To set or modify the ACLs on an existing bucket you make a PUT request that is
scoped to the bucket and you use the
acl query string parameter.
You must include an XML document in the request body that contains the ACL
settings you want to apply. Notice that you cannot set the ACLs on a new bucket
you are creating. (When you create a new bucket, the default ACL (project-
private) is automatically applied to the bucket.)
You must have
FULL_CONTROL permission to apply ACLs to an existing
bucket. Also, you must be authenticated to use the PUT Bucket method. Anonymous
bucket creation requests will fail.
Query string parameters
||You use this to change ACLs on an existing bucket. You must provide the ACL XML document in the request body.||No|
Request body elements
Notes: To see how these elements are nested, see the ACL syntax.
The following request body elements are applicable only if you use the
acl query string parameter to apply ACLs to an existing bucket.
||Container for bucket owner information.|
||The Google Storage ID of the bucket owner or the Google Storage ID of the user or group for whom the ACLs are being applied.|
||Comment field for
||Container for the ACLs you are applying.|
||Container for the ACL entries you are applying.|
||The ACL entry you are applying.|
||The scope to which the ACLs apply.|
||The permission you are granting. Can be any of the Cloud Storage permissions, including
||A Google account email address or a Google group email address.|
||A GSuite or Cloud Identity domain.|
PUT /?acl HTTP/1.1 Host: <bucket>.storage.googleapis.com Date: <date and time of the request> Content-Length: <request body length> Content-Type: <MIME type of the body> Authorization: <authentication string> <xml_document_defining_acls>
The request can return a variety of response headers depending on the request headers you use.
Response body elements
The response does not include an XML document in the response body.
The following sample applies ACLs to a bucket named acme-pets. The ACLs grant
WRITE permission to members of the Google Storage (a
Google group). Granting
WRITE permission to the group lets each
group member upload objects to the acme-pets bucket, delete objects in the acme-
pets bucket, and list objects in the acme-pets bucket. The ACLs also grant
FULL_CONTROL of the acme-pets bucket, which lets
Jane upload objects, delete objects, list objects, and modify ACLs on the acme-
PUT /?acl HTTP/1.1 Host: acme-pets.storage.googleapis.com Date: Thu, 10 Jun 2010 03:38:42 GMT Content-Length: 705 Authorization: Bearer ya29.AHES6ZRVmB7fkLtd1XTmq6mo0S1wqZZi3-Lh_s-6Uw7p8vtgSwg <?xml version="1.0" encoding="UTF-8"?> <AccessControlList> <Owner> <ID>84fac329bceSAMPLE777d5d22b8SAMPLE77d85ac2SAMPLE2dfcf7c4adf34da46</ID> <Name></Name> </Owner> <Entries> <Entry> <Scope type="UserById"> <ID>84fac329bceSAMPLE777d5d22b8SAMPLE77d85ac2SAMPLE2dfcf7c4adf34da46</ID> <Name></Name> </Scope> <Permission>FULL_CONTROL</Permission> </Entry> <Entry> <Scope type="UserByEmail"> <EmailAddress>firstname.lastname@example.org</EmailAddress> <Name></Name> </Scope> <Permission>FULL_CONTROL</Permission> </Entry> <Entry> <Scope type="GroupByEmail"> <EmailAddress>email@example.com</EmailAddress> </Scope> <Permission>WRITE</Permission> </Entry> </Entries> </AccessControlList>