Managing Objects

If you're new to policies, see Getting Started with Policies and Common Policies.

For administrators:

• The policy Let Object Storage admins manage buckets and objects lets the specified group do everything with buckets and objects. Objects always reside in the same compartment as the bucket.
• If you need to write a more restrictive policy for objects, the inspect objects lets you list all the objects in a bucket and do a HEAD operation for a particular object. In comparison, read objects lets you download the object itself.
• If you create more restrictive policies that grant individual permissions:
  • OBJECT_VERSION_DELETE is required to delete previous object versions on your behalf using lifecycle policies.
  • OBJECT_UPDATE_TIER is required to change the storage tier of an object.

See Details for Object Storage, Archive Storage, and Data Transfer for more information on Object Storage user permissions.

Pre-authenticated requests provide a way to let users access a bucket or object without having their own credentials. For example, you can create a request that lets a user upload backups to a bucket without owning API keys. See Using Pre-Authenticated Requests for details.

Unlike other resources, objects do not have Oracle Cloud Identifiers (OCIDs). Instead, users define an object name when they upload an object.

Use the following guidelines when naming an object:

• Use from 1 to 1024 characters.
• Valid characters are letters (upper or lower case), numbers, and characters other than line feed, carriage return, and NULL.
  Important
  
  Bucket names and object names are case-sensitive. Object Storage handles q3-field-assets.xslx and Q3-Field-Assets.XSLX as separate objects.
• Use only Unicode characters for which the UTF-8 encoding does not exceed 1024 bytes. Clients are responsible for URL-encoding characters.
• Avoid entering confidential information.
• Make the name unique within the bucket. Do not use the name of an existing object within the bucket when naming an object unless you intend to overwrite the existing object with the contents of the new or renamed object.

Within an Object Storage namespace, buckets and objects exist in a flat structure. However, you can simulate a directory structure by adding a prefix string that includes one or more forward slashes (/) to an object name. Doing so lets you list one directory at a time, which is helpful when navigating a large set of objects.

For example:

marathon/finish_line.jpg
marathon/participants/p_21.jpg

If you added prefixes to object names, you can:

• Use the CLI or API to perform bulk downloads and bulk deletes of all objects at a specified level of the hierarchy.
• Use the Console to display a hierarchical view of your objects in virtual folders. In the previous example, marathon would be displayed as a folder containing an object named finish_line.jpg and participants would be a subfolder of marathon, containing an object named p_21.jpg. You can bulk upload objects to any level of the hierarchy and perform bulk deletes of all the objects in a bucket or folder.

Bulk operations at a specified level of the hierarchy do not affect objects in any level above.

When naming objects, you can also use prefix strings without a delimiter. No delimiters would allow search operations in the Console and certain bulk operations in the CL or API to match on the prefix portion of the object name. For example, in the object names below, the string gloves_27_ can serve as a prefix for matching purposes when performing bulk operations:

gloves_27_dark_green.jpg
gloves_27_light_blue.jpg	

When you perform bulk uploads with the Console, CLI, or API, you can prepend a prefix string to the names of the files you are uploading.

For hierarchy and prefix string details for a particular management interface, see the individual tasks in Managing Buckets.

When you upload objects, you can provide optional response headers and user-defined metadata. Response headers are HTTP headers sent from Object Storage to Object Storage clients when objects are downloaded. User-defined metadata are name-value pairs stored with an object. You can use the Console, REST API, or CLI to provide these optional attributes.

You can specify values for the following response headers:

• Content-Disposition

  Defines presentation only information for the object. Specifying values for this header has no effect on Object Storage behavior. Programs that read the object determine what to do based on the value provided. For example, you could use this header to let users download objects with custom file names in a browser:

  attachment; filename="fname.ext"

  See https://tools.ietf.org/html/rfc2616#section-19.5.1 for more information.

• Cache-Control

  Defines the caching behavior for the object. Specifying values for this header has no effect on Object Storage behavior. Programs that read the object determine what to do based on the value provided. For example, you could use this header to identify objects that require caching restrictions:

  no-cache, no-store

  See https://tools.ietf.org/html/rfc2616#section-14.9 for more information.

You specify user-defined metadata in the form of name-value pairs. User-defined metadata names are stored and returned to Object Storage clients with the mandatory prefix of opc-meta-.

Object Lifecycle Management lets you automatically manage the deletion of uncommitted multipart uploads, the movement of objects to a different storage tier, and the deletion of supported resources on your behalf within a given bucket. These automated actions are based on rules that you define and manage. See Using Object Lifecycle Management for more information about this feature.

The Oracle Cloud Infrastructure Object Storage service supports multipart uploading and downloading for objects.

• For information about the API and CLI multipart uploading functionality, see Using Multipart Uploads.
• For CLI information on multipart downloading, see downloading an object using multipart download.
• For API documentation related to multipart downloading, see the GetObject API call and its range parameter.

For more information about monitoring objects, see Object Storage Metrics.

You can create automation based on state changes for your Oracle Cloud Infrastructure resources by using event types, rules, and actions. For more information, see Overview of Events.

Storage Gateway is another way you can upload objects to and download objects from Oracle Cloud Infrastructure Object Storage.

Storage Gateway is installed in an Oracle Cloud Infrastructure compute instance or as a Linux Docker instance on one or more hosts in your on-premises data center. Applications store and retrieve objects from Oracle Cloud Infrastructure Object Storage through file systems that you create in Storage Gateway. Storage Gateway exposes an NFS mount point that can be mounted to any host that supports an NFSv4 client. The Storage Gateway mount point maps to an Object Storage bucket to upload and download objects.

See Overview of Storage Gateway for details.