There are more AWS SDK examples available in the [AWS Doc SDK Examples](https://github.com/awsdocs/aws-doc-sdk-examples) GitHub repo. # Use `GetObjectAcl` with an AWS SDK or CLI The following code examples show how to use `GetObjectAcl`. Action examples are code excerpts from larger programs and must be run in context. You can see this action in context in the following code example: + [Manage access control lists (ACLs)](s3_example_s3_Scenario_ManageACLs_section.md) ------ #### [ C\$1\$1 ] **SDK for C\$1\$1** There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/s3#code-examples). ``` bool AwsDoc::S3::getObjectAcl(const Aws::String &bucketName, const Aws::String &objectKey, const Aws::S3::S3ClientConfiguration &clientConfig) { Aws::S3::S3Client s3Client(clientConfig); Aws::S3::Model::GetObjectAclRequest request; request.SetBucket(bucketName); request.SetKey(objectKey); Aws::S3::Model::GetObjectAclOutcome outcome = s3Client.GetObjectAcl(request); if (!outcome.IsSuccess()) { const Aws::S3::S3Error &err = outcome.GetError(); std::cerr << "Error: getObjectAcl: " << err.GetExceptionName() << ": " << err.GetMessage() << std::endl; } else { Aws::Vector grants = outcome.GetResult().GetGrants(); for (auto it = grants.begin(); it != grants.end(); it++) { std::cout << "For object " << objectKey << ": " << std::endl << std::endl; Aws::S3::Model::Grant grant = *it; Aws::S3::Model::Grantee grantee = grant.GetGrantee(); if (grantee.TypeHasBeenSet()) { std::cout << "Type: " << getGranteeTypeString(grantee.GetType()) << std::endl; } if (grantee.DisplayNameHasBeenSet()) { std::cout << "Display name: " << grantee.GetDisplayName() << std::endl; } if (grantee.EmailAddressHasBeenSet()) { std::cout << "Email address: " << grantee.GetEmailAddress() << std::endl; } if (grantee.IDHasBeenSet()) { std::cout << "ID: " << grantee.GetID() << std::endl; } if (grantee.URIHasBeenSet()) { std::cout << "URI: " << grantee.GetURI() << std::endl; } std::cout << "Permission: " << getPermissionString(grant.GetPermission()) << std::endl << std::endl; } } return outcome.IsSuccess(); } //! Routine which converts a built-in type enumeration to a human-readable string. /*! \param type: Type enumeration. \return String: Human-readable string */ Aws::String getGranteeTypeString(const Aws::S3::Model::Type &type) { switch (type) { case Aws::S3::Model::Type::AmazonCustomerByEmail: return "Email address of an AWS account"; case Aws::S3::Model::Type::CanonicalUser: return "Canonical user ID of an AWS account"; case Aws::S3::Model::Type::Group: return "Predefined Amazon S3 group"; case Aws::S3::Model::Type::NOT_SET: return "Not set"; default: return "Type unknown"; } } //! Routine which converts a built-in type enumeration to a human-readable string. /*! \param permission: Permission enumeration. \return String: Human-readable string */ Aws::String getPermissionString(const Aws::S3::Model::Permission &permission) { switch (permission) { case Aws::S3::Model::Permission::FULL_CONTROL: return "Can read this object's data and its metadata, " "and read/write this object's permissions"; case Aws::S3::Model::Permission::NOT_SET: return "Permission not set"; case Aws::S3::Model::Permission::READ: return "Can read this object's data and its metadata"; case Aws::S3::Model::Permission::READ_ACP: return "Can read this object's permissions"; // case Aws::S3::Model::Permission::WRITE // Not applicable. case Aws::S3::Model::Permission::WRITE_ACP: return "Can write this object's permissions"; default: return "Permission unknown"; } } ``` + For API details, see [GetObjectAcl](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/GetObjectAcl) in *AWS SDK for C\$1\$1 API Reference*. ------ #### [ CLI ] **AWS CLI** The following command retrieves the access control list for an object in a bucket named `amzn-s3-demo-bucket`: ``` aws s3api get-object-acl --bucket amzn-s3-demo-bucket --key index.html ``` Output: ``` { "Owner": { "DisplayName": "my-username", "ID": "7009a8971cd538e11f6b6606438875e7c86c5b672f46db45460ddcd087d36c32" }, "Grants": [ { "Grantee": { "DisplayName": "my-username", "ID": "7009a8971cd538e11f6b6606438875e7c86c5b672f46db45460ddcd087d36c32" }, "Permission": "FULL_CONTROL" }, { "Grantee": { "URI": "http://acs.amazonaws.com/groups/global/AllUsers" }, "Permission": "READ" } ] } ``` + For API details, see [GetObjectAcl](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/s3api/get-object-acl.html) in *AWS CLI Command Reference*. ------ #### [ Kotlin ] **SDK for Kotlin** There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/s3#code-examples). ``` suspend fun getBucketACL( objectKey: String, bucketName: String, ) { val request = GetObjectAclRequest { bucket = bucketName key = objectKey } S3Client.fromEnvironment { region = "us-east-1" }.use { s3 -> val response = s3.getObjectAcl(request) response.grants?.forEach { grant -> println("Grant permission is ${grant.permission}") } } } ``` + For API details, see [GetObjectAcl](https://sdk.amazonaws.com/kotlin/api/latest/index.html) in *AWS SDK for Kotlin API reference*. ------ #### [ PowerShell ] **Tools for PowerShell V5** **Example 1: The command gets the details of the object owner of the S3 object.** ``` (Get-S3ObjectACL -BucketName 'amzn-s3-demo-bucket' -key 'initialize.ps1' -Select *).Owner ``` **Output:** ``` DisplayName Id ----------- -- testusername 9988776a6554433d22f1100112e334acb45566778899009e9887bd7f66c5f544 ``` + For API details, see [GetObjectAcl](https://docs.aws.amazon.com/powershell/v5/reference) in *AWS Tools for PowerShell Cmdlet Reference (V5)*. ------ #### [ Python ] **SDK for Python (Boto3)** There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/s3/s3_basics#code-examples). ``` class ObjectWrapper: """Encapsulates S3 object actions.""" def __init__(self, s3_object): """ :param s3_object: A Boto3 Object resource. This is a high-level resource in Boto3 that wraps object actions in a class-like structure. """ self.object = s3_object self.key = self.object.key def get_acl(self): """ Gets the ACL of the object. :return: The ACL of the object. """ try: acl = self.object.Acl() logger.info( "Got ACL for object %s owned by %s.", self.object.key, acl.owner["DisplayName"], ) except ClientError: logger.exception("Couldn't get ACL for object %s.", self.object.key) raise else: return acl ``` + For API details, see [GetObjectAcl](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/GetObjectAcl) in *AWS SDK for Python (Boto3) API Reference*. ------ #### [ SAP ABAP ] **SDK for SAP ABAP** There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/s3#code-examples). ``` TRY. oo_result = lo_s3->getobjectacl( " oo_result is returned for testing purposes. " iv_bucket = iv_bucket_name iv_key = iv_object_key ). MESSAGE 'Retrieved object ACL.' TYPE 'I'. CATCH /aws1/cx_s3_nosuchbucket. MESSAGE 'Bucket does not exist.' TYPE 'E'. CATCH /aws1/cx_s3_nosuchkey. MESSAGE 'Object key does not exist.' TYPE 'E'. ENDTRY. ``` + For API details, see [GetObjectAcl](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html) in *AWS SDK for SAP ABAP API reference*. ------