Module: Aliyun::OSS::ACL

Defined in:
lib/aliyun/oss/acl.rb,
lib/aliyun/oss/response.rb

Overview

By default buckets are private. This means that only the owner has access rights to the bucket and its objects. Objects in that bucket inherit the permission of the bucket unless otherwise specified. When an object is private, the owner can generate a signed url that exposes the object to anyone who has that url. Alternatively, buckets and objects can be given other access levels. Several canned access levels are defined:

  • :private - Owner gets FULL_CONTROL. No one else has any access rights. This is the default.

  • :public_read - Owner gets FULL_CONTROL and the anonymous principal is granted READ access. If this policy is used on an object, it can be read from a browser with no authentication.

  • :public_read_write - Owner gets FULL_CONTROL, the anonymous principal is granted READ and WRITE access. This is a useful policy to apply to a bucket, if you intend for any anonymous user to PUT objects into the bucket.

You can set a canned access level when you create a bucket or an object by using the :access option:

OSSObject.store(
  'kiss.jpg', 
  data, 
  'marcel', 
  :access => :public_read
)

Since the image we created is publicly readable, we can access it directly from a browser by going to the corresponding bucket name and specifying the object’s key without a special authenticated url:

http://oss.aliyuncs.com/marcel/kiss.jpg

Defined Under Namespace

Modules: Bucket Classes: OptionProcessor, Policy