Oracle Cloud Infrastructure Documentation

Copying Objects

This topic describes how to copy objects in Object Storage. You can copy objects to other buckets in the same region and to buckets in other regions.

Required IAM Policy

To use Oracle Cloud Infrastructure, you must be given the required type of access in a An IAM document that specifies who has what type of access to your resources. It is used in different ways: to mean an individual statement written in the policy language; to mean a collection of statements in a single, named "policy" document (which has an Oracle Cloud ID (OCID) assigned to it); and to mean the overall body of policies your organization uses to control access to resources. written by an administrator, whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you try to perform an action and get a message that you don’t have permission or are unauthorized, confirm with your administrator the type of access you've been granted and which A collection of related resources that can be accessed only by certain groups that have been given permission by an administrator in your organization. you should work in.

If you're new to policies, see Getting Started with Policies and Common Policies.

Warning

Object copy does not work if you do not authorize the Object Storage service to copy objects on your behalf. See Service Permissions for more information.

User Permissions

You must have the required access to both the source and destination buckets when performing an object copy. You must also have permissions to manage objects in the source and destination buckets.

For administrators:

  • You can create a policy that lets the specified IAM group manage Object Storage namespaces, buckets, and their associated objects in all compartments in the tenancy:

    Allow group <IAM_group_name> to manage object-family in tenancy
  • Alternatively, you can create policies that reduce the scope of access. For example, to let the specified group manage only buckets and objects in a particular compartment in the tenancy:

    Allow group <IAM_group_name> to manage buckets in compartment <compartment_name>

For more information about other alternatives for writing policies, see Details for Object Storage, Archive Storage, and Data Transfer.

Service Permissions

Because Object Storage is a regional service, you must authorize the Object Storage service for each region carrying out copy operations on your behalf. For example, you might authorize the Object Storage service in region US East (Ashburn) to manage objects on your behalf. Once you authorize the Object Storage service and ensure that you have the required user permissions, you can copy an object stored in a US East (Ashburn) bucket to a bucket in another region.

To determine the region name value of an Oracle Cloud Infrastructure region, see Regions and Availability Domains .

For administrators:

To enable object copy, you must authorize the service to manage objects on your behalf:

  • You can create a policy that authorizes the service in the specified region to manage Object Storage namespaces, buckets, and their associated objects in all compartments in the tenancy:

    Allow service objectstorage-<region_name> to manage object-family in tenancy
  • Rather than use the policy verb manage, you can create a policy that reduces the scope of access by instead using one of the following statements:

    Allow service objectstorage-<region_name> to {OBJECT_READ, OBJECT_INSPECT, OBJECT_CREATE, OBJECT_OVERWRITE, OBJECT_DELETE} in tenancy
    Allow service objectstorage-<region_name> to {OBJECT_READ, OBJECT_INSPECT, OBJECT_CREATE, OBJECT_OVERWRITE, OBJECT_DELETE} in compartment <compartment_name>

Copy Object Work Requests

The Object Storage service handles copy requests asynchronously. The service creates a queue for copy requests, and then processes the requests when system resources become available. To provide visibility for in-progress copy operations, Object Storage creates a work request. You can track the progress of the copy operation by monitoring the status of the work request. 

The work request statuses are:

accepted
The copy request is in the work request queue to be processed.
in progress
The object copy is in progress.
succeeded
The copy operation has successfully completed.
canceling
The copy request is in the process of being canceled.
canceled
The copy request has been canceled.
failed
The copy operation has failed. Work requests that do not complete because of overwrite rules or insufficient user authorizations are assigned the failed status.

Copy Object Overwrite Rules

You can use overwrite rules to control the copying of objects based on their entity tag (ETag) values.

  • Overwrite destination object: Use this option when you do not want to limit a copy operation by an ETag value. This option is the default. This option can be used for any copy operation, regardless of whether it involves overwriting an existing object.
  • Do not overwrite any destination object: Use this option to prevent the overwriting an existing copy of an object in the destination location, regardless of the destination object's ETag value.
  • Overwrite destination object only if it matches the specified ETag: Use this option to prevent the accidental overwriting of an object in the destination location that does not have the specified ETag. When you use this option, the copy operation only succeeds if the ETag you supply when initiating the copy request matches the ETag of the destination object.
  • Copy object only if the source matches the specified ETag: Use this option if you want the copy operation successful only if the ETag you supply when initiating the copy request matches the ETag of the source object. For objects that are intentionally updated and overwritten as part of data management activity, this option ensures that only the specified version of the object (as indicated by the ETag) is allowed to be copied. If the object's ETag value changes after the copy work request is created, but before the copy operation is executed, the copy operation will not complete.

Warning

If you overwrite an object, the operation cannot be undone.

Scope and Constraints

  • Objects cannot be copied directly from Archive Storage. To copy objects that are currently in Archive Storage, you must first restore the object to the standard Object Storage tier. Objects can be copied directly to Archive Storage tier buckets from the standard Object Storage tier. When you copy objects into an Archive Storage bucket, the copy of the object is immediately archived.
  • Specify an existing target bucket for the copy request. The copy operation does not automatically create buckets.
  • When an object is copied, the destination object receives a new ETag value.
  • If you rename, overwrite, or delete a source object during a copy operation, the copy operation fails and the destination object is not created or overwritten.
  • Bulk copying is not supported. Identify a single object in the copy request.

Using the Console

The Console consumes the REST API and is subject to the same considerations as any Oracle Cloud Infrastructure client.

To make a copy of an object
To monitor the status of an object copy work request

Using the Command Line Interface (CLI)

For information about using the CLI, see Command Line Interface (CLI). For a complete list of flags and options available for CLI commands, see CLI Help.

To make a copy of an object
To get the status of an object copy work request
To get a list of work requests for a compartment
To cancel a copy object work request

Using the API

For information about using the API and signing requests, see REST APIs and Security Credentials. For information about SDKs, see Software Development Kits and Command Line Interface.

Use these operations to view and manage work requests for copy object operations: