sets permission for bucket(s) or file(s) for specified user(s). You can use + (plus sign) for add grant and - (minus sign) for remove grant

setacl <BUCKET_OR_FILE> [--acl PERMISSION_TYPE] [--grant USER=PERMISSION[+|-]
          [,PERMISSION[+|-]...]] [--grant-auth-users PERMISSION[+|-]
          [,PERMISSION[+|-]...]] [--grant-all-users PERMISSION[+|-]
          [,PERMISSION[+|-]...]] [--grant-log-delivery PERMISSION[+|-]
          [,PERMISSION[+|-]...]] [--reset] [-y|--noprompt]
           [--exclude-olderthan INPUT] [--exclude-newerthan INPUT]
           [-r|--recursive] [-c|--continue-onerror] [--auth NAME] [--region NAME]
           [--accesskey YOUR_ACCESS_KEY] [--secretkey YOUR_SECRET_KEY]
           [--serviceurl URL] [--threads COUNT] [--consoleout FILEPATH]
           [-v|--verbose] [-w|--wait] [-i|--interactive] 

Alias: setper, setpermission

Parameter	Description
<BUCKET_OR_FILE>	Bucket or file name for which you want to grant permission. Use wild card pattern to list multiple items. e.g. myfile*.txt or myfile_???_*.txt
--acl PERMISSION_TYPE	Predefined permission type for object. Possible values are [noacl | private | public-read | public-read-write | authenticated-read | bucket-owner-read | bucket-owner-full-control | log-delivery-write].
--grant	Grant(s) you want to add or remove for file(s). You can specify grant option multiple times to add/remove grants for multiple user. For example to add read and write permission for user1 and remove write permission of user2 do this way: --grant "user1=READ+,WRITE" --grant "user2=WRITE+" . Valid permissions are FULL, READ, WRITE, READ_ACP, WRITE_ACP, RESTORE
--grant-auth-users PERMISSION[+|-][,PERMISSION[+|-]...]	Grant(s) for AuthenticatedUsers aws inbuilt user group. Use this option to add or remove grants. For example to add read and write permission do this way: --grant-auth-users "READ+,WRITE+" to remove WRITE permission suffix minus sign (e.g. --grant-auth-users WRITE- ). Valid permissions are FULL, READ, WRITE, READ_ACP, WRITE_ACP, RESTORE
--grant-all-users PERMISSION[+|-][,PERMISSION[+|-]...]	Grant(s) for AllUsers aws inbuilt user group. Use this option to add or remove grants. For example to add read and write permission do this way: --grant-all-users "READ+,WRITE+" to remove WRITE permission suffix minus sign (e.g. --grant-all-users WRITE- ). Valid permissions are FULL, READ, WRITE, READ_ACP, WRITE_ACP, RESTORE
--grant-log-delivery PERMISSION[+|-][,PERMISSION[+|-]...]	Grant(s) for LogDelivery aws inbuilt user group. Use this option to add or remove grants. For example to add read and write permission do this way: --grant-log-delivery "READ+,WRITE+" to remove WRITE permission suffix minus sign (e.g. --grant-log-delivery WRITE- ). Valid permissions are FULL, READ, WRITE, READ_ACP, WRITE_ACP, RESTORE
--reset	Reset grants to default and apply specified grants (if grants not specified existing grants removed).
-y | --noprompt	Do not prompt
--exclude-olderthan	Exclude files if they are older than specified period. You may use format specifier or exact date/datetime. Period format specifiers are d,h,m or s (days, hours, minutes or seconds). Example: 5d = (5 days), 5h=(5 hours), 5m=(5 hours), 5s=5s=(5 second), "2015-12-31 11:59:59"=(exact date+time), "2015-12-31"=(exact date)
--exclude-newerthan	Exclude files if they are newer than specified period. You may use format specifier or exact date/datetime. Period format specifiers are d,h,m or s (days, hours, minutes or seconds). Example: 5d = (5 days), 5h=(5 hours), 5m=(5 hours), 5s=5s=(5 second), "2015-12-31 11:59:59"=(exact date+time), "2015-12-31"=(exact date)
-r | --recursive	Scan recursive
-c | --continue-onerror	Continue on error such as specified file is missing at source
--auth NAME	Credential entry name. This entry name must exist (previously saved using setauth command)
--region NAME	Region where requests should be redirected. If you don't specify region then all requests are first directed to US Standard Region (us-east-1) for name resolution. If you want to create new bucket in a specific region or you want to reduce latency in name resolution then specify this parameter.. Possible values are [us-west-1 | us-west-2 | eu-west-1 | eu-central-1 | ap-southeast-1 | ap-southeast-2 | ap-northeast-1 | sa-east-1]
--accesskey YOUR_ACCESS_KEY	Cloud account access key
--secretkey YOUR_SECRET_KEY	Cloud account secret key
--serviceurl URL	Service url for cloud service e.g. --serviceurl https://s3-us-west-2.amazonaws.com
--threads COUNT	Number of concurrent operations. If you don't specify then system will use default settings to optimize transfer.
--consoleout FILEPATH	Captures console output and saves to file
-v | --verbose	Log verbosity level. -v means detailed, If you don't specify this option then minimum logging will be done.
-w | --wait	Wait for user input before exit
-i | --interactive	Continue in interactive mode after this command is completed. This switch is not applicable if you already in interactive mode

Examples
Change bucket mybkt permission to public read for all files so anonymous user can read it setacl mybkt public-read
Make bucket mybkt private setacl mybkt private
Assign READ and WRITE permission on each text file in bucket mybkt for user1, remove WRITE permission for user2. setacl mybkt/*.txt --grant user1=READ+,WRITE+ --grant user2=WRITE-