vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/obs/s3api/en-us_topic_0125560406.html
zhangyue 6fcdbfd13e OBS S3 API DOC 
Reviewed-by: Sabelnikov, Dmitriy <dmitriy.sabelnikov@t-systems.com>
Co-authored-by: zhangyue <zhangyue164@huawei.com>
Co-committed-by: zhangyue <zhangyue164@huawei.com>
2024-02-26 11:17:13 +00:00

213 lines
21 KiB
HTML
Raw Blame History

<a name="EN-US_TOPIC_0125560406"></a><a name="EN-US_TOPIC_0125560406"></a>
<h1 class="topictitle1">ACL</h1>
<div id="body1190473"><p id="EN-US_TOPIC_0125560406__p37592938">A default ACL is generated during the creation of a bucket or an object. The entries in an ACL define permission granted to accounts. You can use PUT Bucket/Object acl to create a new ACL for a bucket or an object.</p>
<ul id="EN-US_TOPIC_0125560406__ul2792129"><li id="EN-US_TOPIC_0125560406__li10714260"><a href="#EN-US_TOPIC_0125560406__table49181932">Table 1</a> gives a description of each Grantee and their access permission.</li></ul>
<div class="tablenoborder"><a name="EN-US_TOPIC_0125560406__table49181932"></a><a name="table49181932"></a><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0125560406__table49181932" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Grantees in OBS</caption><thead align="left"><tr id="EN-US_TOPIC_0125560406__row11473484"><th align="left" class="cellrowborder" valign="top" width="34.77%" id="mcps1.3.3.2.3.1.1"><p id="EN-US_TOPIC_0125560406__p56936981">Grantee</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="65.23%" id="mcps1.3.3.2.3.1.2"><p id="EN-US_TOPIC_0125560406__p48492710">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0125560406__row35595432"><td class="cellrowborder" valign="top" width="34.77%" headers="mcps1.3.3.2.3.1.1 "><p id="EN-US_TOPIC_0125560406__p64657730">OBS user</p>
</td>
<td class="cellrowborder" valign="top" width="65.23%" headers="mcps1.3.3.2.3.1.2 "><p id="EN-US_TOPIC_0125560406__p2784797">The permission to access a bucket or object can be granted to any OBS user. An OBS user can access the bucket or object in OBS using its AK and SK.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0125560406__row25063178"><td class="cellrowborder" valign="top" width="34.77%" headers="mcps1.3.3.2.3.1.1 "><p id="EN-US_TOPIC_0125560406__p16851561">Registered user group user</p>
</td>
<td class="cellrowborder" valign="top" width="65.23%" headers="mcps1.3.3.2.3.1.2 "><p id="EN-US_TOPIC_0125560406__p22799196">The permission to access a bucket or object can be granted to all users in a registered user group. A user in a registered user group can access the bucket or object in OBS using its AK and SK. This group represents all OBS accounts.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0125560406__row3866177"><td class="cellrowborder" valign="top" width="34.77%" headers="mcps1.3.3.2.3.1.1 "><p id="EN-US_TOPIC_0125560406__p44724910">Anonymous user</p>
</td>
<td class="cellrowborder" valign="top" width="65.23%" headers="mcps1.3.3.2.3.1.2 "><p id="EN-US_TOPIC_0125560406__p65947939">The permission to access a bucket or object can be granted to anonymous users. After the permission is granted, all users can access the bucket or object.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0125560406__row56660545"><td class="cellrowborder" valign="top" width="34.77%" headers="mcps1.3.3.2.3.1.1 "><p id="EN-US_TOPIC_0125560406__p26101398">Log delivery user group</p>
</td>
<td class="cellrowborder" valign="top" width="65.23%" headers="mcps1.3.3.2.3.1.2 "><p id="EN-US_TOPIC_0125560406__p33838471">The permission to access a bucket can be granted to all users in a log delivery user group. A user in a log delivery user group can access the bucket. The permission is mainly used in log management.</p>
</td>
</tr>
</tbody>
</table>
</div>
<ul id="EN-US_TOPIC_0125560406__ul22196566"><li id="EN-US_TOPIC_0125560406__li36110790">ACL syntax</li></ul>
<div class="p" id="EN-US_TOPIC_0125560406__p65551371">The request for modifying or setting the ACL of a bucket or object must contain an ACL in the following syntax:<pre class="screen" id="EN-US_TOPIC_0125560406__screen41150262122245">&lt;AccessControlPolicy&gt;
&lt;Owner&gt;
&lt;ID&gt;id&lt;/ID&gt;
&lt;DisplayName&gt;displayname&lt;/DisplayName&gt;
&lt;/Owner&gt;
&lt;AccessControlList&gt;
&lt;Grant&gt;
&lt;Grantee&gt;grantee&lt;/Grantee&gt;
&lt;Permission&gt;permission&lt;/Permission&gt;
&lt;/Grant&gt;
&lt;Grant&gt;…………&lt;/Grant&gt;
&lt;/AccessControlList&gt;
&lt;/AccessControlPolicy&gt;</pre>
</div>
<p id="EN-US_TOPIC_0125560406__p18693019">In the preceding ACL, <strong id="EN-US_TOPIC_0125560406__b56561662">permission</strong> indicates one of the five permission types supported by OBS. For details about the permission, see <a href="#EN-US_TOPIC_0125560406__table39984204">Table 2</a>. The format of content in <strong id="EN-US_TOPIC_0125560406__b18091872">Grantee</strong> varies with the grantee.</p>
<ol id="EN-US_TOPIC_0125560406__ol34019449"><li id="EN-US_TOPIC_0125560406__li28609126">An OBS user as the grantee<pre class="screen" id="EN-US_TOPIC_0125560406__screen56155543">&lt;Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser"&gt;
&lt;ID&gt;DomainId&lt;/ID&gt;
&lt;DisplayName&gt;displayname&lt;/DisplayName&gt;
&lt;/Grantee&gt;</pre>
</li><li id="EN-US_TOPIC_0125560406__li35637846">A registered user group user as the grantee<pre class="screen" id="EN-US_TOPIC_0125560406__screen52305163">&lt;Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group"&gt;
&lt;URI&gt;http://acs.amazonaws.com/groups/global/AuthenticatedUsers&lt;/URI&gt;
&lt;/Grantee&gt;</pre>
</li><li id="EN-US_TOPIC_0125560406__li984423">An anonymous user as the grantee<pre class="screen" id="EN-US_TOPIC_0125560406__screen8859811">&lt;Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group"&gt;
&lt;URI&gt;http://acs.amazonaws.com/groups/global/AllUsers&lt;/URI&gt;
&lt;/Grantee&gt;</pre>
</li><li id="EN-US_TOPIC_0125560406__li12629440">Log delivery user group user as the grantee<pre class="screen" id="EN-US_TOPIC_0125560406__screen43241719142820">&lt;Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group"&gt;
&lt;URI&gt;http://acs.amazonaws.com/groups/s3/LogDelivery&lt;/URI&gt;
&lt;/Grantee&gt;</pre>
</li></ol>
<div class="tablenoborder"><a name="EN-US_TOPIC_0125560406__table39984204"></a><a name="table39984204"></a><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0125560406__table39984204" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Permission on an OBS bucket or object</caption><thead align="left"><tr id="EN-US_TOPIC_0125560406__row59544593"><th align="left" class="cellrowborder" valign="top" width="31.019999999999996%" id="mcps1.3.8.2.3.1.1"><p id="EN-US_TOPIC_0125560406__p58382711">Permission</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="68.97999999999999%" id="mcps1.3.8.2.3.1.2"><p id="EN-US_TOPIC_0125560406__p31379187">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0125560406__row58686186"><td class="cellrowborder" valign="top" width="31.019999999999996%" headers="mcps1.3.8.2.3.1.1 "><p id="EN-US_TOPIC_0125560406__p55960646">READ</p>
</td>
<td class="cellrowborder" valign="top" width="68.97999999999999%" headers="mcps1.3.8.2.3.1.2 "><p id="EN-US_TOPIC_0125560406__p36518511">A grantee with such permission for a bucket can obtain the list of objects in the bucket and its metadata.</p>
<p id="EN-US_TOPIC_0125560406__p60231148">A grantee with such permission for an object can obtain the object content and metadata.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0125560406__row5209420"><td class="cellrowborder" valign="top" width="31.019999999999996%" headers="mcps1.3.8.2.3.1.1 "><p id="EN-US_TOPIC_0125560406__p19309894">WRITE</p>
</td>
<td class="cellrowborder" valign="top" width="68.97999999999999%" headers="mcps1.3.8.2.3.1.2 "><p id="EN-US_TOPIC_0125560406__p20597572">A grantee with such permission for a bucket can upload, overwrite, and delete any object in the bucket.</p>
<p id="EN-US_TOPIC_0125560406__p3877837163357">Such permission for an object is <strong id="EN-US_TOPIC_0125560406__b4909618205558">NOT</strong> applicable.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0125560406__row51160424"><td class="cellrowborder" valign="top" width="31.019999999999996%" headers="mcps1.3.8.2.3.1.1 "><p id="EN-US_TOPIC_0125560406__p50353704">READ_ACP</p>
</td>
<td class="cellrowborder" valign="top" width="68.97999999999999%" headers="mcps1.3.8.2.3.1.2 "><p id="EN-US_TOPIC_0125560406__p52118241">A grantee with such permission can obtain the ACL of a bucket or object. A bucket or object owner has such permission permanently.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0125560406__row66410986"><td class="cellrowborder" valign="top" width="31.019999999999996%" headers="mcps1.3.8.2.3.1.1 "><p id="EN-US_TOPIC_0125560406__p10580746">WRITE_ACP</p>
</td>
<td class="cellrowborder" valign="top" width="68.97999999999999%" headers="mcps1.3.8.2.3.1.2 "><p id="EN-US_TOPIC_0125560406__p51734070">A grantee with such permission can update the ACL of a bucket or object. A bucket or object owner has such permission permanently.</p>
<p id="EN-US_TOPIC_0125560406__p62953453">A grantee with such permission can modify the access control policy to obtain desired access permission.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0125560406__row29710167"><td class="cellrowborder" valign="top" width="31.019999999999996%" headers="mcps1.3.8.2.3.1.1 "><p id="EN-US_TOPIC_0125560406__p57713365">FULL_CONTROL</p>
</td>
<td class="cellrowborder" valign="top" width="68.97999999999999%" headers="mcps1.3.8.2.3.1.2 "><p id="EN-US_TOPIC_0125560406__p44270999">A grantee with such permission for a bucket has <strong id="EN-US_TOPIC_0125560406__b62894678">READ</strong>, <strong id="EN-US_TOPIC_0125560406__b29181190">WRITE</strong>, <strong id="EN-US_TOPIC_0125560406__b61304121">READ_ACP</strong>, and <strong id="EN-US_TOPIC_0125560406__b14866185">WRITE_ACP</strong> permission.</p>
<p id="EN-US_TOPIC_0125560406__p23402560163625">A grantee with such permission for an object has <strong id="EN-US_TOPIC_0125560406__b39840676163625">READ</strong>, <strong id="EN-US_TOPIC_0125560406__b5652634163625">READ_ACP</strong>, and <strong id="EN-US_TOPIC_0125560406__b55210187163625">WRITE_ACP</strong> permission.</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="note" id="EN-US_TOPIC_0125560406__note4112018"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ol id="EN-US_TOPIC_0125560406__ol66686806"><li id="EN-US_TOPIC_0125560406__li63310345">A request can contain a maximum of 100 grants.</li><li id="EN-US_TOPIC_0125560406__li32922195">The ACL of a bucket or object is overwritten after permission associated with the bucket or object is granted</li></ol>
</div></div>
<p id="EN-US_TOPIC_0125560406__p29832402163110">The following table shows how each of the ACL permissions maps to the corresponding access policy permissions. As you can see, access policy allows more permissions than ACL does, you use ACL to primarily grant basic read/write permissions.</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0125560406__table26278030164431" frame="border" border="1" rules="all"><caption><b>Table 3 </b>ACL permissions map</caption><thead align="left"><tr id="EN-US_TOPIC_0125560406__row19828033164431"><th align="left" class="cellrowborder" valign="top" width="23.23767623237676%" id="mcps1.3.11.2.4.1.1"><p id="EN-US_TOPIC_0125560406__p4020331165425">ACL</p>
<p id="EN-US_TOPIC_0125560406__p4573853016536">Permission</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="38.92610738926107%" id="mcps1.3.11.2.4.1.2"><p id="EN-US_TOPIC_0125560406__p5138300165347">Corresponding access policy permissions when the ACL permission is granted on a bucket</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="37.83621637836217%" id="mcps1.3.11.2.4.1.3"><p id="EN-US_TOPIC_0125560406__p38839699165411">Corresponding access policy permissions when the ACL permission is granted on an object</p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0125560406__row8381768164431"><td class="cellrowborder" valign="top" width="23.23767623237676%" headers="mcps1.3.11.2.4.1.1 "><p id="EN-US_TOPIC_0125560406__p7834633164431">READ</p>
</td>
<td class="cellrowborder" valign="top" width="38.92610738926107%" headers="mcps1.3.11.2.4.1.2 "><p id="EN-US_TOPIC_0125560406__p27306801165459">s3:ListBucket, s3:ListBucketVersions, and s3:ListBucketMultipartUploads</p>
</td>
<td class="cellrowborder" valign="top" width="37.83621637836217%" headers="mcps1.3.11.2.4.1.3 "><p id="EN-US_TOPIC_0125560406__p19239774165512">s3:GetObject and s3:GetObjectVersion</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0125560406__row45901784164431"><td class="cellrowborder" valign="top" width="23.23767623237676%" headers="mcps1.3.11.2.4.1.1 "><p id="EN-US_TOPIC_0125560406__p27056987164431">WRITE</p>
</td>
<td class="cellrowborder" valign="top" width="38.92610738926107%" headers="mcps1.3.11.2.4.1.2 "><p id="EN-US_TOPIC_0125560406__p322918416569">s3:PutObject and s3:DeleteObject.</p>
<p id="EN-US_TOPIC_0125560406__p6023735816569">In addition, when the grantee is the bucket owner, granting WRITE permission in a bucket ACL allows the s3:DeleteObjectVersion action to be performed on any version in that bucket.</p>
</td>
<td class="cellrowborder" valign="top" width="37.83621637836217%" headers="mcps1.3.11.2.4.1.3 "><p id="EN-US_TOPIC_0125560406__p17952693164431">Not applicable</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0125560406__row27356511164431"><td class="cellrowborder" valign="top" width="23.23767623237676%" headers="mcps1.3.11.2.4.1.1 "><p id="EN-US_TOPIC_0125560406__p1284912164431">READ_ACP</p>
</td>
<td class="cellrowborder" valign="top" width="38.92610738926107%" headers="mcps1.3.11.2.4.1.2 "><p id="EN-US_TOPIC_0125560406__p36969013164431">s3:GetBucketAcl</p>
</td>
<td class="cellrowborder" valign="top" width="37.83621637836217%" headers="mcps1.3.11.2.4.1.3 "><p id="EN-US_TOPIC_0125560406__p32992663165752">s3:GetObjectAcl and s3:GetObjectVersionAcl</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0125560406__row39756173164431"><td class="cellrowborder" valign="top" width="23.23767623237676%" headers="mcps1.3.11.2.4.1.1 "><p id="EN-US_TOPIC_0125560406__p66133477164431">WRITE_ACP</p>
</td>
<td class="cellrowborder" valign="top" width="38.92610738926107%" headers="mcps1.3.11.2.4.1.2 "><p id="EN-US_TOPIC_0125560406__p55211405164431">s3:PutBucketAcl</p>
</td>
<td class="cellrowborder" valign="top" width="37.83621637836217%" headers="mcps1.3.11.2.4.1.3 "><p id="EN-US_TOPIC_0125560406__p6058706165840">s3:PutObjectAcl and s3:PutObjectVersionAcl</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0125560406__row50904858164431"><td class="cellrowborder" valign="top" width="23.23767623237676%" headers="mcps1.3.11.2.4.1.1 "><p id="EN-US_TOPIC_0125560406__p29652834164431">FULL_CONTROL</p>
</td>
<td class="cellrowborder" valign="top" width="38.92610738926107%" headers="mcps1.3.11.2.4.1.2 "><p id="EN-US_TOPIC_0125560406__p18109623165858">It is equivalent to granting READ, WRITE, READ_ACP, and WRITE_ACP ACL permissions. Accordingly, this ACL permission maps to combination of corresponding access policy permissions.</p>
</td>
<td class="cellrowborder" valign="top" width="37.83621637836217%" headers="mcps1.3.11.2.4.1.3 "><p id="EN-US_TOPIC_0125560406__p3197895517036">It is equivalent to granting READ, READ_ACP, and WRITE_ACP ACL permissions. Accordingly, this ACL permission maps to combination of corresponding access policy permissions.</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="section" id="EN-US_TOPIC_0125560406__section37008167"><h4 class="sectiontitle">Access Control Policies</h4><p id="EN-US_TOPIC_0125560406__p49452120">You can set an access control policy in <strong id="EN-US_TOPIC_0125560406__b14210155216235">x-amz-acl</strong> HTTP header when creating a bucket or uploading an object. Available access control policies are predefined in OBS, as described in <a href="#EN-US_TOPIC_0125560406__table40200743">Table 4</a>.</p>
<div class="tablenoborder"><a name="EN-US_TOPIC_0125560406__table40200743"></a><a name="table40200743"></a><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0125560406__table40200743" frame="border" border="1" rules="all"><caption><b>Table 4 </b>Predefined access control policies</caption><thead align="left"><tr id="EN-US_TOPIC_0125560406__row23604067"><th align="left" class="cellrowborder" valign="top" width="31.019999999999996%" id="mcps1.3.12.3.2.3.1.1"><p id="EN-US_TOPIC_0125560406__p32881259">Policy</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="68.97999999999999%" id="mcps1.3.12.3.2.3.1.2"><p id="EN-US_TOPIC_0125560406__p46136299">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0125560406__row46052748"><td class="cellrowborder" valign="top" width="31.019999999999996%" headers="mcps1.3.12.3.2.3.1.1 "><p id="EN-US_TOPIC_0125560406__p39285109">private</p>
</td>
<td class="cellrowborder" valign="top" width="68.97999999999999%" headers="mcps1.3.12.3.2.3.1.2 "><p id="EN-US_TOPIC_0125560406__p27977295">Indicates that the owner of a bucket or object has <strong id="EN-US_TOPIC_0125560406__b2101653195420">FULL_CONTROL</strong> permission for the bucket or object. Other users have no permission to access the bucket or object.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0125560406__row51568450"><td class="cellrowborder" valign="top" width="31.019999999999996%" headers="mcps1.3.12.3.2.3.1.1 "><p id="EN-US_TOPIC_0125560406__p16294901">public-read</p>
</td>
<td class="cellrowborder" valign="top" width="68.97999999999999%" headers="mcps1.3.12.3.2.3.1.2 "><p id="EN-US_TOPIC_0125560406__p44818576">Indicates that the owner of a bucket or object has <strong id="EN-US_TOPIC_0125560406__b714004">FULL_CONTROL</strong> permission for the bucket or object. Other users including anonymous users have <strong id="EN-US_TOPIC_0125560406__b6426044">READ</strong> permission.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0125560406__row57834400"><td class="cellrowborder" valign="top" width="31.019999999999996%" headers="mcps1.3.12.3.2.3.1.1 "><p id="EN-US_TOPIC_0125560406__p54074791">public-read-write</p>
</td>
<td class="cellrowborder" valign="top" width="68.97999999999999%" headers="mcps1.3.12.3.2.3.1.2 "><p id="EN-US_TOPIC_0125560406__p17981971">Indicates that the owner of a bucket or object has <strong id="EN-US_TOPIC_0125560406__b27620019">FULL_CONTROL</strong> permission for the bucket or object. Other users including anonymous users have <strong id="EN-US_TOPIC_0125560406__b47253580">READ</strong> and <strong id="EN-US_TOPIC_0125560406__b22629041">WRITE</strong> permission.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0125560406__row2334777"><td class="cellrowborder" valign="top" width="31.019999999999996%" headers="mcps1.3.12.3.2.3.1.1 "><p id="EN-US_TOPIC_0125560406__p54899267">authenticated-read</p>
</td>
<td class="cellrowborder" valign="top" width="68.97999999999999%" headers="mcps1.3.12.3.2.3.1.2 "><p id="EN-US_TOPIC_0125560406__p17655633">Indicates that the owner of a bucket or object has <strong id="EN-US_TOPIC_0125560406__b24682973">FULL_CONTROL</strong> permission for the bucket or object. Other OBS users have <strong id="EN-US_TOPIC_0125560406__b20820172">READ</strong> permission.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0125560406__row53163821"><td class="cellrowborder" valign="top" width="31.019999999999996%" headers="mcps1.3.12.3.2.3.1.1 "><p id="EN-US_TOPIC_0125560406__p11302262">bucket-owner-read</p>
</td>
<td class="cellrowborder" valign="top" width="68.97999999999999%" headers="mcps1.3.12.3.2.3.1.2 "><p id="EN-US_TOPIC_0125560406__p43067999">Indicates that the owner of an object has <strong id="EN-US_TOPIC_0125560406__b52067671">FULL_CONTROL</strong> permission for the object and the owner of the bucket where the object resides has <strong id="EN-US_TOPIC_0125560406__b65955856">READ</strong> permission.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0125560406__row56731795"><td class="cellrowborder" valign="top" width="31.019999999999996%" headers="mcps1.3.12.3.2.3.1.1 "><p id="EN-US_TOPIC_0125560406__p31872708">bucket-owner-full-control</p>
</td>
<td class="cellrowborder" valign="top" width="68.97999999999999%" headers="mcps1.3.12.3.2.3.1.2 "><p id="EN-US_TOPIC_0125560406__p31552594">Indicates that the owner of an object has <strong id="EN-US_TOPIC_0125560406__b15537895">FULL_CONTROL</strong> permission for the object and the owner of the bucket where the object resides has <strong id="EN-US_TOPIC_0125560406__b5623332">FULL_CONTROL</strong> permission for the object.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0125560406__row50609995"><td class="cellrowborder" valign="top" width="31.019999999999996%" headers="mcps1.3.12.3.2.3.1.1 "><p id="EN-US_TOPIC_0125560406__p5768894">log-delivery-write</p>
</td>
<td class="cellrowborder" valign="top" width="68.97999999999999%" headers="mcps1.3.12.3.2.3.1.2 "><p id="EN-US_TOPIC_0125560406__p64627307">Indicates that a log delivery group has <strong id="EN-US_TOPIC_0125560406__b64191727172224">WRITE</strong> and <strong id="EN-US_TOPIC_0125560406__b320504">READ_ACP</strong> permission for buckets.</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="note" id="EN-US_TOPIC_0125560406__note2884538"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="EN-US_TOPIC_0125560406__p25960845">By default, the access control policy is <strong id="EN-US_TOPIC_0125560406__b32321019">private</strong>.</p>
</div></div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="en-us_topic_0125560354.html">Access Control</a></div>
</div>
</div>
View Git Blame Copy Permalink