Oracle Cloud Infrastructure Documentation

Changing an Object Storage Bucket's Visibility

Change the public or private visibility of an Object Storage bucket.

Buckets are private by default. For more information, see Public Buckets.

Important

If a bucket is in a security zone, you can't change its visibility from private to public. We recommend using pre-authenticated requests instead of public buckets. Pre-authenticated requests support authorization, expiry, and scoping capabilities that aren't possible with public buckets.

See Object Storage Pre-Authenticated Requests for details.

    1. Open the navigation menu and click Storage. Under Object Storage & Archive Storage, click Buckets.

    2. Select the compartment from the list under List Scope. All buckets in that compartment are listed in tabular form.

    3. Click the bucket whose details you want to get. The bucket's Details page appears.

    4. Find Visibility and click Edit. The Edit Visibility dialog box appears.

    5. Select Public or Private.

      If you select Public to enable public access, decide whether you want to let users list the bucket contents. To set the visibility of bucket object lists, click Allow users to list objects from this bucket.

    6. Click Save Changes.

  • Use the oci os bucket update command and required parameters to change the visibility of a bucket. Include the public-access-type parameter:

    oci os bucket update --name bucket_name --public-access-type [NoPublicAccess | ObjectRead | ObjectReadWithoutList] [OPTIONS]
    By default, the bucket is private. You can specify the bucket to be public by including the public-access-type parameter and one of its supported values:

    • NoPublicAccess: Allows only an authenticated caller to access the bucket and bucket contents. This is the default visibility of a bucket.

    • ObjectReadWithoutList: Allows public access for the GetObject, HeadObject, and ListObjects operations.

    • ObjectRead: Allows public access for the GetObject and HeadObject operations.

    For example:
    oci os bucket update --name MyBucket --public-access-type ObjectRead
{
  "data": {
    "approximate-count": null,
    "approximate-size": null,
    "auto-tiering": null,
    "compartment-id": "ocid.compartment.oc1..exampleuniqueID",
    "created-by": "ocid1.user.oc1..exampleuniqueID",
    "defined-tags": {},
    "etag": "09ab3193-a441-43cc-a8e2-e468e94c7c60",
    "freeform-tags": {},
    "id": "ocid1.bucket.oc1..exampleuniqueID",
    "is-read-only": false,
    "kms-key-id": null,
    "metadata": {
      "department": "Finance"
    },
    "name": "MyBucket",
    "namespace": "MyNamespace",
    "object-events-enabled": false,					
    "object-lifecycle-policy-etag": null,
    "public-access-type": "ObjectRead",
    "replication-enabled": false,
    "storage-tier": "Standard",
    "time-created": "2020-06-22T19:04:05.879000+00:00",
    "versioning": "Disabled"
  },
  "etag": "09ab3193-a441-43cc-a8e2-e468e94c7c60"
}
    To configure a public bucket to be private, run the oci os bucket update command with the --public-access-type NoPublicAccess parameter and value.

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • This task can't be performed using the API.