Supported S3 ACL Permissions
The following tables describe the supported permissions for primary and canned ACLs:
Table 2-2 Primary ACL: Grantee Supported Permissions
| Permission | When Granted on Bucket | When Granted on Object |
|---|---|---|
|
READ |
Enables grantee to list the objects in the bucket. |
Enables grantee to read the object data and its metadata. |
|
WRITE |
Enables grantee to create, overwrite, and delete any object in the bucket. |
Not applicable. |
|
READ_ACP |
Enables grantee to read the bucket ACL. |
Enables grantee to read the object ACL. |
|
WRITE_ACP |
Enables grantee to write the ACL for the applicable bucket. |
Enables grantee to write the ACL for the applicable object. |
|
FULL_CONTROL |
Allows grantee the READ, WRITE, READ_ACP, and WRITE_ACP permissions on the bucket. |
Enables grantee the READ, READ_ACP, and WRITE_ACP permissions on the object. |
Table 2-3 Canned ACL: Supported Group Permissions
| Canned ACL | Applies To | Permissions Added To ACL |
|---|---|---|
|
private |
Bucket and object |
Owner gets FULL_CONTROL. No one else has access rights (default). |
|
public-read |
Bucket and object |
Owner gets FULL_CONTROL. The All Users Group gets READ access. |
|
public-read-write |
Bucket and object |
Owner gets FULL_CONTROL. The All Users Group gets READ and WRITE access. For security reasons, granting this canned ACL on a bucket is generally not recommended. |
|
authenticated-read |
Bucket and object |
Owner gets FULL_CONTROL. The Authenticated Users Group gets READ access. |
|
bucket-owner-read |
Object |
Object owner gets FULL_CONTROL. Bucket owner gets READ access. If you specify this canned ACL when creating a bucket, the appliance S3 API ignores it. |
|
bucket-owner-full-control |
Object |
Both the object owner and the bucket owner get FULL_CONTROL over the object. If you specify this canned ACL when creating a bucket, the appliance S3 API ignores it. |