HCP System Management Help


Data access permissions

Data access permissions allow users to access namespace content and some information about namespaces. These permissions are namespace specific. That is, they are granted separately for individual namespaces.

The data access permissions that can be associated with user and group accounts for any given namespace are:

Browse — Lets users list directory contents.

Read — Lets users:

oView and retrieve objects, including the system and custom metadata for objects

oView and retrieve previous versions of objects

oCheck the existence of objects

oList annotations for objects

For this permission to granted, users must also have browse permission.

Read ACL — Lets users view and retrieve object ACLs.

Write — Lets users:

oAdd objects to the namespace

oModify system metadata (except retention hold)

oAdd or replace custom metadata

Write ACL — Lets users add, replace, and delete object ACLs.

Change owner — Lets users change the owners of objects in the namespace.

Delete — Lets users delete objects, custom metadata, and ACLs from the namespace.

Purge — Lets users delete all versions of an object with a single operation. For this permission to be granted, users must also have delete permission.

Privileged — Lets users:

oDelete or purge objects that are under retention, provided that the user also has delete or purge permission for the applicable namespace

oHold or release objects, provided that the user also has write permission for the applicable namespace

Search — Lets users use the HCP metadata query API and the HCP Search Console to query or search the namespace. For this permission to be granted, users must also have read permission.

Users with any data access permissions for a namespace can view information about that namespace.

Note: An AD user can be added to an AD group while that user is using the Namespace Browser. If the AD group corresponds to an existing HCP group account, the user may not automatically get the data access permissions associated with that group account for up to eight hours. To get the data access permissions immediately, the user needs to log out of the Namespace Browser and then log back in. If the user is also currently using the HCP System Management Console or the Tenant Management Console, logging out of either of those interfaces has the same effect.

© 2017 Hitachi Vantara Corporation. All rights reserved.