Class AccessControlList
- All Implemented Interfaces:
com.amazonaws.services.s3.internal.S3RequesterChargedResult
,Serializable
Represents an Amazon S3 Access Control List (ACL), including the ACL's set of grantees and the permissions assigned to each grantee.
Each bucket and object in Amazon S3 has an ACL that defines its access control policy. When a request is made, Amazon S3 authenticates the request using its standard authentication procedure and then checks the ACL to verify the sender was granted access to the bucket or object. If the sender is approved, the request proceeds. Otherwise, Amazon S3 returns an error.
An ACL contains a list of grants. Each grant consists of one grantee and one permission. ACLs only grant permissions; they do not deny them.
For convenience, some commonly used ACLs are defined in
CannedAccessControlList
.
Note: Bucket and object ACLs are completely independent; an object does not inherit an ACL from its bucket. For example, if you create a bucket and grant write access to another user, you will not be able to access the user's objects unless the user explicitly grants access. This also applies if you grant anonymous write access to a bucket. Only the user "anonymous" will be able to access objects the user created unless permission is explicitly granted to the bucket owner.
Important: Do not grant the anonymous group
write access to buckets, as you will have no control over the objects
others can store and their associated charges. For more information, see
Grantee
and Permissions
.
- See Also:
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionboolean
Deprecated.This will remove the duplicate grants if received from Amazon S3.Gets the list ofGrant
objects in this access control list (ACL).getOwner()
Gets the owner of theAccessControlList
.void
grantAllPermissions
(Grant... grantsVarArg) Adds a set of grantee/permission pairs to the access control list (ACL), where each item in the set is aGrant
object.void
grantPermission
(Grantee grantee, Permission permission) Adds a grantee to the access control list (ACL) with the given permission.int
hashCode()
boolean
Returns true if the user has enabled Requester Pays option when conducting this operation from Requester Pays Bucket; else false.void
revokeAllPermissions
(Grantee grantee) Revokes the permissions of a grantee by removing the grantee from the access control list (ACL).void
For internal use only.void
setRequesterCharged
(boolean isRequesterCharged) Used for conducting this operation from a Requester Pays Bucket.toString()
-
Constructor Details
-
AccessControlList
public AccessControlList()
-
-
Method Details
-
getOwner
Gets the owner of theAccessControlList
.Every bucket and object in Amazon S3 has an owner, the user that created the bucket or object. The owner of a bucket or object cannot be changed. However, if the object is overwritten by another user (deleted and rewritten), the new object will have a new owner.
Note: Even the owner is subject to the access control list (ACL). For example, if an owner does not have
Permission.Read
access to an object, the owner cannot read that object. However, the owner of an object always has write access to the access control policy (Permission.WriteAcp
) and can change the ACL to read the object.- Returns:
- The owner for this
AccessControlList
.
-
setOwner
For internal use only. Sets the owner on this access control list (ACL). This method is only intended for internal use by the library. The owner of a bucket or object cannot be changed. However the object can be overwritten by the new desired owner (deleted and rewritten).- Parameters:
owner
- The owner for this ACL.
-
grantPermission
Adds a grantee to the access control list (ACL) with the given permission. If this access control list already contains the grantee (i.e. the same grantee object) the permission for the grantee will be updated.- Parameters:
grantee
- The grantee to whom the permission will apply.permission
- The permission to apply to the grantee.
-
grantAllPermissions
Adds a set of grantee/permission pairs to the access control list (ACL), where each item in the set is aGrant
object.- Parameters:
grantsVarArg
- A collection ofGrant
objects
-
revokeAllPermissions
Revokes the permissions of a grantee by removing the grantee from the access control list (ACL).- Parameters:
grantee
- The grantee to remove from this ACL.
-
getGrants
Deprecated.This will remove the duplicate grants if received from Amazon S3. UsegetGrantsAsList()
instead.Gets the set ofGrant
objects in this access control list (ACL).- Returns:
- The set of
Grant
objects in this ACL.
-
getGrantsAsList
Gets the list ofGrant
objects in this access control list (ACL).- Returns:
- The list of
Grant
objects in this ACL.
-
hashCode
public int hashCode() -
equals
-
toString
-
isRequesterCharged
public boolean isRequesterCharged()Description copied from interface:com.amazonaws.services.s3.internal.S3RequesterChargedResult
Returns true if the user has enabled Requester Pays option when conducting this operation from Requester Pays Bucket; else false.If a bucket is enabled for Requester Pays, then any attempt of operation from it without Requester Pays enabled will result in a 403 error and the bucket owner will be charged for the request.
Enabling Requester Pays disables the ability to have anonymous access to this bucket
- Specified by:
isRequesterCharged
in interfacecom.amazonaws.services.s3.internal.S3RequesterChargedResult
- Returns:
- true if the user has enabled Requester Pays option for conducting this operation from Requester Pays Bucket.
-
setRequesterCharged
public void setRequesterCharged(boolean isRequesterCharged) Description copied from interface:com.amazonaws.services.s3.internal.S3RequesterChargedResult
Used for conducting this operation from a Requester Pays Bucket. If set the requester is charged for conducting the operation from the bucket.If a bucket is enabled for Requester Pays, then any attempt of operation from it without Requester Pays enabled will result in a 403 error and the bucket owner will be charged for the request.
- Specified by:
setRequesterCharged
in interfacecom.amazonaws.services.s3.internal.S3RequesterChargedResult
- Parameters:
isRequesterCharged
- Indicates requester is charged for this operation.
-