Oracle Cloud Infrastructure Documentation

Changing an Object Storage Bucket's Visibility

Change the public or private visibility of an Object Storage bucket.

Buckets are private by default. For more information, see Public Buckets.

Important

If a bucket is in a security zone, you can't change its visibility from private to public. We recommend using pre-authenticated requests instead of public buckets. Pre-authenticated requests support authorization, expiry, and scoping capabilities that aren't possible with public buckets.

See Object Storage Pre-Authenticated Requests for details.

    1. On the Buckets list page, find the Object Storage bucket that you want to work with. If you need help finding the list page or the bucket, see Listing Buckets.
    2. From the Actions menu for the bucket you want, select Edit visibility.

      The Edit visibility panel opens.

    3. Select Public or Private.

      If you select Public to enable public access, decide whether you want to let users list the bucket contents. To set the visibility of bucket object lists, select Allow users to list objects from this bucket.

    4. Select Update.

  • Use the oci os bucket update command and required parameters to change the visibility of a bucket. Include the public-access-type parameter:

    oci os bucket update --name bucket_name --public-access-type [NoPublicAccess | ObjectRead | ObjectReadWithoutList] [OPTIONS]

    By default, the bucket is private. You can specify the bucket to be public by including the public-access-type parameter and one of its supported values:

    • NoPublicAccess: Allows only an authenticated caller to access the bucket and bucket contents. This is the default visibility of a bucket.
    • ObjectReadWithoutList: Allows public access for the GetObject, HeadObject, and ListObjects operations.

    • ObjectRead: Allows public access for the GetObject and HeadObject operations.

    For example:

    oci os bucket update --name MyBucket --public-access-type ObjectRead
{
  "data": {
    "approximate-count": null,
    "approximate-size": null,
    "auto-tiering": null,
    "compartment-id": "ocid.compartment.oc1..exampleuniqueID",
    "created-by": "ocid1.user.oc1..exampleuniqueID",
    "defined-tags": {},
    "etag": "09ab3193-a441-43cc-a8e2-e468e94c7c60",
    "freeform-tags": {},
    "id": "ocid1.bucket.oc1..exampleuniqueID",
    "is-read-only": false,
    "kms-key-id": null,
    "metadata": {
      "department": "Finance"
    },
    "name": "MyBucket",
    "namespace": "MyNamespace",
    "object-events-enabled": false,					
    "object-lifecycle-policy-etag": null,
    "public-access-type": "ObjectRead",
    "replication-enabled": false,
    "storage-tier": "Standard",
    "time-created": "2020-06-22T19:04:05.879000+00:00",
    "versioning": "Disabled"
  },
  "etag": "09ab3193-a441-43cc-a8e2-e468e94c7c60"
}

    To configure a public bucket to be private, run the oci os bucket update command with the --public-access-type NoPublicAccess parameter and value.

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • This task can't be performed using the API.