Manage ACL for Objects

You can manage ACL permission for objects through the web console, IONOS S3 Object Storage API, or the command-line tool.

ACL permission for objects

The following table shows the ACL permissions that you can configure for objects in a bucket in the IONOS S3 Object Storage.

User

Console permission

ACL permission

Access granted

Bucket Owner

Objects - Read

READ

Allows grantee to read the object data and its metadata.

Bucket Owner

Object ACL - Read

READ_ACP

Grants the ability to read the object ACL.

Bucket Owner

Object ACL - Write

WRITE_ACP

Allows the grantee to write the ACL of the applicable object.

Public access

Objects - Read

READ

Grants public read access for the objects in the bucket. Anyone can access the objects in the bucket.

Public access

Object ACL - Read

READ_ACP

Grants public read access for the object ACL. Anyone can access the object ACL.

Authenticated users

Objects - Read

READ

Grants read access to objects in the bucket to anyone with an IONOS account using which they can access the objects in the bucket.

Authenticated users

Object ACL - Read

Read_ACP

Grants read access to object ACL to anyone with an IONOS account.

These permissions are applied at individual object levels within a bucket, offering a high level of granularity in access control.

Note: For security, granting some of the access permissions such as Public access WRITE_ACP and Authenticated users WRITE_ACP is possible only through an API Call.

web console

To manage ACL for objects using the web console, follow these steps:

1. In the DCD, go to Menu > Storage > IONOS S3 Object Storage.

2. From the Buckets list, choose the bucket under which the object ACL to be modified exists.

3. From the Objects list, choose the object for which ACL permissions are to be modified.

4. From the Object Settings, click Access Control List (ACL).

5. Select the checkboxes against the access permissions to grant at each user level such as bucket owner, public access, and authenticated users. For more information, see ACL permission for objects.

6. Add grantees to provide additional users with access permission to the object. For more information, see Add grantees for objects.

ACL object settings

7. Click Save to apply the ACL settings to the object.

Result: The object ACL permissions are successfully applied to the object.

Add grantees for objects

Prerequisites:

1. In the DCD, go to Menu > Storage > IONOS S3 Object Storage.

2. From the Buckets list, choose the bucket under which the object ACL to be modified exists.

3. From the Objects list, choose the object for which you want to add the grantee.

4. In the Additional Grantees section, enter the retrieved Canonical user ID of the grantee, select the checkboxes on the ACL permissions to grant, and click Add. For ACL permissions, see ACL permission for objects.

Additional grantee

5. Add any number of grantees to the object by following step 4.

6. Click Save to add the additional grantees with corresponding ACL permissions to the object.

Result: The grantees are successfully added to the object.

IONOS S3 Object Storage API

Use the PutObjectAcl Object Storage API to manage object ACL permissions.

Command-line tool

Use CLI to manage ACL permission for objects.

Last updated

Revision created

fixed broken links