XML structure of ACL configuration

ACL general view:

<AccessControlPolicy>
  <Owner>
    <ID>8caede4d8w78r43d14f2e7fagrbf45c78ejc7c6cdeag4ba89s</ID>
    <DisplayName>CustomersName@amazon.com</DisplayName>
  </Owner>
  <AccessControlList>
    <Grant>
      <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
			xsi:type="CanonicalUser">
        <ID>8caede4d8w78r43d14f2e7fagrbf45c78ejc7c6cdeag4ba89s</ID>
        <DisplayName>YandexCloudUserName</DisplayName>
      </Grantee>
      <Permission>WRITE</Permission>
    </Grant>
  </AccessControlList>
</AccessControlPolicy>

Elements

Element Description
AccessControlPolicy Root element.

Path: /AccessControlPolicy.
Owner User information.

Users can specify this element for objectPutAcl and bucketPutAcl requests. If the element is specified, then when uploading an ACL, Object Storage checks whether the ID passed matches the actual ID. Otherwise, a 403 code is returned.

Path: /AccessControlPolicy/Owner.
AccessControlList Access control list. May contain up to 100 access permissions.

Path: /AccessControlPolicy/AccessControlList.
Grant Access description.

Path: /AccessControlPolicy/AccessControlList/Grant.
Grantee The user or group that access is granted to.

Path: /AccessControlPolicy/AccessControlList/Grant/Grantee.
ID User ID.

Responses to bucketGetAcl requests contain the ID of the folder where the bucket is located.

Paths: /AccessControlPolicy/Owner/ID, /AccessControlPolicy/AccessControlList/Grant/Grantee/ID.
DisplayName User name. Ignored for objectPutAcl and bucketPutAcl requests

Paths: /AccessControlPolicy/Owner/DisplayName, /AccessControlPolicy/AccessControlList/Grant/Grantee/DisplayName.
URI ID of a system group.

Path: /AccessControlPolicy/AccessControlList/Grant/Grantee/URI.
Permission User permissions.

You can specify the following permissions: READ, WRITE, and FULL_CONTROL. When granting permissions to an object, you can also specify READ_ACP and WRITE_ACP. For more information, see Access control lists (ACLs).

Path: /AccessControlPolicy/AccessControlList/Grant/Grantee/DisplayName.