Manage ACL for Objects
You can manage ACL permission for objects through the web console, IONOS S3 Object Storage API, or the CLI.
ACL permission for objects
The following table shows the ACL permissions that you can configure for objects in a bucket in the IONOS S3 Object Storage.
User | Console permission | ACL permission | Access granted |
Bucket Owner | Objects - Read | READ | Allows grantee to read the object data and its metadata. |
Bucket Owner | Object ACL - Read | READ_ACP | Grants the ability to read the object ACL. |
Bucket Owner | Object ACL - Write | WRITE_ACP | Allows the grantee to write the ACL of the applicable object. |
Public access | Objects - Read | READ | Grants public read access for the objects in the bucket. Anyone can access the objects in the bucket. |
Public access | Object ACL - Read | READ_ACP | Grants public read access for the object ACL. Anyone can access the object ACL. |
Authenticated users | Objects - Read | READ | Grants read access to objects in the bucket to anyone with an IONOS account using which they can access the objects in the bucket. |
Authenticated users | Object ACL - Read | Read_ACP | Grants read access to object ACL to anyone with an IONOS account. |
These permissions are applied at individual object levels within a bucket, offering a high level of granularity in access control.
Note: For security, granting some of the access permissions such as Public access WRITE_ACP and Authenticated users WRITE_ACP is possible only through an API Call.
Web console
To manage ACL for objects using the web console, follow these steps:
1. In the DCD, go to Menu > Storage > IONOS S3 Object Storage.
2. From the Buckets list, choose the bucket under which the object ACL to be modified exists.
3. From the Objects list, choose the object for which ACL permissions are to be modified.
4. From the Object Settings, click Access Control List (ACL).
5. Select the checkboxes against the access permissions to grant at each user level such as bucket owner, public access, and authenticated users. For more information, see ACL permission for objects.
6. Add grantees to provide additional users with access permission to the object. For more information, see Add grantees for objects.
7. Click Save to apply the ACL settings to the object.
Result: The object ACL permissions are successfully applied to the object.
Add grantees for objects
Prerequisites:
Make sure the canonical user ID of the grantee is known. To retrieve the ID, see Object Lock.
The grantee should already exist. If not, create a user and retrieve the Canonical user ID by following the steps in Retrieve the Canonical User ID of a new user.
1. In the DCD, go to Menu > Storage > IONOS S3 Object Storage.
2. From the Buckets list, choose the bucket under which the object ACL to be modified exists.
3. From the Objects list, choose the object for which you want to add the grantee.
4. In the Additional Grantees section, enter the retrieved Canonical user ID of the grantee, select the checkboxes on the ACL permissions to grant, and click Add. For ACL permissions, see ACL permission for objects.
5. Add any number of grantees to the object by following step 4.
6. Click Save to add the additional grantees with corresponding ACL permissions to the object.
Result: The grantees are successfully added to the object.
IONOS S3 Object Storage API
Use the PutObjectAcl Object Storage API to manage object ACL permissions.
CLI
Use CLI to manage ACL permission for objects.
Last updated
