S3 Bucket Acl Operations:Set Bucket ACL

Search (SHIFT+S)

Set Bucket ACL

PUT /?acl

Sets the ACL of a bucket. The original ACL will be replaced.

This API enables you to set access permissions using one of the following methods:

  • Specify a canned ACL in the header

  • Specify the permission for each grantee explicitly in the header

  • Specify the ACL using the request body.

If the request body is used, request headers will be ignored. If individualized access permission headers are used, a canned ACL header cannot be used (it will be ignored). When using individualized access permission headers, the value consists of a comma-separated list of grantees. Each grantee can be specified using type=value pair, where type can be either:

  1. id - Canonical user ID of an EMC ECS account

  2. uri - Providing permissions to a predefined Amazon S3 Group

When specifying an ACL using the request body, the owner of the bucket can be changed.

URL Format

Host Style: http://bucketname.ns1.emc.com/?acl
Path Style: http://ns1.emc.com/bucketname?acl

Request Headers

x-amz-acl optionalSpecify canned ACL to set the ACL of the bucket. Valid values: private, public-read, public-read-write, authenticated-read. Default value: private.
x-amz-grant-read optionalEnables the grantee(s) to list objects in the bucket.
x-amz-grant-write optionalEnables the grantee(s) to create, delete and overwrite any object in the bucket.
x-amz-grant-read-acp optionalEnables the grantee(s) to read the ACL of the bucket.
x-amz-grant-write-acp optionalEnables the grantee(s) to write or set the ACL for the bucket.
x-amz-grant-full-control optionalEnables the grantee(s) read, write, READ_ACP and WRITE_ACP permissions on the bucket.
x-amz-date optionalThe timestamp of the request added by the requester. Example: Tue, 03 Sept 2013 12:00:00 GMT. If the Authorization header is specified, either the x-amz-date or the Date header must also be specified. If both the headers are specified, the value of the x-amz-date header is chosen.
Authorization requiredInformation needed to authenticate requests.


The following conditions must be met in order to call this operation.

  • Only the owner of the bucket or a user having WRITE_ACP permission can set the ACL

  • BaseUrl used in a host-style request URL should be pre-configured using the ECS Management API or the ECS Portal (for example, emc.com in the URL: bucketname.ns1.emc.com).

  • Namespace corresponding to this bucket should exist (for example, ns1).

Request Payload

All parameters are required unless otherwise stated.

Field Description Type Notes
<ID> The ID of the bucket owner String
<DisplayName> Screen name of the owner of the bucket. String
<AccessControlList> Contains information about Grant, Grantee and the Permission
<Grant>     0-* Elements
<Grantee> Individual whose permissions are to be set.
<Permission> Specifies the permission being given to the grantee

Response Headers

x-amz-request-id optionalRequest id
x-amz-id-2 optionalBucket identifier

Response Body

Response indicating Success or Failure to set bucket ACL