The following describes the exact formatting requirements of the Google ACL XML.
namespace rng = "http://relaxng.org/ns/structure/1.0" LengthLimitedString = xsd:string { minLength = "0" maxLength = "1024" } LengthLimitedIdString = xsd:string { minLength = "0" maxLength = "1024" pattern = "[a-fA-F0-9\s]*" } ScopeStringById = xsd:string { pattern = "([Uu][Ss][Ee][Rr][Bb][Yy][Ii][Dd])|([Gg][Rr][Oo][Uu][Pp][Bb][Yy][Ii][Dd])" } ScopeStringByEmail = xsd:string { pattern = "([Uu][Ss][Ee][Rr][Bb][Yy][Ee][Mm][Aa][Ii][Ll])|([Gg][Rr][Oo][Uu][Pp][Bb][Yy][Ee][Mm][Aa][Ii][Ll])" } ScopeStringByDomain = xsd:string { pattern = "([Gg][Rr][Oo][Uu][Pp][Bb][Yy][Dd][Oo][Mm][Aa][Ii][Nn])" } ScopeStringByAllUsers = xsd:string { pattern = "([Aa][Ll][Ll][Uu][Ss][Ee][Rr][Ss])|([Aa][Ll][Ll][Aa][Uu][Tt][Hh][Ee][Nn][Tt][Ii][Cc][Aa][Tt][Ee][Dd][Uu][Ss][Ee][Rr][Ss])" } start |= AccessControlList AccessControlList = element AccessControlList { ## The owner of the object for this ACL. This element is ignored by Google Cloud Storage as the object owner is always assumed to have full control. element Owner { ## Google-storage-id of the owner. element ID { LengthLimitedIdString }, ## Name of the owner. element Name { LengthLimitedString }? }? & ## 0 or more ACL entries to be applied to the object. element Entries { ## An ACL entry for the object. element Entry { ## Who the permission applies to. Child element inclusion is based on the attribute type. ( ( element Scope { ( ## Google-storage-ID to be granted permission. element ID { LengthLimitedIdString } & ## Name of the entity to be granted permission. element Name { LengthLimitedString }? ), attribute type { ScopeStringById } } ) | ( element Scope { ( ## Email address to be granted permission. element EmailAddress { LengthLimitedString } & ## Name of the entity to be granted permission. element Name { LengthLimitedString }? ), attribute type { ScopeStringByEmail } } ) | ( element Scope { ( ## Domain name to be granted permission. element Domain { LengthLimitedString } ), attribute type { ScopeStringByDomain } } ) | ( element Scope { (empty), attribute type { ScopeStringByAllUsers } } ) ) & ## Type of permission being granted. element Permission { xsd:string { pattern = "\s*READ\s*|\s*WRITE\s*|\s*FULL_CONTROL\s*" } } }* }? }