When using Alibaba Cloud OSS, you can set access control in three different levels, which are bucket level, object level, and RAM account level. Bucket level access control is the highest level of access control, which determines whether a user can access the bucket and its objects. Bucket level access control can be set to public read/write, public read, or private. Object level access control is the second level of access control, which determines whether a user can access a specific object in the bucket. Object level access control can be set to inherit from the bucket, public read/write, public read, or private. RAM account level access control is the lowest level of access control, which determines whether a user can perform certain operations on the bucket or the object. RAM account level access control can be set by using RAM policies, which specify the actions, resources, and conditions for the access. References: Object Storage Service (OSS) - Alibaba Cloud Academy, Access Control - Alibaba Cloud Documentation Center