Available in Classic and VPC
Create an access control list (ACL) to apply to buckets in Object Storage, or edit an existing ACL.
Applying ACLs allows you to grant different sets of permissions to different storage accounts based on the account's identity or by using a predefined ACL (default ACL).
You can grant access to buckets and objects to members who are using NAVER Cloud Platform's Object Storage service.
For more information, see Access control list (ACL).
Requests
The following describes the request format for the endpoint. The request format is as follows.
| Method | URI |
|---|---|
| PUT | {bucket-name} |
Request syntax
The request syntax is as follows.
PUT https://{endpoint}/{bucket-name}?acl= # path style
PUT https://{bucket-name}.{endpoint}?acl= # virtual host style
Request headers
The following describes the bucket ACL settings API headers. For headers common to all Object Storage APIs, see Object Storage common headers.
| Headers | Description |
|---|---|
x-amz-acl |
Permissions granted to owners and users |
Request path parameters
The following describes the parameters.
| Field | Type | Required | Description |
|---|---|---|---|
bucket-name |
String | Required | Name of the bucket to create or edit access control list (ACL) for |
Request query parameters
The following describes the parameters.
| Field | Type | Required | Description |
|---|---|---|---|
acl |
String | Optional | Create or edit access control list (ACL) |
Request example
The following is a sample request.
Default ACL
The following is an example of requesting that a bucket be granted public-read permission through the x-amz-acl request header. Once that permission is granted, anyone using the storage account will be able to see the contents and ACL details of that bucket.
PUT /{bucket-name}?acl= HTTP/1.1
Host: kr.object.ncloudstorage.com
X-amz-date: {Timestamp}
x-amz-acl: public-read
Authorization: {authorization-string}
Custom ACL
The following is an example of using a different account to request to be able to view the ACLs applied to a bucket, but not to be able to view the objects stored in the bucket.
In the XML content below, the second account is granted all permissions, so it can perform all operations within the same bucket. Any user authenticated to the system can view objects in the bucket.
PUT /{bucket-name}?acl= HTTP/1.1
Host: kr.object.ncloudstorage.com
X-amz-date: {Timestamp}
Authorization: {authorization-string}
<?xml version="1.0" encoding="UTF-8"?>
<AccessControlPolicy xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<Owner>
<ID>{owner-user-id}</ID>
<DisplayName>{owner-user-id}</DisplayName>
</Owner>
<AccessControlList>
<Grant>
<Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
<ID>{first-grantee-user-id}</ID>
<DisplayName>{first-grantee-user-id}</DisplayName>
</Grantee>
<Permission>READ_ACP</Permission>
</Grant>
<Grant>
<Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
<ID>{second-grantee-user-id}</ID>
<DisplayName>{second-grantee-user-id}</DisplayName>
</Grantee>
<Permission>FULL_CONTROL</Permission>
</Grant>
</AccessControlList>
</AccessControlPolicy>
Responses
The following describes the response format.
Response headers
For response headers common to all Object Storage APIs, see Object Storage common response headers.
Response status codes
For response status codes common to all Object Storage APIs, see Object Storage response status codes.
Response example
The following is a sample response.
Default ACL
The following is a sample default ACL response.
HTTP/1.1 200 OK
Date: Wed, 24 Aug 2016 17:45:25 GMT
Accept-Ranges: bytes
x-amz-request-id: xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
Content-Length: 0
Custom ACL
The following is a sample custom ACL response.
HTTP/1.1 200 OK
Date: Wed, 24 Aug 2016 17:45:25 GMT
Accept-Ranges: bytes
x-amz-request-id: xxxxx-xxxxx-xxxxx-xxxxx-xxxxx