We are extending MSP360 S3 Explorer with useful Amazon S3 functionality and in the post, we would like to introduce the Canned ACL policy support. When doing a PUT request you can specify a canned ACL, which grants certain access rights. You don’t need to do an extra request to set an ACL. This makes working with Amazon S3 more efficient. In the previous releases of MSP360, S3 Explorer we ran an extra request for setting ACL of every type. Now we will recognize the type of ACL you want to set and run canned ACL whenever appropriate.
Following are canned ACLs that are supported for REST.
·private—Owner gets.FULL_CONTROL
No one else has access rights (default).
·public-read—Owner gets FULL_CONTROL
and the anonymous principal is granted READ
access.
If this policy is used on an object, it can be read from a browser with no authentication.
·public-read-write—Owner gets FULL_CONTROL
, the anonymous principal is granted READ
and WRITE
access.
This can be a useful policy to apply to a bucket but is generally not recommended.
·authenticated-read—Owner gets FULL_CONTROL
, and any principal authenticated as a registered Amazon S3 user is granted READ
access.
·bucket-owner-read—Object Owner gets FULL_CONTROL, Bucket Owner gets READ
This ACL applies only to objects and is equivalent to private when used with PUT Bucket. You use this ACL to let someone other than the bucket owner write content (get full control) in the bucket but still grant the bucket owner read access to the objects.
·bucket-owner-full-control—Object Owner gets FULL_CONTROL, Bucket Owner gets FULL_CONTROL
This ACL applies only to objects and is equivalent to private when used with PUT Bucket. You use this ACL to let someone other than the bucket owner write content (get full control) in the bucket but still grant the bucket owner full rights over the objects.
Note: this post applies to MSP360 Explorer 1.9 and later.