Access Control List

An Access Control List (ACL) is a mechanism that defines who can access or modify specific resources, such as buckets and objects. ACLs allow resource owners to grant varying levels of permissions such as read, write, or full control to different users or groups.

Note: Access Control List is supported for both contract-owned buckets and user-owned buckets. For contract-owned buckets, sharing access with users is available only for grantees from other contracts. For more information, see Bucket Types.

Note: Due to the granularity limitations and the complexity of managing permissions across a large scale of resources and users, we recommend using Bucket Policy instead of ACLs.

Manage ACLs

You can use ACLs to make a bucket or object public or to share access with certain authorized users by setting the right permissions. IONOS S3 Object Storage offers the following ACL management methods:

The feature functions in the IONOS S3 Object Storage Service Availability regions and supports both contract-owned buckets and user-owned buckets.

ACL alternatives

Use Bucket Policy instead of ACLs which offers the following additional capabilities:

  • Manage access to prefixes like /folder/* or *.jpg.

  • Use conditions to grant access, for example, IP address.

  • Allow or deny certain actions like listing the object list.

We recommend using Share Objects with Pre-Signed URLs instead of ACL for granting temporary access to authorized users for a specified period, after which the URL expires.

Block Public Access

If you have defined ACLs granting public access, activating the Block Public Access revokes these permissions, ensuring your data remains private. This feature is invaluable in scenarios where ensuring data privacy is paramount, or when you want to enforce a blanket no-public-access rule, irrespective of ACL settings. Currently, Block Public Access is available only via the IONOS S3 Object Storage API.

Last updated