Skip to main content

Change Object Visibility

By default, all objects in QStorage are private, meaning only the object owner has permission to access them. However, you can modify object permissions to make them accessible to others or even publicly available.

Object Access Control

QStorage provides several ways to control access to your objects:

  1. Access Control Lists (ACLs): Define who can access objects and what actions they can perform.
  2. Bucket Policies: Apply permissions to all objects within a bucket.
  3. Presigned URLs: Generate temporary URLs that grant time-limited access to objects.

Making Objects Public

You can make an object publicly accessible, allowing anyone to read it without authentication. Read more about privacy here.

# Make an object public
qcli s3api put-object-acl --bucket bucket-name --acl public-read

# Make multiple objects public
qcli s3api put-object-acl --bucket bucket-name --prefix directory/ --acl public-read --recursive

Making Objects Private

If you've previously made an object public, you can make it private again.

# Make an object private
qcli s3api put-object-acl --bucket bucket-name --acl private

# Make multiple objects private
qcli s3api put-object-acl --bucket bucket-name --prefix directory/ --acl private --recursive

Best Practices for Object Visibility

  1. Default to Private: Keep objects private by default and only make them public when necessary.

  2. Use Presigned URLs: Instead of making objects public, use presigned URLs to grant temporary access.

  3. Regular Audits: Regularly audit your object permissions to ensure they align with your security requirements.

  4. Least Privilege: Apply the principle of least privilege by granting only the permissions necessary for the intended use case.

  5. Consider Encryption: For sensitive data, consider using encryption in addition to access controls.