# ACL for Objects

This document provides instructions to [<mark style="color:blue;">Manage ACL for Objects</mark>](https://docs.ionos.com/cloud/backup-and-storage/ionos-object-storage/settings/access-control-list/access-control-list-objects) using the AWS CLI. Additionally, these tasks can also be performed using the [<mark style="color:blue;">DCD</mark>](https://docs.ionos.com/cloud/backup-and-storage/settings/access-control-list/access-control-list-objects#dcd) and [<mark style="color:blue;">API</mark>](https://docs.ionos.com/cloud/backup-and-storage/settings/access-control-list/access-control-list-objects#api).

{% hint style="info" %}
**Prerequisites:**

* Set up the AWS CLI by following the [<mark style="color:blue;">installation instructions</mark>](https://docs.ionos.com/cloud/backup-and-storage/ionos-object-storage/s3-tools/awscli/awscli-configure).
* Make sure to consider the supported [<mark style="color:blue;">Endpoints</mark>](https://docs.ionos.com/cloud/backup-and-storage/ionos-object-storage/endpoints) for object upload.
  {% endhint %}

Use the following keys to define access permissions:

* `--grant-read`: Grants read-only access.
* `--grant-write`: Grants write-only access.
* `--grant-read-acp`: Grants permission to read the Access Control List.
* `--grant-write-acp`: Grants permission to modify the Access Control List.
* `--grant-full-control`: Grants full access, encompassing the permissions listed above (read, write, read ACL, and write ACL).

Use `--key` to specify the object for granting access:

```
aws s3api put-object-acl --bucket MY-BUCKET --key my-object.txt --grant-full-control id=CANONICAL_USER_ID --endpoint-url https://s3.eu-central-2.ionoscloud.com
```

Use the following values for the `--acl` key:

* `private` removes public access.
* `public-read` allows public read-only access.
* `public-read-write` allows public read/write access.
* `authenticated-read` allows read-only access to all authenticated users of IONOS Object storage (including ones out of your contract).

Allow public read-only access to the object:

```
aws s3api put-object-acl --bucket MY-BUCKET --acl public-read --endpoint-url https://s3.eu-central-2.ionoscloud.com
```

Remove public access from the object:

```
aws s3api put-object-acl --bucket MY-BUCKET --acl private --endpoint-url https://s3.eu-central-2.ionoscloud.com
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ionos.com/cloud/backup-and-storage/ionos-object-storage/s3-tools/awscli/awscli-acl-objects.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.