Access Control List (ACL) Overview¶

Tebi access control lists (ACL) enable you to manage access to buckets, objects, and services.

Each bucket and object has an ACL attached to it. This ACL defines which keys are granted access, and the extent of access. Whenever a request for a resource is processed, Tebi checks the corresponding ACL to verify that the requester has the necessary access permissions.

All objects in Tebi storage are Private by default. You can change these bucket properties in the Access Control section.

Canned ACL¶

Tebi storage supports a set of predefined grants, known as canned ACLs. Each canned ACL has a predefined set of grantees and permissions.

The following table lists the set of canned ACLs, along with their associated predefined grants:

Canned ACL	Applies to	Permissions
private	object	Owner gets FULL_CONTROL. No one else has access rights (default).
public-read	object	Owner gets FULL_CONTROL. The AllUsers group gets READ access.
public-read-write	object	Owner gets FULL_CONTROL. The AllUsers group gets READ access.

Note

You can specify only one of these canned ACLs in your request.

Specify a canned ACL in your request using the x-amz-acl request header. When Tebi storage receives a request with a canned ACL in the request, the predefined grants are added to the ACL of the resource.

Storage Class Overview

Server-Side Encryption Overview