objectPutAcl method

Uploads an access control list for an object.


ACLs can be uploaded as XML documents or using special x-amx-grant* headers. Do not use XML documents and x-amx-grant* headers in the same request.


PUT /{bucket}/{key}?acl HTTP/1.1

Path parameters

Parameter Description
bucket Name of the bucket.
key Object key. ID for saving the object in Object Storage.

Query parameters

Parameter Description
acl Required parameter that indicates the type of operation.


Use the necessary common request headers in requests.

You can also use the headers listed below.

Heading Description
x-amz-acl Sets a predefined ACL for an object.
x-amz-grant-read Grants the access grantee object read permission.
x-amz-grant-read-acp Grants the access grantee object ACL read permission.
x-amz-grant-write-acp Grants the access grantee object ACL write permission.
x-amz-grant-full-control Grants the access grantee the following permissions: READ, WRITE, READ_ACP, and WRITE_ACP for an object.

The value for a x-amz-grant-* header is a comma-separated list of access grantees. Each access grantee is identified in a structure like: <access grantee type>:<access grantee ID>. Object Storage supports the following types of access grantees:

  • id — access grantee — Yandex.Cloud user.
  • uri — access grantee — system group.


x-amz-grant-read: uri="http://acs.amazonaws.com/groups/s3/AuthenticatedUsers"

Data schema

ACLs are passed as XML documents. For the schema description, see ACL XML schema.



Responses can only contain common response headers.

Response codes

For the list of possible responses, see Responses.