0
点赞
收藏
分享

微信扫一扫

s3 ACL

陆公子521 2023-03-10 阅读 76

Amazon S3 access control lists (ACLs) enable you to manage access to buckets and objects. Each bucket and object has an ACL attached to it as a subresource.

ACL permissions

Permission

When granted on a bucket

When granted on an object

​READ​

Allows grantee to list the objects in the bucket.

Allows grantee to read the object data and its metadata

​WRITE​

Allows grantee to create new objects in the bucket. For the bucket and object owners of existing objects, also allows deletions and overwrites of those objects.

Not applicable

​READ_ACP​

Allows grantee to read the bucket ACL

Allows grantee to read the object ACL

​WRITE_ACP​

Allows grantee to write the ACL for the applicable bucket

Allows grantee to write the ACL for the applicable object

​FULL_CONTROL​

Allows grantee the READ, WRITE, READ_ACP, and WRITE_ACP permissions on the bucket

Allows grantee the READ, READ_ACP, and WRITE_ACP permissions on the object

​Sample ACL

<AccessControlPolicy xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<Owner>
<ID>Owner-canonical-user-ID</ID>
<DisplayName>display-name</DisplayName>
</Owner>
<AccessControlList>
<Grant>
<Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
<ID>Owner-canonical-user-ID</ID>
<DisplayName>display-name</DisplayName>
</Grantee>
<Permission>FULL_CONTROL</Permission>
</Grant>

<Grant>
<Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
<ID>user1-canonical-user-ID</ID>
<DisplayName>display-name</DisplayName>
</Grantee>
<Permission>WRITE</Permission>
</Grant>

<Grant>
<Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
<ID>user2-canonical-user-ID</ID>
<DisplayName>display-name</DisplayName>
</Grantee>
<Permission>READ</Permission>
</Grant>

<Grant>
<Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group">
<URI>http://acs.amazonaws.com/groups/global/AllUsers</URI>
</Grantee>
<Permission>READ</Permission>
</Grant>
<Grant>
<Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group">
<URI>http://acs.amazonaws.com/groups/s3/LogDelivery</URI>
</Grantee>
<Permission>WRITE</Permission>
</Grant>

</AccessControlList>
</AccessControlPolicy>



​​https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html​​

举报

相关推荐

0 条评论