HCP System Management Help


ACL permissions

Granting a permission in an ACL for a bucket gives the grantee certain data access permissions for that bucket. Granting a permission in an ACL for an individual object gives the user certain data access permissions just for that object.

The table below lists the permissions you can grant in an ACL and shows the data access permissions that correspond to each ACL permission. For more information on data access permissions, see Data access permissions.

ACL permission Data access permissions
Read Browse and read
Read ACP Read ACL
Write Write and delete
Write ACP Write ACL
Full control Browse, read, read ACL, write, write ACL, and delete

By default, a bucket or object owner that corresponds to an HCP user account or an object owner that corresponds to an AD user account has full control over the applicable bucket or object. For a bucket owner that corresponds to an AD user account, the permissions depend on the tenant configuration.

When adding an ACL to a bucket or object, you can grant only the permissions you already have for that bucket or object. For example, suppose you have read, read ACP, and write ACP permissions for an object. In this case, you can grant read, read ACP, and write ACP permissions for the object to other users, but you cannot grant write permission or full control.

Tenant administrators can change the permissions that users, including the bucket owner, have for a bucket. They cannot change the permissions users have for objects.

© 2017 Hitachi Vantara Corporation. All rights reserved.