Reputation: 4339
IBM Cloud Object Storage, cannot modify object ACL permissions
Using the Node.js SDK for IBM Cloud Object Storage, I can successfully create new objects with the public-read ACL setting.
var params = {Bucket: 'bucket', Key: 'key', Body: stream, ACL: 'public-read`};
s3.upload(params, function(err, data) {
console.log(err, data);
});
Files can be accessed without authentication once uploaded.
However, once a file is uploaded, trying to update the ACL permissions to turn a private file to public-read fails with Access Denied errors.
var params = {Bucket: 'bucket', Key: 'key', Body: stream, ACL: 'public-read`};
s3.putObjectAcl(params, function(err, data) {
console.log(err, data);
})
This is the error message return in the response.
{
"errorMessage": "Access Denied",
"errorType": "Error"
}
Retrieving the ACL using getObjectAcl also fails with the same issue.
Upvotes: 0
Views: 367
Answers (1)
Reputation: 4339
Authentication credentials must have the Manager role to access and modify ACLs for existing objects.
Check the role assigned to your service identifier. If you can create new objects, you may have the Writer role rather than the Manager.
More details on the permissions model can be found here: https://console.bluemix.net/docs/services/cloud-object-storage/iam/buckets.html#bucket-permissions
Upvotes: 1
Related Questions
- IBM Cloud Object Storage: Unable to create a bucket
- Google cloud storage permission only on some object
- How to grant/revoke an access to Cloud Object Storage resource automatically?
- Having trouble with get/setObjectAcl to ibm cloud object storage service
- ibm cloud object storage upload from CD pipeline - access denied
- IBM Cloud Object Storage credentials
- Connecting to Object Storage on Node-Red
- Get "TypeError: Key must be a buffer" when DELETE an Object using "ibm-cos-sdk"
- Node - Bluemix Object Storage
- How to upload file to Object Storage in Bluemix (by nodejs)