Class AWS::S3::ACL::Grantee
In: lib/aws/s3/acl.rb
Parent: Object

Grants bestow a access permission to grantees. Each grant of some access control list Policy is associated with a grantee. There are three ways of specifying a grantee at the time of this writing.

  • By canonical user - This format uses the id of a given Amazon account. The id value for a given account is available in the
 Owner object of a bucket, object or policy. = 'bb2041a25975c3d4ce9775fe9e93e5b77a6a9fad97dc7e00686191f3790b13f1'

Often the id will just be fetched from some owner object. =
  • By amazon email address - You can specify an email address for any Amazon account. The Amazon account need not be signed up with the S3 service.

though it must be unique across the entire Amazon system. This email address is normalized into a canonical user representation once the grant has been sent back up to the S3 servers.

  grantee.email_address = ''
  • By group - As of this writing you can not create custom groups, but Amazon provides three group that you can use. See the documentation for the method for details. = 'Authenticated'


group   group=   new   to_xml   type  

Included Modules


Public Class methods


     # File lib/aws/s3/acl.rb, line 390
390:         def initialize(attributes = {})
391:           # Set default values for attributes that may not be passed in but we still want the object
392:           # to respond to
393:           attributes = {'id' => nil, 'display_name' => nil, 'email_address' => nil, 'uri' => nil}.merge(attributes)
394:           @attributes = attributes
395:           extract_type!
396:           yield self if block_given?
397:         end

Public Instance methods

Returns the grantee’s group. If the grantee is not a group, nil is returned.


     # File lib/aws/s3/acl.rb, line 434
434:         def group
435:           return unless uri
436:           uri[%r([^/]+$)]
437:         end

Sets the grantee’s group by name. = 'AllUsers'

Currently, valid groups defined by S3 are:

  • AllUsers: This group represents anyone. In other words, an anonymous request.
  • Authenticated: Any authenticated account on the S3 service.
  • LogDelivery: The entity that delivers bucket access logs.


     # File lib/aws/s3/acl.rb, line 428
428:         def group=(group_name)
429:           section  = %w(AllUsers Authenticated).include?(group_name) ? 'global' : 's3'
430:           self.uri = "{section}/#{group_name}"
431:         end

The xml representation of the current grantee object.


     # File lib/aws/s3/acl.rb, line 400
400:         def to_xml
402:         end

Returns the type of grantee. Will be one of CanonicalUser, AmazonCustomerByEmail or Group.


     # File lib/aws/s3/acl.rb, line 405
405:         def type
406:           return attributes['type'] if attributes['type']
408:           # Lookups are in order of preference so if, for example, you set the uri but display_name and id are also
409:           # set, we'd rather go with the canonical representation.
410:           if display_name && id
411:             'CanonicalUser'
412:           elsif email_address
413:             'AmazonCustomerByEmail'
414:           elsif uri
415:             'Group'
416:           end
417:         end