- Print
- PDF
PutObjectACL
- Print
- PDF
Overview
Creates ACLs for the object by making a PUT request with parameters to the object.
The ACL allows you to grant different permissions by using an account ID or the predefined ACL (default ACL).
You can grant permissions to access buckets and objects of NAVER Cloud Platform’s Object Storage to the users using the service.
After signing up NAVER Cloud Platform’s Object Storage, you can get an ID available in Object Storage.
This ID is used to set access permissions to buckets and objects.
You can also grant public-read and public-write permissions to allow users to access the resources without authentication.
The following table describes permission types and operations available for each permission type.
Permission | Granted to buckets | Granted to objects |
---|---|---|
READ | Allows grantees to read objects in the bucket. | Allows grantees to read object data and metadata. |
WRITE | Allows grantees to create a new object or overwrite or delete the existing object. | N/A |
READ_ACP | Allows grantees to read ACLs of buckets. | Allows grantees to read ACLs of objects. |
WRITE_ACP | Allows grantees to set ACLs of buckets. | Allows grantees to set ACLs of objects. |
FULL_CONTROL | Allows grantees to perform all the operations available with the READ, WRITE, READ_ACP, and WRITE_ACP permissions. | Allows grantees to perform all the operations available with the READ, READ_ACP, and WRITE_ACP permissions. |
The following table describes default ACLs supported by NAVER Cloud Platform’s Object Storage. ACLs not included in the table are not supported.
Default ACL | Target | Description |
---|---|---|
private | Buckets and objects | Grants the owner FULL_CONTROL permissions (default). |
public-read | Buckets and objects | Grants the owner FULL_CONTROL permissions, and all users READ permissions. |
public-read-write | Buckets and objects | Grants the owner FULL_CONTROL permissions, and all users READ and WRITE permissions. |
authenticated-read | Buckets and objects | Grants the owner FULL_CONTROL permissions, and all users READ permissions. |
The WRITE permission cannot be granted to objects (it can be granted only to buckets).
Request
Syntax
PUT https://{endpoint}/{bucket-name}/{object-name}?acl= # path style
PUT https://{bucket-name}.{endpoint}/{object-name}?acl= # virtual host style
Examples
Request example (Default ACL)
You can pass the x-amz-acl header and the default ACL to assign the ACL to an object.
PUT /example-bucket/queen-bee?acl= HTTP/1.1
Authorization: {authorization-string}
x-amz-date: 20161207T162842Z
x-amz-acl: public-read
Host: kr.object.ncloudstorage.com
Response example
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2016 16:28:42 GMT
Accept-Ranges: bytes
x-amz-request-id: b8dea44f-af20-466d-83ec-2a8563f1617b
Content-Length: 0
Request example (Default ACL, request upload)
You can pass the x-amz-acl header and the default ACL to set the default ACL when uploading an object. The following request allows the queen-bee object to be accessed anonymously by anyone.
PUT /example-bucket/queen-bee HTTP/1.1
Authorization: {authorization-string}
x-amz-date: 20161207T162842Z
x-amz-acl: public-read
Host: kr.object.ncloudstorage.com
Response example
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2016 16:28:42 GMT
Accept-Ranges: bytes
x-amz-request-id: b8dea44f-af20-466d-83ec-2a8563f1617b
Content-Length: 0
Request example (Custom ACL)
The following request specifies a custom ACL which allows other accounts to view ACLs for the queen-bee object but not to access the object itself. The third account, which has full control permissions, can perform all operations in the same object.
PUT /example-bucket/queen-bee?acl= HTTP/1.1
Authorization: {authorization-string}
x-amz-date: 20161207T163315Z
Content-Type: text/plain
Host: kr.object.ncloudstorage.com
Content-Length: 564
<?xml version="1.0" encoding="UTF-8"?>
<AccessControlPolicy xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<Owner>
<ID>{owner-user-id}</ID>
<DisplayName>OwnerDisplayName</DisplayName>
</Owner>
<AccessControlList>
<Grant>
<Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
<ID>{first-grantee-user-id}</ID>
<DisplayName>{first-grantee-user-id}</DisplayName>
</Grantee>
<Permission>READ_ACP</Permission>
</Grant>
<Grant>
<Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
<ID>{second-grantee-user-id}</ID>
<DisplayName>{second-grantee-user-id}</DisplayName>
</Grantee>
<Permission>FULL_CONTROL</Permission>
</Grant>
</AccessControlList>
</AccessControlPolicy>
Response example
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2016 17:11:51 GMT
Accept-Ranges: bytes
x-amz-request-id: ef02ea42-6fa6-4cc4-bec4-c59bc3fcc9f7
Content-Length: 0