CloudBox Object ACLs

更新时间:
复制 MD 格式

Object-level access control lets you grant different read/write permissions to individual objects in an OSS on CloudBox bucket, independent of the bucket's own permissions. Use object ACLs when different objects in the same bucket need different access levels.

Object ACLs support three permission levels:

ACLWho can access
privateOnly the object owner has full control. All other access is denied.
public-readAnyone can read the object, including anonymous requests. The owner retains full control.
public-read-writeAnyone can read and write the object. The owner retains full control.

Object ACL takes precedence over bucket ACL. If no object ACL is set, the object inherits the bucket's ACL. If an object ACL is set, it overrides the bucket ACL regardless of the bucket's permission level.

Warning

Avoid setting public-read-write on objects unless your use case specifically requires anonymous write access. This allows anyone on the internet to modify or delete the object.

Prerequisites

Before you begin, make sure you have:

Set an object ACL

Use the Java SDK

Setting object ACLs via SDK requires Java SDK version 3.15.0 or later.

The following example sets the ACL of an object to private using Signature Version 4:

import com.aliyun.oss.ClientException;
import com.aliyun.oss.OSS;
import com.aliyun.oss.OSSClientBuilder;
import com.aliyun.oss.OSSException;
import com.aliyun.oss.model.CannedAccessControlList;
import com.aliyun.oss.common.auth.CredentialsProviderFactory;
import com.aliyun.oss.common.auth.EnvironmentVariableCredentialsProvider;
import com.aliyun.oss.ClientBuilderConfiguration;
import com.aliyun.oss.common.comm.SignVersion;
import com.aliyun.oss.common.auth.DefaultCredentialProvider;

public class Demo {
    public static void main(String[] args) throws Exception {
        // Specify the data endpoint of the OSS on CloudBox bucket.
        String endpoint = "https://cb-f8z7yvzgwfkl9q0h****.cn-hangzhou.oss-cloudbox.aliyuncs.com";
        // Obtain access credentials from environment variables. Before running this sample code, make sure the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are set.
        EnvironmentVariableCredentialsProvider credentialsProvider = CredentialsProviderFactory.newEnvironmentVariableCredentialsProvider();
        // Specify the name of the OSS on CloudBox bucket, such as examplebucket.
        String bucketName = "examplebucket";
        // Specify the region where the OSS on CloudBox bucket is located.
        String region = "cn-hangzhou";
        // Specify the CloudBox ID.
        String cloudBoxId = "cb-f8z7yvzgwfkl9q0h****";
        // Specify the full path of the object. The path cannot include the bucket name. Example: testfolder/exampleobject.txt.
        String objectName = "testfolder/exampleobject.txt";

        // Create an OSSClient instance.
        // When the OSSClient instance is no longer used, call the shutdown method to release resources.
        ClientBuilderConfiguration conf = new ClientBuilderConfiguration();
        conf.setSignatureVersion(SignVersion.V4);
        OSS ossClient = OSSClientBuilder.create()
                .endpoint(endpoint)
                .credentialsProvider(new DefaultCredentialProvider(credentialsProvider.getCredentials()))
                .clientConfiguration(conf)
                .region(region)
                .cloudBoxId(cloudBoxId)
                .build();

        try {
            // Set the access permissions of the object to private.
            ossClient.setObjectAcl(bucketName, objectName, CannedAccessControlList.Private);
        } catch (OSSException oe) {
            System.out.println("Caught an OSSException, which means your request made it to OSS, "
                    + "but was rejected with an error response for some reason.");
            System.out.println("Error Message:" + oe.getErrorMessage());
            System.out.println("Error Code:" + oe.getErrorCode());
            System.out.println("Request ID:" + oe.getRequestId());
            System.out.println("Host ID:" + oe.getHostId());
        } catch (ClientException ce) {
            System.out.println("Caught an ClientException, which means the client encountered "
                    + "a serious internal problem while trying to communicate with OSS, "
                    + "such as not being able to access the network.");
            System.out.println("Error Message:" + ce.getMessage());
        } finally {
            if (ossClient != null) {
                ossClient.shutdown();
            }
        }
    }
}

Replace the placeholders with your actual values:

PlaceholderDescriptionExample
endpointData endpoint of the OSS on CloudBox buckethttps://cb-f8z7yvzgwfkl9q0h****.cn-hangzhou.oss-cloudbox.aliyuncs.com
bucketNameName of the OSS on CloudBox bucketexamplebucket
regionRegion where the bucket is locatedcn-hangzhou
cloudBoxIdCloudBox IDcb-f8z7yvzgwfkl9q0h****
objectNameFull path of the object, excluding the bucket nametestfolder/exampleobject.txt

Use ossutil

For ossutil commands to set or modify an object ACL, see put-object-acl.

Use the REST API

To set an object ACL via HTTP requests, see PutObjectACL.

What's next

Object ACLs are one of several access control mechanisms in OSS on CloudBox. Depending on your requirements, consider combining them with: