GetBucketAcl
This implementation of the GET
action uses the acl
subresource
to return the access control list (ACL) of a bucket. To use GET
to return the
ACL of the bucket, you must have READ_ACP
access to the bucket. If
READ_ACP
permission is granted to the anonymous user, you can return the
ACL of the bucket without using an authorization header.
To use this API against an access point, provide the alias of the access point in place of the bucket name.
If your bucket uses the bucket owner enforced setting for S3 Object Ownership,
requests to read ACLs are still supported and return the
bucket-owner-full-control
ACL with the owner being the account that
created the bucket. For more information, see Controlling object
ownership and disabling ACLs in the
Amazon S3 User Guide.
Related Resources
Request Syntax
GET /?acl HTTP/1.1
Host: Bucket
.s3.amazonaws.com
x-amz-expected-bucket-owner: ExpectedBucketOwner
URI Request Parameters
The request uses the following URI parameters.
- Bucket
-
Specifies the S3 bucket whose ACL is being requested.
Required: Yes
- x-amz-expected-bucket-owner
-
The account ID of the expected bucket owner. If the bucket is owned by a different account, the request fails with the HTTP status code
403 Forbidden
(access denied).
Request Body
The request does not have a request body.
Response Syntax
HTTP/1.1 200
<?xml version="1.0" encoding="UTF-8"?>
<AccessControlPolicy>
<Owner>
<DisplayName>string</DisplayName>
<ID>string</ID>
</Owner>
<AccessControlList>
<Grant>
<Grantee>
<DisplayName>string</DisplayName>
<EmailAddress>string</EmailAddress>
<ID>string</ID>
<xsi:type>string</xsi:type>
<URI>string</URI>
</Grantee>
<Permission>string</Permission>
</Grant>
</AccessControlList>
</AccessControlPolicy>
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in XML format by the service.
- AccessControlPolicy
-
Root level tag for the AccessControlPolicy parameters.
Required: Yes
- Grants
-
A list of grants.
Type: Array of Grant data types
- Owner
-
Container for the bucket owner's display name and ID.
Type: Owner data type
Examples
Sample Request
The following request returns the ACL of the specified bucket.
GET ?acl HTTP/1.1 Host: bucket.s3.<Region>.amazonaws.com Date: Wed, 28 Oct 2009 22:32:00 GMT Authorization: authorization string
Sample Response
HTTP/1.1 200 OK x-amz-id-2: eftixk72aD6Ap51TnqcoF8eFidJG9Z/2mkiDFu8yU9AS1ed4OpIszj7UDNEHGran x-amz-request-id: 318BC8BC148832E5 Date: Wed, 28 Oct 2009 22:32:00 GMT Last-Modified: Sun, 1 Jan 2006 12:00:00 GMT Content-Length: 124 Content-Type: text/plain Connection: close Server: AmazonS3 <AccessControlPolicy> <Owner> <ID>75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a</ID> <DisplayName>CustomersName@amazon.com</DisplayName> </Owner> <AccessControlList> <Grant> <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser"> <ID>75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a</ID> <DisplayName>CustomersName@amazon.com</DisplayName> </Grantee> <Permission>FULL_CONTROL</Permission> </Grant> </AccessControlList> </AccessControlPolicy>
See Also
For more information about using this API in one of the language-specific Amazon SDKs, see the following: