Class S3AccessControlList

Namespace: Amazon.S3.Model

Assembly: AWSSDK.S3.dll

Represents an access control list (ACL) for S3. An AccessControlList is represented by an Owner, and a List of Grants, where each Grant is a Grantee and a Permission.

public class S3AccessControlList

Inheritance: object

S3AccessControlList

Inherited Members: object.GetType()

object.MemberwiseClone()

object.ToString()

object.Equals(object)

object.Equals(object, object)

object.ReferenceEquals(object, object)

object.GetHashCode()

Remarks

Each bucket and object in Amazon S3 has an ACL that defines its access control policy. When a request is made, Amazon S3 authenticates the request using its standard authentication procedure and then checks the ACL to verify the sender was granted access to the bucket or object. If the sender is approved, the request proceeds. Otherwise, Amazon S3 returns an error.

An ACL is a list of grants. A grant consists of one grantee and one permission. ACLs only grant permissions; they do not deny them.

For convenience, some commonly used Access Control Lists are defined in S3CannedACL.

Note: BucketName and object ACLs are completely independent; an object does not inherit the ACL from its bucket. For example, if you create a bucket and grant write access to another user, you will not be able to access the user's objects unless the user explicitly grants access. This also applies if you grant anonymous write access to a bucket. Only the user "anonymous" will be able to access objects the user created unless permission is explicitly granted to the bucket owner.

Important: We highly recommend that you do not grant the anonymous group write access to your buckets as you will have no control over the objects others can store and their associated charges. For more information, see Grantees and Permissions

Constructors

S3AccessControlList()

public S3AccessControlList()

Properties

Grants

A collection of grants.

public List<S3Grant> Grants { get; set; }

Property Value

List<S3Grant>

Owner

The owner of the bucket or object.

public Owner Owner { get; set; }

Property Value

Owner

Remarks

Every bucket and object in Amazon S3 has an owner, the user that created the bucket or object. The owner of a bucket or object cannot be changed. However, if the object is overwritten by another user (deleted and rewritten), the new object will have a new owner.

Note: Even the owner is subject to the ACL. For example, if an owner does not have Permission.READ access to an object, the owner cannot read that object. However, the owner of an object always has write access to the access control policy (Permission.WriteAcp) and can change the ACL to read the object.

Methods

AddGrant(S3Grantee, S3Permission)

Creates a S3Grant and adds it to the list of grants.

public void AddGrant(S3Grantee grantee, S3Permission permission)

Parameters

grantee S3Grantee: The grantee for the grant.
permission S3Permission: The permission for the grantee.

RemoveGrant(S3Grantee)

Removes all permissions for the given grantee.

public void RemoveGrant(S3Grantee grantee)

Parameters

grantee S3Grantee

RemoveGrant(S3Grantee, S3Permission)

Removes a specific permission for the given grantee.

public void RemoveGrant(S3Grantee grantee, S3Permission permission)

Parameters

grantee S3Grantee: The grantee
permission S3Permission: The permission for the grantee to remove

Table of Contents

Class S3AccessControlList

Remarks

Constructors

S3AccessControlList()

Properties

Grants

Property Value

Owner

Property Value

Remarks

Methods

AddGrant(S3Grantee, S3Permission)

Parameters

RemoveGrant(S3Grantee)

Parameters

RemoveGrant(S3Grantee, S3Permission)

Parameters