Use Go SDK V2 to set and retrieve the access control list (ACL) of an object.
Usage notes
-
The sample code in this topic uses the China (Hangzhou) region (
cn-hangzhou) and the public endpoint. To access OSS from other Alibaba Cloud products in the same region, use an internal endpoint. For more information about region-to-endpoint mappings, see OSS regions and endpoints. -
The sample code reads access credentials from environment variables. For more information about how to configure access credentials, see Configure access credentials.
-
To set the access permissions of an object, you must have the
oss:PutObjectAclpermission. To retrieve the access permissions of an object, you must have theoss:GetObjectAclpermission. For more information, see Grant a custom policy to a RAM user.
Types of ACLs
The following table describes the four ACL types for objects.
|
Access permission |
Description |
Access permission value |
|
Inherit from bucket |
The object inherits the access permissions of the bucket. |
oss.ObjectACLDefault |
|
Private |
Only the object owner and authorized users have read and write permissions on the object. Other users cannot access the object. |
oss.ObjectACLPrivate |
|
Public-read |
The object owner and authorized users have read and write permissions on the object. Other users have only read permissions. Exercise caution when you grant this permission. |
ObjectACLPublicRead |
|
Public-read-write |
All users have read and write permissions on the object. Exercise caution when you grant this permission. |
oss.ObjectACLPublicReadWrite |
The ACL of an object takes precedence over the ACL of the bucket. For example, if the bucket ACL is private but the object ACL is public-read-write, all users have read and write permissions on the object. If no ACL is set for an object, the object inherits the ACL of the bucket.
Sample code
The following code shows how to set and retrieve the ACL of an object.
package main
import (
"context"
"flag"
"log"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials"
)
// Define global variables.
var (
region string // The region where the bucket is located.
bucketName string // The name of the bucket.
objectName string // The name of the object.
)
// The init function is used to initialize command-line parameters.
func init() {
flag.StringVar(®ion, "region", "", "The region in which the bucket is located.")
flag.StringVar(&bucketName, "bucket", "", "The name of the bucket.")
flag.StringVar(&objectName, "object", "", "The name of the object.")
}
func main() {
// Parse command-line parameters.
flag.Parse()
// Check whether the region is empty.
if len(region) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, region required")
}
// Check whether the bucket name is empty.
if len(bucketName) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, bucket name required")
}
// Check whether the object name is empty.
if len(objectName) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, object name required")
}
// Load the default configurations and set the credential provider and region.
cfg := oss.LoadDefaultConfig().
WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
WithRegion(region)
// Create an OSS client.
client := oss.NewClient(cfg)
// Create a request to set the ACL of the object.
putRequest := &oss.PutObjectAclRequest{
Bucket: oss.Ptr(bucketName), // The name of the bucket.
Key: oss.Ptr(objectName), // The name of the object.
Acl: oss.ObjectACLPrivate, // Set the ACL of the object to private.
}
// Execute the operation to set the ACL of the object.
putResult, err := client.PutObjectAcl(context.TODO(), putRequest)
if err != nil {
log.Fatalf("failed to put object acl %v", err)
}
// Print the result of setting the object ACL.
log.Printf("put object acl result:%#v\n", putResult)
// Create a request to obtain the ACL (access control list) of the object.
getRequest := &oss.GetObjectAclRequest{
Bucket: oss.Ptr(bucketName), // The name of the bucket.
Key: oss.Ptr(objectName), // The name of the object.
}
// Execute the operation to obtain the ACL of the object.
getResult, err := client.GetObjectAcl(context.TODO(), getRequest)
if err != nil {
log.Fatalf("failed to get object acl %v", err)
}
// Print the result of obtaining the object ACL.
log.Printf("get object acl result:%#v\n", getResult)
}
References
-
For the complete sample code that is used to set the ACL of an object, see GitHub sample.
-
For more information about the API operation used to set the ACL of an object, see PutObjectAcl.
-
For the complete sample code that is used to retrieve the ACL of an object, see GitHub sample.
-
For more information about the API operation used to retrieve the ACL of an object, see GetObjectAcl.