Access Control List (ACL) Reference

This topic lists the permissions you can grant to other object storage users using an Access Control List (ACL).

This enables you to control the access to your resources and grant different permissions to different users like, for example, read, write, download.

Using the API, you need to grant the permissions for the relevant buckets and objects via the ACL.

Granting Permissions to Different Groups

You can grant permissions to different groups such as:

  • public: Anyone you send the URL of your bucket or object to.

  • authenticated-user: Any user connected with an OUTSCALE account using the API.

ACL Name Permissions Granted for a Bucket Permissions Granted for an Object

private

The owner of the bucket has full control on it. No one else can access the bucket.

The owner of the object has full control on it. No one else can access the object.

public-read

The owner of the bucket has full control on it. Everyone can list the objects contained in your bucket.

The owner of the object has full control on it. Everyone can read and download the object.

public-read-write

The owner of the bucket has full control on it. Everyone can write access logs and see the objects contained in your bucket.

It is not recommended to use this permission on a bucket as everyone can control the permissions of your bucket.

The owner of the object has full control on it. Everyone can read, over-write, delete and download the object.

authenticated-read

The owner of the bucket has full control on it. The authenticated users can see the objects contained in your bucket.

The owner of the object has full control on it. The authenticated users can read and download the object.

bucket-owner-read

/

The owner of the object has full control on it. The owner of the bucket can read and download the object.

bucket-owner-full-control

/

The owner of the object and the owner of the bucket both have full control on the object.

Granting Permissions to Individual Users

You can grant permissions to individual users:

ACL Name Permissions Granted for a Bucket Permissions Granted for an Object

grant-read

The specified users can list the objects of the bucket.

The specified users can read and download the object.

grant-read-acp

The specified users can list the ACL of the bucket.

The specified users can list the ACL of the object and download the object.

grant-write

The specified users can upload, over-write or delete the objects of your bucket.

/

grant-write-acp

The specified users can list and modify the ACL of the bucket.

The specified users can list and modify the ACL of the object and download the object.

grant-full-control

The specified users can list and download the objects of the bucket and copy objects from it.

The specified users can list, read and download the object. They can also list and modify the ACL of the object.

Related Pages