Get Permissions
GET
/api/repo/s3/acls?id=/test-bucket/archive/testdoc.txt
{
"success": true,
"results": [
"7cfbdbb50b0682227896f2b416777d4d74906ded4df472db3ace75768962c134:(adminuser):FULL_CONTROL"
]
}
Set Permissions
POST /api/repo/s3/acls?id=/test-bucket/archive/testdoc.txt
To add a user to a document, you can use their canonical id or email
Requires a JSON as a request body in the following format:
{"7cfb11150b0682227896f2b416777d4d74906ded4df472db3ace75769062c134":"READ"}
or
{"testuser@gmail.com":"READ"}
which will result in
{
"success": true,
"results": [
"7cfbdbb50b0682227896f2b416777d4d74906ded4df472db3ace75768962c134:(adminuser):FULL_CONTROL",
"7cfb11150b0682227896f2b416777d4d74906ded4df472db3ace75769062c134:(testuser):READ"
]
}
To add a group, you’ll need the group’s URI, such as:
{"http://acs.amazonaws.com/groups/s3/LogDelivery":"WRITE"}
resulting in
{
"success": true,
"results": [
"7cfbdbb50b0682227896f2b416777d4d74906ded4df472db3ace75768962c134:(adminuser):FULL_CONTROL",
"http://acs.amazonaws.com/groups/s3/LogDelivery:(Group):WRITE"
]
}
Delete Permissions
DELETE
/api/repo/s3/acls?id=/test-bucket/archive/testdoc.txt&aclId=7cfb11150b0682227896f2b416777d4d74906ded4df472db3ace75769062c134
The aclId parameter can either be the Canonical ID of a user, or the url of the group.
The return will simply be the aclId, but a follow up GET call will produce
{
"success": true,
"results": [
"7cfbdbb50b0682227896f2b416777d4d74906ded4df472db3ace75768962c134:(adminuser):FULL_CONTROL"
]
}
The items before the semicolon is called the canonical ID of the user. It can be used to remove or update permissions for the user.
Groups use a url instead of a Canonical ID. Such as http://acs.amazonaws.com/groups/global/AllUsers. They will appear as <url>:(Group):<Permission>