XML structure of ACL configuration
Written by
Updated at April 17, 2024
ACL general view:
<AccessControlPolicy>
<Owner>
<ID>8caede4d8w78r43d14f2e7fagrbf45c78ejc7c6cde********</ID>
<DisplayName>CustomersName@amazon.com</DisplayName>
</Owner>
<AccessControlList>
<Grant>
<Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="CanonicalUser">
<ID>8caede4d8w78r43d14f2e7fagrbf45c78ejc7c6cde********</ID>
<DisplayName>YandexCloudUserName</DisplayName>
</Grantee>
<Permission>WRITE</Permission>
</Grant>
</AccessControlList>
</AccessControlPolicy>
Elements
Element | Description |
---|---|
AccessControlPolicy |
Root element. Path: /AccessControlPolicy . |
Owner |
User information. Users can specify this element for objectPutAcl and bucketPutAcl requests. If the element is specified, then when uploading an ACL, Object Storage checks whether the ID passed matches the actual ID. Otherwise, a 403 code is returned.Path: /AccessControlPolicy/Owner . |
AccessControlList |
Access control list. May contain up to 100 access permissions. Path: /AccessControlPolicy/AccessControlList . |
Grant |
Access description. Path: /AccessControlPolicy/AccessControlList/Grant . |
Grantee |
Type of the permission grantee. The possible values for type :
/AccessControlPolicy/AccessControlList/Grant/Grantee . |
ID |
ID of a user, service account, or user group. It is used with the CanonicalUser permission grantee type.A response to a bucketGetAcl request contains the ID of the folder where the bucket is located.Paths: /AccessControlPolicy/Owner/ID , /AccessControlPolicy/AccessControlList/Grant/Grantee/ID . |
DisplayName |
Username. Ignored for objectPutAcl and bucketPutAcl requestsPaths: /AccessControlPolicy/Owner/DisplayName , /AccessControlPolicy/AccessControlList/Grant/Grantee/DisplayName . |
URI |
ID of a system group. It is used with the Group permission grantee type. The possible values include:
/AccessControlPolicy/AccessControlList/Grant/Grantee/URI . |
Permission |
User permissions. You can specify the following permissions: READ , WRITE , and FULL_CONTROL . When granting permissions to an object, you can also specify READ_ACP and WRITE_ACP . For more information, see Access control lists (ACLs). Path: /AccessControlPolicy/AccessControlList/Grant/Grantee/DisplayName . |