Manage ACL for Objects

You can manage ACL permission for objects through the DCD, IONOS Object Storage API, or the CLI.

Note: Due to the granularity limitations and the complexity of managing permissions across a large scale of resources and users, we recommend using Bucket Policy instead of ACLs.

ACL permission for objects

The following table shows the ACL permissions that you can configure for objects in a bucket in the IONOS Object Storage:

Grantee

Console permission

ACL permission

Access granted

Specific or all users of another contract

Objects - Read

READ

Allows grantee to read the object data and its metadata.

Specific or all users of another contract

Object ACL - Read

READ_ACP

Grants the ability to read the object ACL.

Specific or all users of another contract

Object ACL - Write

WRITE_ACP

Allows the grantee to write the ACL of the applicable object.

Group: All users

Objects - Read

READ

Allows anyone to read the object data and its metadata.

Group: All users

Object ACL - Read

READ_ACP

Allows anyone to read the object ACL.

Group: Authenticated users

Objects - Read

READ

Allows anyone with an IONOS account to read the object data and its metadata.

Group: Authenticated users

Object ACL - Read

READ_ACP

Grants read access to object ACL to anyone with an IONOS account.

These permissions are applied at individual object levels offering a high granularity in access control.

Note: For security, granting some of the access permissions such as Public access WRITE_ACP and Authenticated users WRITE_ACP is possible only through an API call.

DCD

To manage ACL for objects using the DCD, follow these steps:

Prerequisites:

— Make sure the user ID of the grantee is known. For more information, see Retrieve User ID.

— The grantee should already exist. If not, create a user and retrieve the Canonical User ID by following the steps in Retrieve the user ID of a new user.

1. In the DCD, go to Menu > Storage > IONOS Object Storage.

2. From the drop-down list in the Buckets tab, choose either Show user-owned buckets or Show contract-owned buckets, depending on the bucket type you want to view.

3. From the Buckets list, choose the bucket under which the object ACL to be modified exists.

4. From the Objects list, choose the object for which ACL permissions must be modified.

5. From the Object Settings, go to the Access Control List (ACL).

6. Depending on the Bucket Types, manage the object access permissions as follows:

  • Select the checkboxes against the access permissions to grant at each user level such as specific or all users of another contract, all users of a group, and authenticated users of a group. For more information, see ACL permission for objects.

  • Add grantees to provide additional users with access permission to the contract-owned bucket's objects.

    • In the Additional Grantees section, enter the retrieved Contract Number of the grantee.

    • Select the checkboxes on the object ACL permissions to grant, and click Add.

ACL object settings for contract-owned bucket

7. Click Save to apply ACL permissions and add the grantee to the object.

Result: The object ACL permissions are successfully applied to the object.

IONOS Object Storage API

Use the API to manage object ACL permissions.

CLI

Use CLI to manage ACL permission for objects.

Last updated