You can manage ACL permission for objects through the DCD, IONOS Object Storage API, or the CLI.
Note: Due to the granularity limitations and the complexity of managing permissions across a large scale of resources and users, we recommend using Bucket Policy instead of ACLs.
The following table shows the ACL permissions that you can configure for objects in a bucket in the IONOS Object Storage:
These permissions are applied at individual object levels offering a high granularity in access control.
Note: For security, granting some of the access permissions such as Public access WRITE_ACP and Authenticated users WRITE_ACP is possible only through an API call.
To manage ACL for objects using the DCD, follow these steps:
Prerequisites:
— Make sure the user ID of the grantee is known. For more information, see Retrieve User ID.
— The grantee should already exist. If not, create a user and retrieve the Canonical User ID by following the steps in Retrieve the user ID of a new user.
1. In the DCD, go to Menu > Storage > IONOS Object Storage.
2. From the drop-down list in the Buckets tab, choose either Show user-owned buckets or Show contract-owned buckets, depending on the bucket type you want to view.
3. From the Buckets list, choose the bucket under which the object ACL to be modified exists.
4. From the Objects list, choose the object for which ACL permissions must be modified.
5. From the Object Settings, go to the Access Control List (ACL).
6. Depending on the Bucket Types, manage the object access permissions as follows:
Select the checkboxes against the access permissions to grant at each user level such as specific or all users of another contract, all users of a group, and authenticated users of a group. For more information, see ACL permission for objects.
Add grantees to provide additional users with access permission to the contract-owned bucket's objects.
In the Additional Grantees section, enter the retrieved Contract Number of the grantee.
Select the checkboxes on the object ACL permissions to grant, and click Add.
Select the checkboxes against the access permissions to grant at each user level such as users, all users of a group, authenticated users of a group, and Log Delivery Group. For more information, see ACL permission for objects.
Add grantees to provide additional users with access permission to the user-owned bucket's objects.
In the Additional Grantees section, enter the retrieved Canonical user ID of the grantee.
Select the checkboxes on the object ACL permissions to grant, and click Add.
7. Click Save to apply ACL permissions and add the grantee to the object.
Result: The object ACL permissions are successfully applied to the object.
Use the API to manage object ACL permissions.
Use CLI to manage ACL permission for objects.
Grantee
Console permission
ACL permission
Access granted
Specific or all users of another contract
Objects - Read
READ
Allows grantee to read the object data and its metadata.
Specific or all users of another contract
Object ACL - Read
READ_ACP
Grants the ability to read the object ACL.
Specific or all users of another contract
Object ACL - Write
WRITE_ACP
Allows the grantee to write the ACL of the applicable object.
Group: All users
Objects - Read
READ
Allows anyone to read the object data and its metadata.
Group: All users
Object ACL - Read
READ_ACP
Allows anyone to read the object ACL.
Group: Authenticated users
Objects - Read
READ
Allows anyone with an IONOS account to read the object data and its metadata.
Group: Authenticated users
Object ACL - Read
READ_ACP
Grants read access to object ACL to anyone with an IONOS account.
Grantee
Console permission
ACL permission
Access granted
User
Objects - Read
READ
Allows grantee to read the object data and its metadata.
User
Object ACL - Read
READ_ACP
Grants the ability to read the object ACL.
User
Object ACL - Write
WRITE_ACP
Allows the grantee to write the ACL of the applicable object.
Group: All users
Objects - Read
READ
Allows anyone to read the object data and its metadata.
Group: All users
Object ACL - Read
READ_ACP
Allows anyone to read the object ACL.
Group: Authenticated users
Objects - Read
READ
Allows anyone with an IONOS account to read the object data and its metadata.
Group: Authenticated users
Object ACL - Read
READ_ACP
Grants read access to object ACL to anyone with an IONOS account.
