동향 및 공지

릴리스 노트

제품 공지

제품 소개

제품 개요

기능 개요

적용 시나리오

제품 장점

기본 개념

리전 및 액세스 도메인

규격 및 제한

제품 요금

과금 개요

과금 방식

과금 항목

프리 티어

과금 예시

청구서 보기 및 다운로드

연체 안내

FAQ

빠른 시작

콘솔 시작하기

COSBrowser 시작하기

사용자 가이드

요청 생성

버킷

객체

데이터 관리

일괄 프로세스

글로벌 가속

모니터링 및 알람

운영 센터

데이터 처리

스마트 툴 박스 사용 가이드

데이터 워크플로

애플리케이션 통합

툴 가이드

툴 개요

환경 설치 및 설정

COSBrowser 툴

COSCLI 툴

COSCMD 툴

COS Migration 툴

FTP Server 툴

Hadoop 툴

COSDistCp 툴

HDFS TO COS 툴

온라인 도구 (Onrain Dogu)

자가 진단 도구

실습 튜토리얼

개요

액세스 제어 및 권한 관리

성능 최적화

AWS S3 SDK를 사용하여 COS에 액세스하기

데이터 재해 복구 백업

도메인 관리 사례

이미지 처리 사례

COS 오디오/비디오 플레이어 사례

데이터 다이렉트 업로드

데이터 보안

데이터 검증

빅 데이터 사례

COS 비용 최적화 솔루션

3rd party 애플리케이션에서 COS 사용

마이그레이션 가이드

로컬 데이터 COS로 마이그레이션

타사 클라우드 스토리지 데이터를 COS로 마이그레이션

URL이 소스 주소인 데이터를 COS로 마이그레이션

COS 간 데이터 마이그레이션

Hadoop 파일 시스템과 COS 간 데이터 마이그레이션

데이터 레이크 스토리지

클라우드 네이티브 데이터 레이크

메타데이터 가속

데이터 레이크 가속기 GooseFS

데이터 처리

데이터 처리 개요

이미지 처리

미디어 처리

콘텐츠 조정

파일 처리

문서 미리보기

장애 처리

RequestId 가져오기

공용 네트워크로 COS에 파일 업로드 시 속도가 느린 문제

COS 액세스 시 403 에러 코드 반환

리소스 액세스 오류

POST Object 자주 발생하는 오류

보안 및 컴플라이언스

데이터 재해 복구

데이터 보안

액세스 관리

자주 묻는 질문

PUT Bucket acl

포커스 모드

폰트 크기

마지막 업데이트 시간: 2024-03-28 18:08:32

Overview
This API is used to write an access control list (ACL) for a bucket. You can set the ACL information through the x-cos-acl and x-cos-grant-* request headers or the request body in XML format.
Note: 
You can set the ACL information either through request headers or through the request body.
PUT Bucket acl is an overwriting operation. The new ACL will overwrite the old one.
With this API, you can grant permissions to Tencent Cloud CAM root accounts, anonymous users, and sub-users. To grant permissions to user groups, see Associating/Unassociating Policy with/from User Group. For more information about ACL, see ACL Overview.
To call this API, you need to have permission to write ACL to the bucket.
﻿
Request
Sample request
Sample 1
PUT /?acl HTTP/1.1
Host: <BucketName-APPID>.cos.<Region>.myqcloud.com
Date: GMT Date
Content-Length: 0
Authorization: Auth String
Sample 2
PUT /?acl HTTP/1.1
Host: <BucketName-APPID>.cos.<Region>.myqcloud.com
Date: GMT Date
Content-Type: application/xml
Content-Length: Content Length
Content-MD5: MD5
Authorization: Auth String
﻿
[Request Body]
Note: 
In Host: <BucketName-APPID>.cos.<Region>.myqcloud.com,  <BucketName-APPID> is the bucket name followed by the APPID, such as examplebucket-1250000000 (see Bucket Overview > Basic Information and Bucket Overview > Bucket Naming Conventions), and <Region> is a COS region (see Regions and Access Endpoints).
Authorization: Auth String (See Request Signature for details.)
Request parameters
This API has no request parameter.
Request headers
In addition to common request headers, this API also supports the following request headers. For more information about common request headers, please see Common Request Headers.
Header
Description
Type
Required
x-cos-acl
Defines the access control list (ACL) attribute of the bucket. For the enumerated values such as private (default) and public-read, see the Preset ACL section in ACL Overview.
Enum
No
x-cos-grant-read
Grants a user read access to a bucket in the format of id="[OwnerUin]" for root accounts such as id="100000000001" or id="[OwnerUin/GrantsUin]" for sub-accounts such as id="100000000001/100000000011". You can separate multiple users by comma, such as id="100000000001",id="100000000002".
string
No
x-cos-grant-write
Grants a user write access to a bucket in the format of id="[OwnerUin]" for root accounts such as id="100000000001" or id="[OwnerUin/GrantsUin]" for sub-accounts such as id="100000000001/100000000011". You can separate multiple users by comma, such as id="100000000001",id="100000000002".
string
No
x-cos-grant-read-acp
Grants a user read access to a bucket ACL in the format of id="[OwnerUin]" for root accounts such as id="100000000001" or id="[OwnerUin/GrantsUin]" for sub-accounts such as id="100000000001/100000000011". You can separate multiple users by comma, such as id="100000000001",id="100000000002".
string
No
x-cos-grant-write-acp
Grants a user write access to a bucket ACL in the format of id="[OwnerUin]" for root accounts such as id="100000000001" or id="[OwnerUin/GrantsUin]" for sub-accounts such as id="100000000001/100000000011". You can separate multiple users by comma, such as id="100000000001",id="100000000002".
string
No
x-cos-grant-full-control
Grants a user full access to a bucket in the format of id="[OwnerUin]" for root accounts such as id="100000000001" or id="[OwnerUin/GrantsUin]" for sub-accounts such as id="100000000001/100000000011". You can separate multiple users by comma, such as id="100000000001",id="100000000002".
string
No
Request body
The request body contains the application/xml data that includes information about the bucket owner and authorization.
<AccessControlPolicy>
    <Owner>
        <ID>string</ID>
    </Owner>
    <AccessControlList>
        <Grant>
            <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group">
                <URI>string</URI>
            </Grantee>
            <Permission>Enum</Permission>
        </Grant>
        <Grant>
            <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
                <ID>string</ID>
            </Grantee>
            <Permission>Enum</Permission>
        </Grant>
    </AccessControlList>
</AccessControlPolicy>
The nodes are described as follows:
Node Name (Keyword)
Parent Node
Description
Type
Required
AccessControlPolicy
None
All request information about the PUT Bucket acl operation
Container
Yes
Content of AccessControlPolicy:
Node Name (Keyword)
Parent Node
Description
Type
Required
Owner
AccessControlPolicy
Information about the bucket owner
Container
Yes
AccessControlList
AccessControlPolicy
Information about the grantee and permissions
Container
Yes
Content of Owner:
Node Name (Keyword)
Parent Node
Description
Type
Required
ID
AccessControlPolicy.Owner
Complete ID of the bucket owner in the format of qcs::cam::uin/[OwnerUin]:uin/[OwnerUin]
 Example: qcs::cam::uin/100000000001:uin/100000000001
string
Yes
Content of AccessControlList:
Node Name (Keyword)
Parent Node
Description
Type
Required
Grant
AccessControlPolicy.AccessControlList
A single permission. Each AccessControlList supports up to 100 Grant nodes.
Container
Yes
Content of AccessControlList.Grant:
Node Name (Keyword)
Parent Node
Description
Type
Required
Grantee
AccessControlPolicy.AccessControlList.Grant
Grantee information. xsi:type can be set to Group or CanonicalUser. If it’s set to Group, the child node can only include URI. If it’s set to CanonicalUser, the child node can only include ID.
Container
Yes
Permission
AccessControlPolicy.AccessControlList.Grant
Permission granted. For the enumerated values such as WRITE and FULL_CONTROL, please see  Actions on buckets in ACL Overview﻿
Enum
Yes
Content of AccessControlList.Grant.Grantee:
Node Name (Keyword)
Parent Node
Description
Type
Required
URI
AccessControlPolicy.AccessControlList.Grant.Grantee
Preset user group. For more information, please see Preset user group in ACL Overview.
Example: http://cam.qcloud.com/groups/global/AllUsers or http://cam.qcloud.com/groups/global/AuthenticatedUsers
string
Required if xsi:type of the Grantee is set to Group
ID
AccessControlPolicy.AccessControlList.Grant.Grantee
Complete ID of the grantee in the format of qcs::cam::uin/[OwnerUin]:uin/[OwnerUin]
Example: qcs::cam::uin/100000000001:uin/100000000001
string
Required if xsi:type of the grantee is set to CanonicalUser
Response
Response headers
This API only returns Common Response Headers.
Response body
The response body of this API is empty.
Error codes
This API returns common error responses and error codes. For more information, see Error Codes.
Examples
Sample 1: configuring ACL through request headers
Request
PUT /?acl HTTP/1.1
Host: examplebucket-1250000000.cos.ap-beijing.myqcloud.com
Date: Mon, 17 Jun 2019 08:30:12 GMT
x-cos-acl: public-read
x-cos-grant-write: id="100000000002"
x-cos-grant-read-acp: id="100000000002"
Content-Length: 0
Authorization: q-sign-algorithm=sha1&q-ak=AKID8A0fBVtYFrNm02oY1g1JQQF0c3JO****&q-sign-time=1560760212;1560767412&q-key-time=1560760212;1560767412&q-header-list=content-length;date;host;x-cos-acl;x-cos-grant-read-acp;x-cos-grant-write&q-url-param-list=acl&q-signature=5b10c6ea4e6c9630c085e1f85476c76d8c4e****
Connection: close
Response
HTTP/1.1 200 OK
Content-Length: 0
Connection: close
Date: Mon, 17 Jun 2019 08:30:13 GMT
Server: tencent-cos
x-cos-request-id: NWQwNzRmOTRfODhjMjJhMDlfMWRlYl81Mzc0****
Sample 2: configuring ACL through the request body
Request
PUT /?acl HTTP/1.1
Host: examplebucket-1250000000.cos.ap-beijing.myqcloud.com
Date: Mon, 17 Jun 2019 08:30:13 GMT
Content-Type: application/xml
Content-Length: 812
Content-MD5: 1qS+8SqnivarcO6Z11R0nw==
Authorization: q-sign-algorithm=sha1&q-ak=AKID8A0fBVtYFrNm02oY1g1JQQF0c3JO****&q-sign-time=1560760213;1560767413&q-key-time=1560760213;1560767413&q-header-list=content-length;content-md5;content-type;date;host&q-url-param-list=acl&q-signature=70f96b91823f3715905df125d96fe447554e****
Connection: close
﻿
<AccessControlPolicy>
    <Owner>
        <ID>qcs::cam::uin/100000000001:uin/100000000001</ID>
    </Owner>
    <AccessControlList>
        <Grant>
            <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group">
                <URI>http://cam.qcloud.com/groups/global/AllUsers</URI>
            </Grantee>
            <Permission>READ</Permission>
        </Grant>
        <Grant>
            <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
                <ID>qcs::cam::uin/100000000002:uin/100000000002</ID>
            </Grantee>
            <Permission>WRITE</Permission>
        </Grant>
        <Grant>
            <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
                <ID>qcs::cam::uin/100000000002:uin/100000000002</ID>
            </Grantee>
            <Permission>READ_ACP</Permission>
        </Grant>
    </AccessControlList>
</AccessControlPolicy>
Response
HTTP/1.1 200 OK
Content-Length: 0
Connection: close
Date: Mon, 17 Jun 2019 08:30:13 GMT
Server: tencent-cos
x-cos-request-id: NWQwNzRmOTVfMzBjMDJhMDlfOTM3MF8yNzdj****
﻿

도움말 및 지원

문제 해결에 도움이 되었나요?

더 자세한 내용은 문의하기 또는 티겟 제출 을 통해 문의할 수 있습니다.

피드백

tencent cloud

Cloud Object Storage

PUT Bucket acl

Overview

Request

Sample request

Request parameters

Request headers

Request body

Response

Response headers

Response body

Error codes

Examples

Sample 1: configuring ACL through request headers

Request

Response

Sample 2: configuring ACL through the request body

Request

Response

도움말 및 지원

Header	Description	Type	Required
x-cos-acl	Defines the access control list (ACL) attribute of the bucket. For the enumerated values such as `private` (default) and `public-read`, see the Preset ACL section in ACL Overview.	Enum	No
x-cos-grant-read	Grants a user read access to a bucket in the format of `id="[OwnerUin]"` for root accounts such as `id="100000000001"` or `id="[OwnerUin/GrantsUin]"` for sub-accounts such as `id="100000000001/100000000011"`. You can separate multiple users by comma, such as `id="100000000001",id="100000000002"`.	string	No
x-cos-grant-write	Grants a user write access to a bucket in the format of `id="[OwnerUin]"` for root accounts such as `id="100000000001"` or `id="[OwnerUin/GrantsUin]"` for sub-accounts such as `id="100000000001/100000000011"`. You can separate multiple users by comma, such as `id="100000000001",id="100000000002"`.	string	No
x-cos-grant-read-acp	Grants a user read access to a bucket ACL in the format of `id="[OwnerUin]"` for root accounts such as `id="100000000001"` or `id="[OwnerUin/GrantsUin]"` for sub-accounts such as `id="100000000001/100000000011"`. You can separate multiple users by comma, such as `id="100000000001",id="100000000002"`.	string	No
x-cos-grant-write-acp	Grants a user write access to a bucket ACL in the format of `id="[OwnerUin]"` for root accounts such as `id="100000000001"` or `id="[OwnerUin/GrantsUin]"` for sub-accounts such as `id="100000000001/100000000011"`. You can separate multiple users by comma, such as `id="100000000001",id="100000000002"`.	string	No
x-cos-grant-full-control	Grants a user full access to a bucket in the format of `id="[OwnerUin]"` for root accounts such as `id="100000000001"` or `id="[OwnerUin/GrantsUin]"` for sub-accounts such as `id="100000000001/100000000011"`. You can separate multiple users by comma, such as `id="100000000001",id="100000000002"`.	string	No

Node Name (Keyword)	Parent Node	Description	Type	Required
AccessControlPolicy	None	All request information about the `PUT Bucket acl` operation	Container	Yes