ACL grantees
An ACL can grant permissions to individual users or to groups of users. An individual user is represented by either an HCP user account or, for object ACLs only, an AD user account. A group can be either all authenticated users or all users (both authenticated and anonymous).
To specify an HCP user account, you can use either the account username or the account user ID. To specify an AD user account, you can use either the account user name followed by an at sign (@) and the AD domain name (for example, sgold@ad-1.example.com
) or the security ID (SID) for the account.
To specify the group of all authenticated users, you can use either the name authenticated
or this URI:
http://acs.amazonaws.com/groups/global/AuthenticatedUsers
To specify the group of all users, you use either the name all_users
or this URI:
http://acs.amazonaws.com/groups/global/AllUsers
The names authenticated
and all_users
are case sensitive. In the URIs, AuthenticatedUsers
and AllUsers
are case sensitive.