# Access Control List

An Access Control List (ACL) is a mechanism that defines who can access or modify specific resources, such as buckets and objects. ACLs allow resource owners to grant varying levels of permissions such as read, write, or full control to different users or groups.

{% hint style="info" %}
**Note:** ACL is supported for both contract-owned buckets and user-owned buckets. For contract-owned buckets, sharing access with users is available only for grantees from other contracts. For more information, see [<mark style="color:blue;">Bucket Types</mark>](https://docs.ionos.com/sections-test/guides/storage-and-backup/ionos-object-storage/concepts/bucket-types).
{% endhint %}

{% hint style="danger" %}
**Note:** Due to the granularity limitations and the complexity of managing permissions across a large scale of resources and users, we recommend using [<mark style="color:blue;">Bucket Policy</mark>](https://docs.ionos.com/sections-test/guides/storage-and-backup/ionos-object-storage/settings/bucket-policy) instead of ACLs.
{% endhint %}

## Manage ACLs

You can use ACLs to make a bucket or object public or to share access with certain authorized users by setting the right permissions. <code class="expression">space.vars.ionos\_cloud\_object\_storage</code> offers the following ACL management methods:

* [<mark style="color:blue;">Manage ACL for Buckets</mark>](https://docs.ionos.com/sections-test/guides/storage-and-backup/ionos-object-storage/settings/access-control-list/access-control-list-buckets)
* [<mark style="color:blue;">Manage ACL for Objects</mark>](https://docs.ionos.com/sections-test/guides/storage-and-backup/ionos-object-storage/settings/access-control-list/access-control-list-objects)

The feature functions in the <code class="expression">space.vars.ionos\_cloud\_object\_storage</code> [<mark style="color:blue;">Service Availability</mark>](https://docs.ionos.com/sections-test/guides/storage-and-backup/overview#service-availability) regions and supports both contract-owned buckets and user-owned buckets.

## ACL alternatives

Use [<mark style="color:blue;">Bucket Policy</mark>](https://docs.ionos.com/sections-test/guides/storage-and-backup/ionos-object-storage/settings/bucket-policy) instead of ACLs which offers the following additional capabilities:

* Manage access to prefixes like `/folder/*` or `*.jpg`.
* Use conditions to grant access, for example, IP address.
* Allow or deny certain actions like listing the object list.

We recommend using [<mark style="color:blue;">Share Objects with Pre-Signed URLs</mark>](https://docs.ionos.com/sections-test/guides/storage-and-backup/ionos-object-storage/how-tos/share-objects-pre-signed-urls) instead of ACL for granting temporary access to authorized users for a specified period, after which the URL expires.

## Related feature

### Block Public Access

If you have defined ACLs granting public access, activating the **Block Public Access** revokes these permissions, ensuring your data remains private. This feature is invaluable in scenarios where ensuring data privacy is paramount, or when you want to enforce a blanket no-public-access rule, irrespective of ACL settings. Currently, Block Public Access is available only via the [<mark style="color:blue;">API</mark>](https://api.ionos.com/docs/s3/v2/).