd4a-ff1d-4ac9-b9bb-43529b11356a