Contact UsGet started

XML structure of ACL configuration

Written by
Updated at September 23, 2024

ACL general view:

<AccessControlPolicy>
  <Owner>
    <ID>8caede4d8w78r43d14f2e7fagrbf45c78ejc7c6cde********</ID>
    <DisplayName>CustomersName@amazon.com</DisplayName>
  </Owner>
  <AccessControlList>
    <Grant>
      <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
			xsi:type="CanonicalUser">
        <ID>8caede4d8w78r43d14f2e7fagrbf45c78ejc7c6cde********</ID>
        <DisplayName>YandexCloudUserName</DisplayName>
      </Grantee>
      <Permission>WRITE</Permission>
    </Grant>
  </AccessControlList>
</AccessControlPolicy>

Elements

Element Description
AccessControlPolicy Root element.

Path: /AccessControlPolicy.
Owner User information.

Users can specify this element for objectPutAcl and bucketPutAcl requests. If the element is specified, Object Storage will check for a match between the provided ID and the actual one during ACL upload. If there is no match, it will return code 403.

Path: /AccessControlPolicy/Owner.
AccessControlList Access control list. Cannot contain more than 100 access permissions.

Path: /AccessControlPolicy/AccessControlList.
Grant Access description.

Path: /AccessControlPolicy/AccessControlList/Grant.
Grantee Type of the permission grantee. Possible values for type:Path: /AccessControlPolicy/AccessControlList/Grant/Grantee.
ID ID of a user, service account, or user group. Used with the CanonicalUser type of permission grantee.

The response to the bucketGetAcl request contains the ID of the folder the bucket is in.

Paths: /AccessControlPolicy/Owner/ID, /AccessControlPolicy/AccessControlList/Grant/Grantee/ID.
DisplayName Username. Ignored for the objectPutAcl and bucketPutAcl requests

Paths: /AccessControlPolicy/Owner/DisplayName, /AccessControlPolicy/AccessControlList/Grant/Grantee/DisplayName.
URI Public group ID. Used with the Group type of permission grantee. Possible values:
  • http://acs.amazonaws.com/groups/global/AllUsers: All internet users.
  • http://acs.amazonaws.com/groups/global/AuthenticatedUsers: All authenticated Yandex Cloud users.
Path: /AccessControlPolicy/AccessControlList/Grant/Grantee/URI.
Permission User permissions.

You can specify the following permissions: READ, WRITE, and FULL_CONTROL. When granting permissions for an object, you can also specify READ_ACP and WRITE_ACP. For more information, see Access control list (ACL).

Path: /AccessControlPolicy/AccessControlList/Grant/Grantee/DisplayName.

See also

Previous
All methods
Next
objectGetAcl