get_object_acl
(**kwargs)¶Returns the access control list (ACL) of an object. To use this operation, you must have s3:GetObjectAcl
permissions or READ_ACP
access to the object. For more information, see Mapping of ACL permissions and access policy permissions in the Amazon S3 User Guide
This action is not supported by Amazon S3 on Outposts.
Versioning
By default, GET returns ACL information about the current version of an object. To return ACL information about a different version, use the versionId subresource.
Note
If your bucket uses the bucket owner enforced setting for S3 Object Ownership, requests to read ACLs are still supported and return the bucket-owner-full-control
ACL with the owner being the account that created the bucket. For more information, see Controlling object ownership and disabling ACLs in the Amazon S3 User Guide .
The following operations are related to GetObjectAcl
:
See also: AWS API Documentation
Request Syntax
response = client.get_object_acl(
Bucket='string',
Key='string',
VersionId='string',
RequestPayer='requester',
ExpectedBucketOwner='string'
)
[REQUIRED]
The bucket name that contains the object for which to get the ACL information.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName -AccountId .s3-accesspoint.*Region* .amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide .
[REQUIRED]
The key of the object for which to get the ACL information.
403 Forbidden
(access denied).dict
Response Syntax
{
'Owner': {
'DisplayName': 'string',
'ID': 'string'
},
'Grants': [
{
'Grantee': {
'DisplayName': 'string',
'EmailAddress': 'string',
'ID': 'string',
'Type': 'CanonicalUser'|'AmazonCustomerByEmail'|'Group',
'URI': 'string'
},
'Permission': 'FULL_CONTROL'|'WRITE'|'WRITE_ACP'|'READ'|'READ_ACP'
},
],
'RequestCharged': 'requester'
}
Response Structure
(dict) --
Owner (dict) --
Container for the bucket owner's display name and ID.
DisplayName (string) --
Container for the display name of the owner.
ID (string) --
Container for the ID of the owner.
Grants (list) --
A list of grants.
(dict) --
Container for grant information.
Grantee (dict) --
The person being granted permissions.
DisplayName (string) --
Screen name of the grantee.
EmailAddress (string) --
Email address of the grantee.
Note
Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions:
For a list of all the Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.
ID (string) --
The canonical user ID of the grantee.
Type (string) --
Type of grantee
URI (string) --
URI of the grantee group.
Permission (string) --
Specifies the permission given to the grantee.
RequestCharged (string) --
If present, indicates that the requester was successfully charged for the request.
Exceptions
S3.Client.exceptions.NoSuchKey
Examples
The following example retrieves access control list (ACL) of an object.
response = client.get_object_acl(
Bucket='examplebucket',
Key='HappyFace.jpg',
)
print(response)
Expected Output:
{
'Grants': [
{
'Grantee': {
'DisplayName': 'owner-display-name',
'ID': 'examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc',
'Type': 'CanonicalUser',
},
'Permission': 'WRITE',
},
{
'Grantee': {
'DisplayName': 'owner-display-name',
'ID': 'examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc',
'Type': 'CanonicalUser',
},
'Permission': 'WRITE_ACP',
},
{
'Grantee': {
'DisplayName': 'owner-display-name',
'ID': 'examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc',
'Type': 'CanonicalUser',
},
'Permission': 'READ',
},
{
'Grantee': {
'DisplayName': 'owner-display-name',
'ID': '852b113eexamplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc',
'Type': 'CanonicalUser',
},
'Permission': 'READ_ACP',
},
],
'Owner': {
'DisplayName': 'owner-display-name',
'ID': 'examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc',
},
'ResponseMetadata': {
'...': '...',
},
}