XML structure of ACL configuration
Written by
ACL general view:
<AccessControlPolicy>
<Owner>
<ID>8caede4d8w78r43d14f2e7fagrbf45c78ejc7c6cdeag4ba89s</ID>
<DisplayName>CustomersName@amazon.com</DisplayName>
</Owner>
<AccessControlList>
<Grant>
<Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="CanonicalUser">
<ID>8caede4d8w78r43d14f2e7fagrbf45c78ejc7c6cdeag4ba89s</ID>
<DisplayName>YandexCloudUserName</DisplayName>
</Grantee>
<Permission>WRITE</Permission>
</Grant>
</AccessControlList>
</AccessControlPolicy>
Elements
Element | Description |
---|---|
AccessControlPolicy |
Root element. Path: /AccessControlPolicy . |
Owner |
User information. Users can specify this element for objectPutAcl and bucketPutAcl requests. If the element is specified, then when uploading an ACL, Object Storage checks whether the ID passed matches the actual ID. Otherwise, a 403 code is returned.Path: /AccessControlPolicy/Owner . |
AccessControlList |
Access control list. May contain up to 100 access permissions. Path: /AccessControlPolicy/AccessControlList . |
Grant |
Access description. Path: /AccessControlPolicy/AccessControlList/Grant . |
Grantee |
The user or group that access is granted to. Path: /AccessControlPolicy/AccessControlList/Grant/Grantee . |
ID |
User ID. Responses to bucketGetAcl requests contain the ID of the folder where the bucket is located.Paths: /AccessControlPolicy/Owner/ID , /AccessControlPolicy/AccessControlList/Grant/Grantee/ID . |
DisplayName |
User name. Ignored for objectPutAcl and bucketPutAcl requestsPaths: /AccessControlPolicy/Owner/DisplayName , /AccessControlPolicy/AccessControlList/Grant/Grantee/DisplayName . |
URI |
ID of a system group. Path: /AccessControlPolicy/AccessControlList/Grant/Grantee/URI . |
Permission |
User permissions. You can specify the following permissions: READ , WRITE , and FULL_CONTROL . When granting permissions to an object, you can also specify READ_ACP and WRITE_ACP . For more information, see Access control lists (ACLs).Path: /AccessControlPolicy/AccessControlList/Grant/Grantee/DisplayName . |