我的书签
添加书签
移除书签管理对象访问权限
更新时间: 2019-03-14 10:05
对象访问权限与桶访问权限类似,也可支持预定义访问策略(参见桶访问权限)或直接设置。
对象访问权限(ACL)可以通过三种方式设置:
- 上传对象时指定预定义访问策略。
- 调用ObsClient.SetObjectAcl指定预定义访问策略。
- 调用ObsClient.SetObjectAcl直接设置。
上传对象时指定预定义访问策略
以下代码展示如何在上传对象时指定预定义访问策略:
- // 引入依赖包
- import (
- "fmt"
- "obs"
- "strings"
- )
- var ak = "*** Provide your Access Key ***"
- var sk = "*** Provide your Secret Key ***"
- var endpoint = "https://your-endpoint"
- // 创建ObsClient结构体
- var obsClient, _ = obs.New(ak, sk, endpoint)
- func main() {
- input := &obs.PutObjectInput{}
- input.Bucket = "bucketname"
- input.Key = "objectkey"
- input.Body = strings.NewReader("Hello OBS")
- // 设置对象访问权限为公共读
- input.ACL = obs.AclPublicRead
- output, err := obsClient.PutObject(input)
- if err == nil {
- fmt.Printf("RequestId:%s\n", output.RequestId)
- } else if obsError, ok := err.(obs.ObsError); ok {
- fmt.Printf("Code:%s\n", obsError.Code)
- fmt.Printf("Message:%s\n", obsError.Message)
- }
- }
为对象设置预定义访问策略
以下代码展示如何为对象设置预定义访问策略:
- // 引入依赖包
- import (
- "fmt"
- "obs"
- )
- var ak = "*** Provide your Access Key ***"
- var sk = "*** Provide your Secret Key ***"
- var endpoint = "https://your-endpoint"
- // 创建ObsClient结构体
- var obsClient, _ = obs.New(ak, sk, endpoint)
- func main() {
- input := &obs.SetObjectAclInput{}
- input.Bucket = "bucketname"
- input.Key = "objectkey"
- // 设置对象访问权限为私有读写
- input.ACL = obs.AclPrivate
- output, err := obsClient.SetObjectAcl(input)
- if err == nil {
- fmt.Printf("RequestId:%s\n", output.RequestId)
- } else if obsError, ok := err.(obs.ObsError); ok {
- fmt.Printf("Code:%s\n", obsError.Code)
- fmt.Printf("Message:%s\n", obsError.Message)
- }
- }
直接设置对象访问权限
以下代码展示如何直接设置对象访问权限:
- // 引入依赖包
- import (
- "fmt"
- "obs"
- )
- var ak = "*** Provide your Access Key ***"
- var sk = "*** Provide your Secret Key ***"
- var endpoint = "https://your-endpoint"
- // 创建ObsClient结构体
- var obsClient, _ = obs.New(ak, sk, endpoint)
- func main() {
- input := &obs.SetObjectAclInput{}
- input.Bucket = "bucketname"
- input.Key = "objectkey"
- input.Owner.ID = "ownerid"
- var grants [3]obs.Grant
- // 为授权用户设置写权限
- grants[0].Grantee.Type = obs.GranteeGroup
- grants[0].Grantee.URI = obs.GroupAuthenticatedUsers
- grants[0].Permission = obs.PermissionWrite
- // 为指定用户设置完全控制权限
- grants[1].Grantee.Type = obs.GranteeUser
- grants[1].Grantee.ID = "granteeid"
- grants[1].Permission = obs.PermissionFullControl
- // 为所有用户设置读权限
- grants[2].Grantee.Type = obs.GranteeGroup
- grants[2].Grantee.URI = obs.GroupAllUsers
- grants[2].Permission = obs.PermissionRead
- input.Grants = grants[0:3]
- output, err := obsClient.SetObjectAcl(input)
- if err == nil {
- fmt.Printf("RequestId:%s\n", output.RequestId)
- } else if obsError, ok := err.(obs.ObsError); ok {
- fmt.Printf("Code:%s\n", obsError.Code)
- fmt.Printf("Message:%s\n", obsError.Message)
- }
- }
说明:
所有者ID或者被授权用户ID,是指用户的账户ID,可通过OBS控制台“我的凭证”页面查看。
获取对象访问权限
您可以通过ObsClient.GetObjectAcl获取对象的访问权限。以下代码展示如何获取对象访问权限:
- // 引入依赖包
- import (
- "fmt"
- "obs"
- )
- var ak = "*** Provide your Access Key ***"
- var sk = "*** Provide your Secret Key ***"
- var endpoint = "https://your-endpoint"
- // 创建ObsClient结构体
- var obsClient, _ = obs.New(ak, sk, endpoint)
- func main() {
- input := &obs.GetObjectAclInput{}
- input.Bucket = "bucketname"
- input.Key = "objectkey"
- output, err := obsClient.GetObjectAcl(input)
- if err == nil {
- fmt.Printf(Owner.ID:%s\n", output.Owner.ID)
- for index, grant := range output.Grants {
- fmt.Printf("Grant[%d]-Type:%s, ID:%s, URI:%s, Permission:%s\n", index, grant.Grantee.Type, grant.Grantee.ID, grant.Grantee.URI, grant.Permission)
- }
- } else if obsError, ok := err.(obs.ObsError); ok {
- fmt.Printf("Code:%s\n", obsError.Code)
- fmt.Printf("Message:%s\n", obsError.Message)
- }
- }
父主题:管理对象
