Manage ACL for Buckets
You can manage ACL permission for buckets through the web console, IONOS S3 Object Storage API, or the command-line tool.
ACL permission for buckets
The following table shows the ACL permissions that you can configure for buckets in the IONOS S3 Object Storage.
User
Console permission
ACL permission
Access granted
Bucket Owner
Objects - Read
READ
Allows grantee to read the object data and its metadata.
Bucket Owner
Objects - Write
WRITE
Enables the grantee to write object data and its metadata, including deleting the object.
Bucket Owner
Bucket ACL - Read
READ_ACP
Grants the ability to read the ACL of the bucket.
Bucket Owner
Bucket ACL - Write
WRITE_ACP
Allows the grantee to write the ACL of the bucket.
Public access
Objects - Read
READ
Grants public read access for the objects in the bucket. Anyone can access the objects in the bucket.
Public access
Bucket ACL - Read
READ_ACP
Grants public read access for the bucket ACL. Anyone can access the bucket ACL.
Authenticated users
Objects - Read
READ
Grants read access to objects in the bucket to anyone with an IONOS account using which they can access the objects in the bucket.
Authenticated users
Bucket ACL - Read
Read_ACP
Grants read access to bucket ACL to anyone with an IONOS account.
Logging
Objects - Read
READ
Allows grantee to read the object log data.
Logging
Objects - Write
WRITE
Enables the grantee to write object data and its metadata, including deleting the object.
Logging
Bucket ACL - Read
READ_ACP
Grants the ability to read the log data of the bucket.
Logging
Bucket ACL - Write
WRITE_ACP
Allows the grantee to write the ACL of the bucket.
Note: For security, granting some of the access permissions such as Public access WRITE
, Public access WRITE_ACP
, Authenticated users WRITE
, Authenticated users WRITE_ACP
is possible only through an API Call.
Web console
To manage ACL for buckets using the web console, follow these steps:
1. In the DCD, go to Menu > Storage > IONOS S3 Object Storage.
2. From the Buckets list, choose the bucket to which you want to access the ACL.
3. Click Bucket settings and choose the Access Control List (ACL) under the Access management section.
4. Select the checkboxes against the access permissions to grant at each user level such as bucket owner, public access, authenticated users, and logging. For more information, see ACL permission for buckets.
5. Add grantees to provide additional users with access permission to the bucket. For more information, see Add grantees for buckets.
6. Click Save to apply the ACL settings to the bucket.
Result: The bucket ACL permissions are successfully applied on the bucket.
Add grantees for buckets
Prerequisites:
Make sure the canonical user ID of the grantee is known. To retrieve the ID, see Object Lock.
The grantee should already exist. If not, create a user and retrieve the Canonical user ID by following the steps in Retrieve the Canonical User ID of a new user.
1. In the DCD, go to Menu > Storage > IONOS S3 Object Storage.
2. From the Buckets list, choose the bucket to which you want to add the grantee.
3. Click Bucket settings and choose the Access Control List (ACL) under the Access management section.
4. In the Additional Grantees section, enter the retrieved Canonical user ID of the grantee, select the checkboxes on the ACL permissions to grant, and click Add. For ACL permissions, see ACL permission for buckets.
5. Add any number of grantees to the bucket by following step 4.
6. Click Save to add the additional grantees with corresponding ACL permissions to the bucket.
Result: The grantees are successfully added to the bucket.
Note: Granting access to a bucket for another IONOS user does not make the bucket appear in the user's S3 web console due to the S3 protocol's architecture. To access the bucket, the user must utilize other S3 Tools as the granted access does not translate to interface visibility.
IONOS S3 Object Storage API
Use the PutBucketAcl Object Storage API to manage bucket ACL permissions.
Command-line tool
Use CLI to manage ACL permission for buckets.
Last updated