public class AccessControlList extends Object implements Serializable
Represents an Qcloud COS Access Control List (ACL), including the ACL's set of grantees and the permissions assigned to each grantee.
Each bucket and object in Qcloud COS has an ACL that defines its access control policy. When a request is made, Qcloud COS authenticates the request using its standard authentication procedure and then checks the ACL to verify the sender was granted access to the bucket or object. If the sender is approved, the request proceeds. Otherwise, Qcloud COS returns an error.
An ACL contains a list of grants. Each grant consists of one grantee and one permission. ACLs only grant permissions; they do not deny them.
For convenience, some commonly used ACLs are defined in CannedAccessControlList.
Note: Bucket and object ACLs are completely independent; an object does not inherit an ACL from its bucket. For example, if you create a bucket and grant write access to another user, you will not be able to access the user's objects unless the user explicitly grants access. This also applies if you grant anonymous write access to a bucket. Only the user "anonymous" will be able to access objects the user created unless permission is explicitly granted to the bucket owner.
Important: Do not grant the anonymous group write access to buckets, as you will have no control
over the objects others can store and their associated charges. For more information, see
Grantee and Permissions.
CannedAccessControlList,
序列化表格| 构造器和说明 |
|---|
AccessControlList() |
| 限定符和类型 | 方法和说明 |
|---|---|
Set<Grant> |
getGrants()
已过时。
This will remove the duplicate grants if received from Qcloud COS. Use
getGrantsAsList() instead. |
List<Grant> |
getGrantsAsList()
Gets the list of
Grant objects in this access control list (ACL). |
Owner |
getOwner()
Gets the owner of the
AccessControlList. |
void |
grantAllPermissions(Grant... grantsVarArg)
Adds a set of grantee/permission pairs to the access control list (ACL), where each item in
the set is a
Grant object. |
void |
grantPermission(Grantee grantee,
Permission permission)
Adds a grantee to the access control list (ACL) with the given permission.
|
void |
revokeAllPermissions(Grantee grantee)
Revokes the permissions of a grantee by removing the grantee from the access control list
(ACL).
|
void |
setOwner(Owner owner)
For internal use only.
|
String |
toString() |
public Owner getOwner()
AccessControlList.
Every bucket and object in Qcloud COS has an owner, the user that created the bucket or object. The owner of a bucket or object cannot be changed. However, if the object is overwritten by another user (deleted and rewritten), the new object will have a new owner.
Note: Even the owner is subject to the access control list (ACL). For example, if an owner
does not have Permission.Read access to an object, the owner cannot read that object.
However, the owner of an object always has write access to the access control policy (
Permission#WriteAcp) and can change the ACL to read the object.
AccessControlList.public void setOwner(Owner owner)
owner - The owner for this ACL.public void grantPermission(Grantee grantee, Permission permission)
grantee - The grantee to whom the permission will apply.permission - The permission to apply to the grantee.public void grantAllPermissions(Grant... grantsVarArg)
Grant object.grantsVarArg - A collection of Grant objectspublic void revokeAllPermissions(Grantee grantee)
grantee - The grantee to remove from this ACL.@Deprecated public Set<Grant> getGrants()
getGrantsAsList() instead.Grant objects in this access control list (ACL).Grant objects in this ACL.public List<Grant> getGrantsAsList()
Grant objects in this access control list (ACL).Grant objects in this ACL.Copyright © 2017. All rights reserved.