Complex ACL policies?



Is this available at DreamObjects?

[php]use Aws\S3\Enum\Permission;
use Aws\S3\Enum\Group;
use Aws\S3\Model\AcpBuilder;

$acp = AcpBuilder::newInstance()
->addGrantForEmail(Permission::READ, ‘’)
->addGrantForUser(Permission::FULL_CONTROL, ‘user-id’)
->addGrantForGroup(Permission::READ, Group::AUTHENTICATED_USERS)

‘Bucket’ => ‘mybucket’,
‘Key’ => ‘data.txt’,
‘SourceFile’ => ‘/path/to/data.txt’,
‘ACP’ => $acp

Basically I want to fine control access to my objects and specially allow particular users to download them. The users are identified by an email and a password. Is this possible with DreamObjects?


The underlying storage system of DreamObjects, called Ceph, does not yet support creating policies on buckets or objects. It only supports canned ACLs. Whenever Ceph is updated to include additional features like this, we’ll upgrade to provide the additional functionality.


Also, keep in mind that the sample code you’ve posted does not have the effect that you’re hoping for! Whether they are in DreamObjects or other compatible storage services, objects that are not public can only be accessed using a signed URL or using appropriate client software. There is no provision for a password-based login in the protocol.