Access control lists
An access control list (ACL) grants permissions to perform operations on an individual object to specified users or groups of users. An ACL can be specified as either XML or JSON. You add, replace, or delete an ACL in its entirety. You cannot modify it in place.
An ACL contains up to one thousand access control entries (ACEs). Each ACE specifies one user or one group of users and the permissions granted to that user or group. In the ACL body, an ACE is represented by the grant
entry.
When you specify an ACL for an object, you can grant only the permissions you already have. That is, you cannot use an ACL to grant permissions that exceed your own.
To add, replace, or delete an ACL, you use HTTP.
With HTTP, you use a GET request to retrieve an ACL for an object. With WebDAV, CIFS, and NFS, you view the ACL for an object in the acl.xml metafile.
HCP provides two predefined ACLs that you can specify when storing an object:
all_read
Allows any user, authenticated or anonymous, to view and retrieve the object
auth_read
Allows any authenticated user to view and retrieve the object
The use of ACLs is enabled on a per-namespace basis. In namespaces where ACLs are enabled, the namespace can be configured to either enforce or ignore the permissions granted by ACLs. To find out the ACL settings for a namespace, contact your tenant administrator.