Manage file access permissions (Python SDK V1)

更新时间:
复制 MD 格式

Use the OSS SDK for Python V1 to set and retrieve access control lists (ACLs) for objects in a versioning-enabled bucket. Both operations target the current version by default; pass versionId to act on a specific version.

Prerequisites

Before you begin, ensure that you have:

  • A versioning-enabled OSS bucket

  • The oss:PutObjectAcl permission to set object ACLs

  • The oss:GetObjectAcl permission to retrieve object ACLs

  • Access credentials stored in the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables

The examples use the public endpoint for the China (Hangzhou) region. To access OSS from other Alibaba Cloud services in the same region, use an internal endpoint. To create an OSSClient instance using a custom domain name or Security Token Service (STS), see Initialization.

ACL values

The following ACL values are available for objects:

SDK constantACL valueAccess
oss2.OBJECT_ACL_DEFAULTdefaultInherits the bucket ACL
oss2.OBJECT_ACL_PRIVATEprivateOnly the object owner has read/write access
oss2.OBJECT_ACL_PUBLIC_READpublic-readThe object owner has read/write access; all users have read access
oss2.OBJECT_ACL_PUBLIC_READ_WRITEpublic-read-writeAll users have read/write access

Set an object ACL

PutObjectACL sets the ACL for the current version of an object. If the current version is a delete marker, OSS returns a 404 Not Found error. To set the ACL for a specific version, include versionId in the request parameters.

# -*- coding: utf-8 -*-
import oss2
from oss2.credentials import EnvironmentVariableCredentialsProvider

# Load access credentials from environment variables.
# Set OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET before running this code.
auth = oss2.ProviderAuthV4(EnvironmentVariableCredentialsProvider())

# Replace with the endpoint for your bucket's region.
endpoint = "https://oss-cn-hangzhou.aliyuncs.com"
# Required for V4 signatures.
region = "cn-hangzhou"

bucket = oss2.Bucket(auth, endpoint, "<your-bucket-name>", region=region)

# Set the ACL for a specific version of an object.
params = {"versionId": "<your-object-version-id>"}
result = bucket.put_object_acl("<your-object-name>", oss2.OBJECT_ACL_PUBLIC_READ, params=params)

print("Version ID of the object whose ACL was updated:", result.versionid)

Replace the following placeholders:

PlaceholderDescriptionExample
<your-bucket-name>Name of your OSS bucketmy-bucket
<your-object-name>Key of the objectphotos/image.jpg
<your-object-version-id>Version ID of the object version to targetCAEQARiBgID...

Get an object ACL

GetObjectACL retrieves the ACL for the current version of an object. If the current version is a delete marker, OSS returns a 404 Not Found error. To retrieve the ACL for a specific version, include versionId in the request parameters.

# -*- coding: utf-8 -*-
import oss2
from oss2.credentials import EnvironmentVariableCredentialsProvider

# Load access credentials from environment variables.
# Set OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET before running this code.
auth = oss2.ProviderAuthV4(EnvironmentVariableCredentialsProvider())

# Replace with the endpoint for your bucket's region.
endpoint = "https://oss-cn-hangzhou.aliyuncs.com"
# Required for V4 signatures.
region = "cn-hangzhou"

bucket = oss2.Bucket(auth, endpoint, "<your-bucket-name>", region=region)

# Retrieve the ACL for a specific version of an object.
params = {"versionId": "<your-object-version-id>"}
result = bucket.get_object_acl("<your-object-name>", params=params)

print("ACL:", result.acl)
print("Version ID:", result.versionid)

Replace the following placeholders:

PlaceholderDescriptionExample
<your-bucket-name>Name of your OSS bucketmy-bucket
<your-object-name>Key of the objectphotos/image.jpg
<your-object-version-id>Version ID of the object version to targetCAEQARiBgID...

What's next