Represents an Amazon S3 Access Control List (ACL), including the ACL's set of grantees and the permissions assigned to each grantee.
Each bucket and object in Amazon S3 has an ACL that defines its access control policy. When a request is made, Amazon S3 authenticates the request using its standard authentication procedure and then checks the ACL to verify the sender was granted access to the bucket or object. If the sender is approved, the request proceeds. Otherwise, Amazon S3 returns an error.
An ACL contains a list of grants. Each grant consists of one grantee and one permission. ACLs only grant permissions; they do not deny them.
For convenience, some commonly used ACLs are defined in {@link CannedAccessControlList}.
Note: Bucket and object ACLs are completely independent; an object does not inherit an ACL from its bucket. For example, if you create a bucket and grant write access to another user, you will not be able to access the user's objects unless the user explicitly grants access. This also applies if you grant anonymous write access to a bucket. Only the user "anonymous" will be able to access objects the user created unless permission is explicitly granted to the bucket owner.
Important: Do not grant the anonymous group write access to buckets, as you will have no control over the objects others can store and their associated charges. For more information, see {@link Grantee} and {@link Permissions}.
@see CannedAccessControlListAccessControlList
is an AccessControlPolicy
representing a list of {@link AccessControlEntry access control entries}. It is mutable before being {@link AccessControlManager#setPolicy(String,AccessControlPolicy) set}to the AccessControlManager and consequently defines methods to read and mutate the list i.e. to get, add or remove individual entries.
@since JCR 2.0
@author James Murty
|
|
|
|
|
|
|
|
|
|
|
|