XML structure of ACL configuration

Written by

Elements

ACL general view:

<AccessControlPolicy>
  <Owner>
    <ID>8caede4d8w78r43d14f2e7fagrbf45c78ejc7c6cdeag4ba89s</ID>
    <DisplayName>CustomersName@amazon.com</DisplayName>
  </Owner>
  <AccessControlList>
    <Grant>
      <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
			xsi:type="CanonicalUser">
        <ID>8caede4d8w78r43d14f2e7fagrbf45c78ejc7c6cdeag4ba89s</ID>
        <DisplayName>YandexCloudUserName</DisplayName>
      </Grantee>
      <Permission>WRITE</Permission>
    </Grant>
  </AccessControlList>
</AccessControlPolicy>

Elements

Element	Description
`AccessControlPolicy`	Root element. Path: `/AccessControlPolicy`.
`Owner`	User information. Users can specify this element for `objectPutAcl` and `bucketPutAcl` requests. If the element is specified, then when uploading an ACL, Object Storage checks whether the ID passed matches the actual ID. Otherwise, a 403 code is returned. Path: `/AccessControlPolicy/Owner`.
`AccessControlList`	Access control list. May contain up to 100 access permissions. Path: `/AccessControlPolicy/AccessControlList`.
`Grant`	Access description. Path: `/AccessControlPolicy/AccessControlList/Grant`.
`Grantee`	The user or group that access is granted to. Path: `/AccessControlPolicy/AccessControlList/Grant/Grantee`.
`ID`	User ID. Responses to `bucketGetAcl` requests contain the ID of the folder where the bucket is located. Paths: `/AccessControlPolicy/Owner/ID`, `/AccessControlPolicy/AccessControlList/Grant/Grantee/ID`.
`DisplayName`	User name. Ignored for `objectPutAcl` and `bucketPutAcl` requests Paths: `/AccessControlPolicy/Owner/DisplayName`, `/AccessControlPolicy/AccessControlList/Grant/Grantee/DisplayName`.
`URI`	ID of a system group. Path: `/AccessControlPolicy/AccessControlList/Grant/Grantee/URI`.
`Permission`	User permissions. You can specify the following permissions: `READ`, `WRITE`, and `FULL_CONTROL`. When granting permissions to an object, you can also specify `READ_ACP` and `WRITE_ACP`. For more information, see Access control lists (ACLs). Path: `/AccessControlPolicy/AccessControlList/Grant/Grantee/DisplayName`.