< Previous | Contents | Next >

Adding an ACL to an object

You use the HTTP PUT method with the acl query parameter to add an ACL to an existing object. Adding an ACL to an object replaces any existing ACL in its entirety. You cannot modify an existing ACL in place.


To add an ACL to an object, you need write ACL permission for the bucket containing the object or for the object itself.


You can add an ACL only to the current version of an object. However, the ACL you add applies to all versions of the object.


To add an ACL to an object, you can use either request headers or an ACL request body. You cannot use ACL headers and an ACL request body in the same request.


Chapter 6: Working with objects 147

Adding an ACL to an object


With ACL headers, you can specify either a canned ACL or individual x-amz-grant- headers. You cannot specify both a canned ACL and an x-amz-grant- header in the same request.


You can use an ACL request body to change the owner of an object. You cannot use ACL headers to do this. To change the owner of an object, you need both write ACL permission for the bucket or object and change owner permission for the bucket.


If you try to add an ACL that specifies a user account that does not exist, HCP returns a 400 (Bad Request) status code and does not add the ACL to the object.


For an introduction to ACLs and information on how to specify them, see “Access control lists” on page 25.


 

Request lineRequest headersResponse headersHTTP status codesExamplesExample 1: Adding an ACL to an object by using a canned ACLExample 2: Adding an ACL to an object by using an ACL request body