OSS provides IAM list (ACL) for permission control. ACL is the access permission granting Bucket access permission. You can configure ACL when you create a Bucket in the console, and can modify the ACL at any time after you have created a Bucket. If you fail to specify the permission when creating a Bucket, the permission will be private read/write by default.
Bucket ACL is the permission IAM at the Bucket level. Currently three access permissions are supported: public-read-write, public-read and private, with the following definitions:
| Permission Value | Chinese Name | Restriction of Permission to Visitor |
|---|---|---|
| public-read-write | Public Read/Write | Any person (including anonymous access) can carry out read/write/delete actions to the Object in the Bucket; all the costs incurred by these actions are borne by the Owner of the Bucket, please use the permission carefully. |
| public-read | Public Read and Private Write | Only the Owner of the Bucket or the authorized user can carry out write/delete actions to the Object stored therein; any person (including anonymous access) can carry out read action to the Object. |
| private | Private Read/Write | Only the Owner of the Bucket or the authorized user can carry out read/write/delete actions to the Object stored therein; other persons cannot access the Object in the Bucket without authorization. |
The permission setting and read method of Bucket ACL are as follows:
API:PutBucketACL、 GetBucketACL