Yandex.Cloud
  • Services
  • Why Yandex.Cloud
  • Pricing
  • Documentation
  • Contact us
Get started
Yandex Object Storage
  • Getting started
  • Step-by-step instructions
    • All instructions
    • Buckets
      • Creating a bucket
      • Deleting a bucket
      • Limiting the maximum size of a bucket
      • Allowing public access to a bucket
      • Bucket encryption
      • Managing object lifecycles
      • Managing CORS configurations
      • Editing a bucket ACL
      • Logging actions with the bucket
    • Objects
      • Uploading an object
      • Getting information about an object
      • Downloading an object
      • Getting a public link to an object
      • Deleting an object
      • Deleting a partially uploaded object
      • Editing an object ACL
    • Static website hosting
      • Hosting setup
      • Support for your own domain
      • Support for multiple domain names
      • Configuring HTTPS
  • Concepts
    • Overview
    • Bucket
    • Objects
    • Bucket versioning
    • Object lifecycles
    • CORS
    • Static website hosting
    • Pre-signed URLs
    • Multipart upload
    • Access control lists (ACLs)
    • Bucket Policy
    • Upload file via HTML form
    • Storage class
    • Logging actions with a bucket
    • Backups
    • TLS protocol
    • Quotas and limits
  • Tools
    • All tools
    • Console clients
      • AWS CLI
      • S3cmd
    • File browsers
      • CyberDuck
      • WinSCP
    • SDK
      • AWS SDK for Java
      • Python SDK (boto)
    • FUSE
      • s3fs
      • goofys
  • Amazon S3-compatible HTTP API
    • How to use the API
    • Signing requests
    • API reference
      • All services and methods
      • Bucket
        • All methods
        • create
        • getBucketEncryption
        • getMeta
        • listObjects
        • listBuckets
        • deleteBucket
        • deleteBucketEncryption
        • putBucketEncryption
        • putBucketVersioning
        • getBucketVersioning
        • putBucketLogging
        • getBucketLogging
        • listObjectVersions
      • Object
        • All methods
        • upload
        • get
        • copy
        • getObjectMeta
        • delete
        • deleteMultipleObjects
        • options
      • Multipart upload
        • General multipart upload procedure
        • startUpload
        • uploadPart
        • copyPart
        • listParts
        • abortUpload
        • completeUpload
        • listUploads
      • Static Website Hosting
        • All methods
        • upload
        • get
        • delete
        • Static website response codes
      • CORS
        • All methods
        • XML structure of CORS configuration
        • upload
        • get
        • delete
      • Lifecycles
        • All methods
        • XML structure of lifecycle configuration
        • upload
        • get
        • delete
      • ACL
        • All methods
        • XML structure of ACL configuration
        • objectGetAcl
        • objectPutAcl
        • bucketGetAcl
        • bucketPutAcl
      • Bucket Policy
        • All methods
        • GetBucketPolicy
        • PutBucketPolicy
        • DeleteBucketPolicy
        • Data schema
        • Actions
        • Conditions
      • Common request headers
      • Common response headers
      • Responses
  • Access management
  • Pricing policy
    • Current pricing policy
    • Archive
      • Before January 1, 2019
      • From January 1 to March 1, 2019
  • Questions and answers
  1. Amazon S3-compatible HTTP API
  2. API reference
  3. ACL
  4. XML structure of ACL configuration

XML structure of ACL configuration

  • Elements

ACL general view:

<AccessControlPolicy>
  <Owner>
    <ID>8caede4d8w78r43d14f2e7fagrbf45c78ejc7c6cdeag4ba89s</ID>
    <DisplayName>CustomersName@amazon.com</DisplayName>
  </Owner>
  <AccessControlList>
    <Grant>
      <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
			xsi:type="CanonicalUser">
        <ID>8caede4d8w78r43d14f2e7fagrbf45c78ejc7c6cdeag4ba89s</ID>
        <DisplayName>YandexCloudUserName</DisplayName>
      </Grantee>
      <Permission>WRITE</Permission>
    </Grant>
  </AccessControlList>
</AccessControlPolicy>

Elements

Element Description
AccessControlPolicy Root element.

Path: /AccessControlPolicy.
Owner User information.

Users can specify this element for objectPutAcl and bucketPutAcl requests. If the element is specified, then when uploading an ACL, Object Storage checks whether the ID passed matches the actual ID. Otherwise, a 403 code is returned.

Path: /AccessControlPolicy/Owner.
AccessControlList Access control list. May contain up to 100 access permissions.

Path: /AccessControlPolicy/AccessControlList.
Grant Access description.

Path: /AccessControlPolicy/AccessControlList/Grant.
Grantee The user or group that access is granted to.

Path: /AccessControlPolicy/AccessControlList/Grant/Grantee.
ID User ID.

Responses to bucketGetAcl requests contain the ID of the folder where the bucket is located.

Paths: /AccessControlPolicy/Owner/ID, /AccessControlPolicy/AccessControlList/Grant/Grantee/ID.
DisplayName User name. Ignored for objectPutAcl and bucketPutAcl requests

Paths: /AccessControlPolicy/Owner/DisplayName, /AccessControlPolicy/AccessControlList/Grant/Grantee/DisplayName.
URI ID of a system group.

Path: /AccessControlPolicy/AccessControlList/Grant/Grantee/URI.
Permission User permissions.

You can specify the following permissions: READ, WRITE, and FULL_CONTROL. When granting permissions to an object, you can also specify READ_ACP and WRITE_ACP. For more information, see Access control lists (ACLs).

Path: /AccessControlPolicy/AccessControlList/Grant/Grantee/DisplayName.
Language
Careers
Privacy policy
Terms of use
© 2021 Yandex.Cloud LLC