ECS: A limited number of objects are inaccessible, HTTP 403
Summary: A limited number of objects are inaccessible, HTTP 403.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
A limited number of Objects in the bucket are inaccessible.
HTTP 403 is returned.
Cause
- Object missing "READ" permissions.
- Example of an object with correct permissions for a group of users:
admin@seapecsr3n1:/usr/share/s3curl> sudo ./s3curl.pl --id prod -- http://xxxx.com:9020/dsa-prod-jpg-master/216/80/611508612.jpg?acl | xmllint --format - % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 646 100 646 0 0 8190 0 --:--:-- --:--:-- --:--:-- 8282 <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <AccessControlPolicy xmlns="http://s3.amazonaws.com/doc/2006-03-01/"> <Owner> <ID>dsa-prod</ID> <DisplayName>dsa-prod</DisplayName> </Owner> <AccessControlList> <Grant> <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser"> <ID>dsa-prod</ID> <DisplayName>dsa-prod</DisplayName> </Grantee> <Permission>FULL_CONTROL</Permission> </Grant> <Grant> <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group"> <URI>http://acs.amazonaws.com/groups/global/AllUsers</URI> </Grantee> <Permission>READ</Permission> </Grant> </AccessControlList> </AccessControlPolicy>
- Example of object incorrect permissions:
admin@seapecsr3n1:/usr/share/s3curl> sudo ./s3curl.pl --id prod -- http://xxxx.com:9020/dsa-prod-jpg-master/272/35/642253272.jpg?acl | xmllint --format - % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 454 100 454 0 0 2072 0 --:--:-- --:--:-- --:--:-- 2082 <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <AccessControlPolicy xmlns="http://s3.amazonaws.com/doc/2006-03-01/"> <Owner> <ID>dsa-prod</ID> <DisplayName>dsa-prod</DisplayName> </Owner> <AccessControlList> <Grant> <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser"> <ID>dsa-prod</ID> <DisplayName>dsa-prod</DisplayName> </Grantee> <Permission>FULL_CONTROL</Permission> </Grant> </AccessControlList> </AccessControlPolicy>
Resolution
- Add correct permissions to the object.
- Example (base url) of adding "READ" permissions for single object:
curl -X PUT http://xxxx.com:9020/dsa-prod-jpg-master/272/35/642253272.jpg?acl -H "x-amz-grant-full-control: READ"
- Reference the following AWS article for additional methods:
https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectPUTacl.html
Affected Products
ECS ApplianceProducts
ECS Appliance, ECS Appliance Hardware Gen1 U-Series, ECS Appliance Software with Encryption, ECS Appliance Software without EncryptionArticle Properties
Article Number: 000030765
Article Type: Solution
Last Modified: 02 July 2025
Version: 4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.