Service Status

The Object Storage Unit (OSU) service is now END OF SALE. For more information, see End-of-Life Policy.

You can set the permissions for other users to access and manage your objects by using an Access Control List (ACL).

The users to whom you share your objects can also download them. For more information, see Access Control List (ACL) Reference.

You can set the ACL for the current version of an object, or one or more of its versions. This enables you to hide or to share a former version with other users.

You need to specify the ACL individually for each object contained in your bucket.

This feature is not available from Cockpit. This documentation only describes the procedure using AWS CLI.

  • To set the ACL for an object, use the put-object-acl command following this syntax:

    Request Sample
    $ aws s3api put-object-acl \
        --bucket BUCKET \
        --key OBJECT \
        --acl private \
        --grant-full-control "id=USER_ID, id=USER_ID" \
        --grant-read "id=USER_ID, id=USER_ID" \
        --grant-read-acp "id=USER_ID, id=USER_ID" \
        --grant-write "id=USER_ID, id=USER_ID" \
        --grant-write-acp "id=USER_ID, id=USER_ID" \
        --version-id qAfAAsAAuA00kclkg0A0AAuAAjaAtA. \
        --endpoint ENDPOINT

    This command contains the following attributes that you need to specify:

    • (optional) profile: The named profile you want to use, created when configuring AWS CLI. For more information, see Installing and Configuring AWS CLI.
    • bucket: The name of the bucket in which the object is stored.
    • key: The name of the object in the bucket.

      • When specifying new permissions, all the previous permissions are replaced. Therefore, you need to specify both the existing permissions that you want to keep (including for yourself) and the new permissions that you want to give in a single command.
      • If you are the owner of the bucket, you can lose your own permissions but not the ability to manage the ACL itself.

      For more information about existing permissions, see Getting Information About a Bucket ACL and Getting Information About an Object ACL.

    • (optional) acl: The permissions you grant for your object (private | public-read | public-read-write | authenticated-read | bucket-owner-read | bucket-owner-full-control).
    • (optional) grant-full-control: One or more IDs of users to whom you grant the full-control permission.

    • (optional) grant-readOne or more IDs of users to whom you grant the read permission.
    • (optional) grant-read-acp: One or more IDs of users to whom you grant the read-acp permission.
    • (optional) grant-write: One or more IDs of users to whom you grant the write permission.
    • (optional) grant-write-acp: One or more IDs of users to whom you grant the write-acp permission.

      • When using OOS, you need to specify S3 user IDs. You can retrieve S3 user IDs via the Listing Your Buckets and Listing the Objects of a Bucket methods using the oos endpoint.
      • When using OSU, you need to specify OUTSCALE account IDs.
      • In both cases, you can also specify user email addresses using the format. 
    • (optional) version-id: The version ID of a previous or of the current version of the object.
    • endpoint: The endpoint corresponding to the service (oos or osuand Region you want to send the request to, in the following format: https://<SERVICE>.<REGION>

  The ACL is set for the object. 

Tutorial: Setting Up a Bucket with Objects

Previous Step:

Next Step:

(optional) Copying an Object to a Bucket

AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.