Class GetObjectAclCommandProtected

This operation is not supported by directory buckets.

Returns the access control list (ACL) of an object. To use this operation, you must have s3:GetObjectAcl permissions or READ_ACP access to the object. For more information, see Mapping of ACL permissions and access policy permissions in the Amazon S3 User Guide

This functionality is not supported for Amazon S3 on Outposts.

By default, GET returns ACL information about the current version of an object. To return ACL information about a different version, use the versionId subresource.

If your bucket uses the bucket owner enforced setting for S3 Object Ownership, requests to read ACLs are still supported and return the bucket-owner-full-control ACL with the owner being the account that created the bucket. For more information, see Controlling object ownership and disabling ACLs in the Amazon S3 User Guide.

The following operations are related to GetObjectAcl:

• GetObject

• GetObjectAttributes

• DeleteObject

• PutObject

Example

Use a bare-bones client and the command you need to make an API call.

import { S3Client, GetObjectAclCommand } from "@aws-sdk/client-s3"; // ES Modules import
// const { S3Client, GetObjectAclCommand } = require("@aws-sdk/client-s3"); // CommonJS import
const client = new S3Client(config);
const input = { // GetObjectAclRequest
  Bucket: "STRING_VALUE", // required
  Key: "STRING_VALUE", // required
  VersionId: "STRING_VALUE",
  RequestPayer: "requester",
  ExpectedBucketOwner: "STRING_VALUE",
};
const command = new GetObjectAclCommand(input);
const response = await client.send(command);
// { // GetObjectAclOutput
//   Owner: { // Owner
//     DisplayName: "STRING_VALUE",
//     ID: "STRING_VALUE",
//   },
//   Grants: [ // Grants
//     { // Grant
//       Grantee: { // Grantee
//         DisplayName: "STRING_VALUE",
//         EmailAddress: "STRING_VALUE",
//         ID: "STRING_VALUE",
//         URI: "STRING_VALUE",
//         Type: "CanonicalUser" || "AmazonCustomerByEmail" || "Group", // required
//       },
//       Permission: "FULL_CONTROL" || "WRITE" || "WRITE_ACP" || "READ" || "READ_ACP",
//     },
//   ],
//   RequestCharged: "requester",
// };

Param

GetObjectAclCommandInput

Returns

GetObjectAclCommandOutput

See

• GetObjectAclCommandInput for command's input shape.
• GetObjectAclCommandOutput for command's response shape.
• config for S3Client's config shape.

Throws

NoSuchKey (client fault)

The specified key does not exist.

Throws

S3ServiceException

Base exception class for all service exceptions from S3 service.

Example

To retrieve object ACL

// The following example retrieves access control list (ACL) of an object.
const input = {
  "Bucket": "examplebucket",
  "Key": "HappyFace.jpg"
};
const command = new GetObjectAclCommand(input);
const response = await client.send(command);
/* response ==
{
  "Grants": [
    {
      "Grantee": {
        "DisplayName": "owner-display-name",
        "ID": "examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc",
        "Type": "CanonicalUser"
      },
      "Permission": "WRITE"
    },
    {
      "Grantee": {
        "DisplayName": "owner-display-name",
        "ID": "examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc",
        "Type": "CanonicalUser"
      },
      "Permission": "WRITE_ACP"
    },
    {
      "Grantee": {
        "DisplayName": "owner-display-name",
        "ID": "examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc",
        "Type": "CanonicalUser"
      },
      "Permission": "READ"
    },
    {
      "Grantee": {
        "DisplayName": "owner-display-name",
        "ID": "852b113eexamplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc",
        "Type": "CanonicalUser"
      },
      "Permission": "READ_ACP"
    }
  ],
  "Owner": {
    "DisplayName": "owner-display-name",
    "ID": "examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc"
  }
}
*/
// example id: to-retrieve-object-acl-1481833557740