HCP System Management Help
A namespace can be configured to allow users to associate ACLs with objects. An ACL consists of access control entries. Each access control entry grants a user or group of users (the grantee) one or more data access permissions for the applicable object.
ACL permissions
The permissions that can be included in an access control entry are:
•Read — Lets the grantee read and retrieve the object, including the system metadata and any custom metadata for the object, and list annotations for the object.
To read or retrieve the object through CIFS or NFS, the grantee must also have browse permission.
•Read ACL— Lets the grantee read and retrieve the object ACL.
•Write — Lets the grantee modify system metadata and add and replace custom metadata for the object.
•Write ACL — Lets the grantee add, replace, or delete the object ACL.
•Delete — Lets the grantee delete or purge the object and delete the object ACL.
For information on working with ACLs, see Using a Namespace.
Use of ACLs
When you create a namespace, the use of ACLs is disabled. You can enable this feature for the namespace at any time. However, once this feature is enabled, you cannot disable it.
Users can add and replace ACLs only with the HTTP protocol. Therefore, if you enable the use of ACLs for a namespace, you should also enable that protocol.
For information on enabling the user of ACLS, see Enabling the use of ACLs.
Enforcing ACLs
While the use of ACLs is enabled for a namespace, you can specify whether HCP should enforce ACLs in that namespace. While HCP is enforcing ACLs, the operations that a given user can perform on a given object are those permitted by any of:
•The data access permissions associated with the applicable user account or group accounts
•The applicable minimum data access permissions specified in the namespace configuration
•The object ACL
When not enforcing ACLs, HCP allows only the operations permitted by the first two items above.
You can change the specification of whether HCP should enforce ACLs at any time while the use of ACLs is enabled.
More information
For more information on:
•Specifying whether HCP enforces ACLs, see Changing the option to enforce ACLs
•User and group accounts and their associated data access permissions, see About user and group accounts
•Minimum data access permissions, see Minimum data access permissions
Trademarks and Legal Disclaimer
© 2017 Hitachi Vantara Corporation. All rights reserved.