Setting Access Policy with SOAP
Access control can be set at the time a bucket or object is written by including the "AccessControlList" element with the request to CreateBucket
, PutObjectInline
, or PutObject
. The AccessControlList element is described in Authentication and
Access Control. If no access control list is specified with these operations, the resource is created with a default access policy that gives the requester FULL_CONTROL access (this is the case even if the request is a PutObjectInline or PutObject request for an object that already exists).
Following is a request that writes data to an object, makes the object readable by anonymous principals, and gives the specified user FULL_CONTROL rights to the bucket (Most developers will want to give themselves FULL_CONTROL access to their own bucket).
Example
Following is a request that writes data to an object and makes the object readable by anonymous principals.
Sample Request
<PutObjectInline xmlns="http://doc.s3.amazonaws.com/2006-03-01"> <Bucket>quotes</Bucket> <Key>Nelson</Key> <Metadata> <Name>Content-Type</Name> <Value>text/plain</Value> </Metadata> <Data>aGEtaGE=</Data> <ContentLength>5</ContentLength> <AccessControlList> <Grant> <Grantee xsi:type="CanonicalUser"> <ID>a9a7b886d6fd24a52fe8ca5bef65f89a64e0193f23000e241bf9b1c61be666e9</ID> <DisplayName>chriscustomer</DisplayName> </Grantee> <Permission>FULL_CONTROL</Permission> </Grant> <Grant> <Grantee xsi:type="Group"> <URI>http://acs.amazonaws.com/groups/global/AllUsers<URI> </Grantee> <Permission>READ</Permission> </Grant> </AccessControlList> <AWSAccessKeyId>1D9FVRAYCP1VJEXAMPLE=</AWSAccessKeyId> <Timestamp>2006-03-01T12:00:00.183Z</Timestamp> <Signature>Iuyz3d3P0aTou39dzbqaEXAMPLE=</Signature> </PutObjectInline>
Sample Response
<PutObjectInlineResponse xmlns="http://s3.amazonaws.com/doc/2006-03-01"> <PutObjectInlineResponse> <ETag>"828ef3fdfa96f00ad9f27c383fc9ac7f"</ETag> <LastModified>2006-01-01T12:00:00.000Z</LastModified> </PutObjectInlineResponse> </PutObjectInlineResponse>
The access control policy can be read or set for an existing bucket or object using the GetBucketAccessControlPolicy
, GetObjectAccessControlPolicy
, SetBucketAccessControlPolicy
, and SetObjectAccessControlPolicy
methods. For more information, see the detailed explanation of these methods.