XML structure of ACL configuration
Written by
Updated at September 23, 2024
ACL general view:
<AccessControlPolicy>
<Owner>
<ID>8caede4d8w78r43d14f2e7fagrbf45c78ejc7c6cde********</ID>
<DisplayName>CustomersName@amazon.com</DisplayName>
</Owner>
<AccessControlList>
<Grant>
<Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="CanonicalUser">
<ID>8caede4d8w78r43d14f2e7fagrbf45c78ejc7c6cde********</ID>
<DisplayName>YandexCloudUserName</DisplayName>
</Grantee>
<Permission>WRITE</Permission>
</Grant>
</AccessControlList>
</AccessControlPolicy>
Elements
Element | Description |
---|---|
AccessControlPolicy |
Root element. Path: /AccessControlPolicy . |
Owner |
User information. Users can specify this element for objectPutAcl and bucketPutAcl requests. If the element is specified, Object Storage will check for a match between the provided ID and the actual one during ACL upload. If there is no match, it will return code 403.Path: /AccessControlPolicy/Owner . |
AccessControlList |
Access control list. Cannot contain more than 100 access permissions. Path: /AccessControlPolicy/AccessControlList . |
Grant |
Access description. Path: /AccessControlPolicy/AccessControlList/Grant . |
Grantee |
Type of the permission grantee. Possible values for type :
/AccessControlPolicy/AccessControlList/Grant/Grantee . |
ID |
ID of a user, service account, or user group. Used with the CanonicalUser type of permission grantee.The response to the bucketGetAcl request contains the ID of the folder the bucket is in.Paths: /AccessControlPolicy/Owner/ID , /AccessControlPolicy/AccessControlList/Grant/Grantee/ID . |
DisplayName |
Username. Ignored for the objectPutAcl and bucketPutAcl requestsPaths: /AccessControlPolicy/Owner/DisplayName , /AccessControlPolicy/AccessControlList/Grant/Grantee/DisplayName . |
URI |
Public group ID. Used with the Group type of permission grantee. Possible values:
/AccessControlPolicy/AccessControlList/Grant/Grantee/URI . |
Permission |
User permissions. You can specify the following permissions: READ , WRITE , and FULL_CONTROL . When granting permissions for an object, you can also specify READ_ACP and WRITE_ACP . For more information, see Access control list (ACL).Path: /AccessControlPolicy/AccessControlList/Grant/Grantee/DisplayName . |