ACL XML schema

ACL general view:

<AccessControlPolicy>
  <Owner>
    <ID>8caede4d8w78r43d14f2e7fagrbf45c78ejc7c6cdeag4ba89s</ID>
    <DisplayName>CustomersName@amazon.com</DisplayName>
  </Owner>
  <AccessControlList>
    <Grant>
      <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
			xsi:type="CanonicalUser">
        <ID>8caede4d8w78r43d14f2e7fagrbf45c78ejc7c6cdeag4ba89s</ID>
        <DisplayName>YandexCloudUserName</DisplayName>
      </Grantee>
      <Permission>WRITE</Permission>
    </Grant>
  </AccessControlList>
</AccessControlPolicy>

Elements

Element Description
AccessControlPolicy Root element.

Path: /AccessControlPolicy.
Owner User information.

Users can specify this element for objectPutAcl and bucketPutAcl requests. If the element is specified, then, when uploading an ACL, Object Storage checks whether the passed ID matches the actual ID. If not, code 403 is returned.

Path: /AccessControlPolicy/Owner.
AccessControlList Access control list. Can contain up to 100 access permissions.

Path: /AccessControlPolicy/AccessControlList.
Grant Access description.

Path: /AccessControlPolicy/AccessControlList/Grant.
Grantee The user or group that access is granted to.

Path: /AccessControlPolicy/AccessControlList/Grant/Grantee.
ID User ID.

Responses to bucketGetAcl requests contain the ID of the folder where the bucket is located.

Paths: /AccessControlPolicy/Owner/ID, /AccessControlPolicy/AccessControlList/Grant/Grantee/ID.
DisplayName User name. Ignored for objectPutAcl and bucketPutAcl requests

Paths: /AccessControlPolicy/Owner/DisplayName, /AccessControlPolicy/AccessControlList/Grant/Grantee/DisplayName.
URI System group ID.

Path: /AccessControlPolicy/AccessControlList/Grant/Grantee/URI.
Permission User permissions.

You can specify the following permissions: READ, WRITE, and FULL_CONTROL. When granting permissions to an object, you can also specify READ_ACP and WRITE_ACP. For more information, see Access control lists (ACLs).

Path: /AccessControlPolicy/AccessControlList/Grant/Grantee/DisplayName.