S3AccessControlList Class | AWS SDK for .NET Version 4

Represents an access control list (ACL) for S3. An AccessControlList is represented by an Owner, and a List of Grants, where each Grant is a Grantee and a Permission.

Inheritance Hierarchy

System.Object
Amazon.S3.Model.S3AccessControlList

Namespace: Amazon.S3.Model
Assembly: AWSSDK.S3.dll
Version: 3.x.y.z

Syntax

public class S3AccessControlList

The S3AccessControlList type exposes the following members

Constructors

	Name	Description
	S3AccessControlList()

Properties

	Name	Type	Description
	Grants	System.Collections.Generic.List<Amazon.S3.Model.S3Grant>	Gets and sets the property Grants. A list of grants. Starting with version 4 of the SDK this property will default to null. If no data for this property is returned from the service the property will also be null. This was changed to improve performance and allow the SDK and caller to distinguish between a property not set or a property being empty to clear out a value. To retain the previous SDK behavior set the AWSConfigs.InitializeCollections static property to true.
	Owner	Amazon.S3.Model.Owner	Gets and sets the property Owner. Container for the bucket owner's display name and ID.

Name

Type

Description

Grants

System.Collections.Generic.List<Amazon.S3.Model.S3Grant>

Gets and sets the property Grants.

A list of grants.

Starting with version 4 of the SDK this property will default to null. If no data for this property is returned from the service the property will also be null. This was changed to improve performance and allow the SDK and caller to distinguish between a property not set or a property being empty to clear out a value. To retain the previous SDK behavior set the AWSConfigs.InitializeCollections static property to true.

Owner

Amazon.S3.Model.Owner

Gets and sets the property Owner.

Container for the bucket owner's display name and ID.

Methods

Note:

Asynchronous operations (methods ending with Async) in the table below are for .NET 4.7.2 or higher.

	Name	Description
	AddGrant(S3Grantee, S3Permission)	Creates a S3Grant and adds it to the list of grants.
	RemoveGrant(S3Grantee, S3Permission)	Removes a specific permission for the given grantee.
	RemoveGrant(S3Grantee)	Removes all permissions for the given grantee.

Remarks

Each bucket and object in Amazon S3 has an ACL that defines its access control policy. When a request is made, Amazon S3 authenticates the request using its standard authentication procedure and then checks the ACL to verify the sender was granted access to the bucket or object. If the sender is approved, the request proceeds. Otherwise, Amazon S3 returns an error.

An ACL is a list of grants. A grant consists of one grantee and one permission. ACLs only grant permissions; they do not deny them.

For convenience, some commonly used Access Control Lists are defined in S3CannedACL.

Note: BucketName and object ACLs are completely independent; an object does not inherit the ACL from its bucket. For example, if you create a bucket and grant write access to another user, you will not be able to access the user's objects unless the user explicitly grants access. This also applies if you grant anonymous write access to a bucket. Only the user "anonymous" will be able to access objects the user created unless permission is explicitly granted to the bucket owner.

Important: We highly recommend that you do not grant the anonymous group write access to your buckets as you will have no control over the objects others can store and their associated charges. For more information, see Grantees and Permissions

Version Information

.NET:
Supported in: 8.0 and newer, Core 3.1

.NET Standard:
Supported in: 2.0

.NET Framework:
Supported in: 4.7.2 and newer