You can manage ACL permission for objects through the web console, IONOS S3 Object Storage API, or the command-line tool.
The following table shows the ACL permissions that you can configure for objects in a bucket in the IONOS S3 Object Storage.
These permissions are applied at individual object levels within a bucket, offering a high level of granularity in access control.
Note: For security, granting some of the access permissions such as Public access WRITE_ACP and Authenticated users WRITE_ACP is possible only through an API Call.
To manage ACL for objects using the web console, follow these steps:
1. In the DCD, go to Menu > Storage > IONOS S3 Object Storage.
2. From the Buckets list, choose the bucket under which the object ACL to be modified exists.
3. From the Objects list, choose the object for which ACL permissions are to be modified.
4. From the Object Settings, click Access Control List (ACL).
5. Select the checkboxes against the access permissions to grant at each user level such as bucket owner, public access, and authenticated users. For more information, see ACL permission for objects.
6. Add grantees to provide additional users with access permission to the object. For more information, see Add grantees for objects.
7. Click Save to apply the ACL settings to the object.
Result: The object ACL permissions are successfully applied to the object.
Prerequisites:
Make sure the canonical user ID of the grantee is known. To retrieve the ID, see Object Lock.
The grantee should already exist. If not, create a user and retrieve the Canonical user ID by following the steps in Retrieve the Canonical User ID of a new user.
1. In the DCD, go to Menu > Storage > IONOS S3 Object Storage.
2. From the Buckets list, choose the bucket under which the object ACL to be modified exists.
3. From the Objects list, choose the object for which you want to add the grantee.
4. In the Additional Grantees section, enter the retrieved Canonical user ID of the grantee, select the checkboxes on the ACL permissions to grant, and click Add. For ACL permissions, see ACL permission for objects.
5. Add any number of grantees to the object by following step 4.
6. Click Save to add the additional grantees with corresponding ACL permissions to the object.
Result: The grantees are successfully added to the object.
Use the PutObjectAcl Object Storage API to manage object ACL permissions.
Use CLI to manage ACL permission for objects.
User
Console permission
ACL permission
Access granted
Bucket Owner
Objects - Read
READ
Allows grantee to read the object data and its metadata.
Bucket Owner
Object ACL - Read
READ_ACP
Grants the ability to read the object ACL.
Bucket Owner
Object ACL - Write
WRITE_ACP
Allows the grantee to write the ACL of the applicable object.
Public access
Objects - Read
READ
Grants public read access for the objects in the bucket. Anyone can access the objects in the bucket.
Public access
Object ACL - Read
READ_ACP
Grants public read access for the object ACL. Anyone can access the object ACL.
Authenticated users
Objects - Read
READ
Grants read access to objects in the bucket to anyone with an IONOS account using which they can access the objects in the bucket.
Authenticated users
Object ACL - Read
Read_ACP
Grants read access to object ACL to anyone with an IONOS account.
