tencent cloud

Management Object ACL - object-acl
Download PDF
Last updated: 2025-10-28 15:55:46
Management Object ACL - object-acl
Last updated: 2025-10-28 15:55:46
Download PDF
The object-acl command is used to set and query object ACL.
Note:
To query object acl, when performing authorization policy, set action to cos:GetObjectACL.
To set object acl, when performing authorization policy, set action to cos:PutObjectACL.
For more authorization, please refer to Business APIs Supporting CAM.

Command Syntax

./coscli object-acl --method [method] cos://<bucket-name>/object
The object-acl command includes the following parameters:
Parameter Format
Description
Example
cos://<bucket-name>
Specify the target bucket. Supports using the bucket alias in configuration parameters or the bucket name for access. If using the bucket name for access, you must also include the endpoint flag.
Access with the bucket alias: cos://example-alias
Access with the bucket name: cos://examplebucket-1250000000
The object-acl command includes the following optional flags:
Flag Abbreviation
Flag Name
Description
-h
--help
Views the usage of this command.
None
--method
Specify the required operation, including put (set object ACL), get (object ACL query).
None
--acl
Set the file's ACL, such as private, public-read.
None
--grant-read
Grant the read permission of the object to the authorized. Format: id="[OwnerUin]", for example id="100000000001". Use comma (half-width) to separate multiple authorized entities, such as id="100000000001",id="100000000002".
None
--grant-read-acp
Grant the authorized permission to read the object's access control list (ACL). Format: id="[OwnerUin]", for example id="100000000001". Use comma (half-width) to separate multiple authorized entities, such as id="100000000001",id="100000000002".
None
--grant-write-acp
Grant the authorized permission to write to the object's access control list (ACL). Format: id="[OwnerUin]", for example id="100000000001". Use comma (half-width) to separate multiple authorized entities, such as id="100000000001",id="100000000002".
None
--grant-full-control
Grant all permissions on the operation object to the authorized. Format: id="[OwnerUin]", for example id="100000000001". Use comma (half-width) to separate multiple authorized entities, such as id="100000000001",id="100000000002".
Note:
For more general options for this command (such as switching buckets or user accounts), see Common Options.

Operation Example

Setting an ACL for an Object

Grant read permission on the object under bucket alias example-alias to 100000000013 and 100000000012. The command is as follows:
./coscli object-acl --method put cos://example-alias/object --grant-read="id=\\"100000000013\\",id=\\"100000000012\\""

Querying an Object ACL

Query the permission list of the object under bucket alias example-alias.
./coscli object-acl --method get cos://example-alias/object
Output the following result.
 SECTION  | KEY          | VALUE                                        
-----------+--------------+----------------------------------------------
  Owner    | UIN          |                                              
+          +--------------+---------------------------------------------+
           | ID           | qcs::cam::uin/1000000000:uin/1000000000      
+          +--------------+                                             +
           | Display Name |                                              
+----------+--------------+---------------------------------------------+
           |              |                                              
+----------+--------------+---------------------------------------------+
  Grant #1 | Permission   | READ                                         
+          +--------------+---------------------------------------------+
           | Grantee Type | CanonicalUser                                
+          +--------------+---------------------------------------------+
           | ID           | qcs::cam::uin/100000000013:uin/100000000013  
+          +--------------+                                             +
           | Display Name |                                              
+----------+--------------+---------------------------------------------+
           |              |                                              
+----------+--------------+---------------------------------------------+
  Grant #2 | Permission   | READ                                         
+          +--------------+---------------------------------------------+
           | Grantee Type | CanonicalUser                                
+          +--------------+---------------------------------------------+
           | ID           | qcs::cam::uin/100000000012:uin/100000000012  
+          +--------------+                                             +
           | Display Name |                                              
-----------+--------------+----------------------------------------------
Access Control List (ACL) Information

Summary:
 - Owner: qcs::cam::uin/1000000000:uin/1000000000 (UIN: )
 - Total Grants: 2
 - Permissions:
   - READ: 2 grants




Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No

Feedback