HCP System Management Help
Data access permissions allow you to access bucket content through the various HCP interfaces. You get these permissions either from your user account or from the bucket configuration.
Data access permissions are bucket specific. That is, they are granted separately for individual buckets.
Each data access permission allows you to perform certain operations. However, not all operations allowed by data access permissions apply to every HCP interface. For example, you can view and retrieve ACLs through the HTTP protocol and HS3 API but not through any other namespace access protocol.
Although many of the operations allowed by data access permissions are not supported by the HS3 API, a tenant administrator can give you permission for those operations. You can then perform them through other HCP interfaces that support them.
The data access permissions that you can have for a bucket are:
•Browse — Lets you list bucket contents.
•Read — Lets you:
oView and retrieve objects in the bucket, including the system and custom metadata for objects
oView and retrieve previous versions of objects
oList annotations for objects
oCheck the existence of objects
Users with read permission also have browse permission.
•Read ACL — Lets you view and retrieve bucket and object ACLs.
•Write — Lets you:
oAdd objects to the bucket
oModify system metadata (except retention hold) for objects in the bucket
oAdd or replace custom metadata for objects in the bucket
•Write ACL — Lets you add, replace, and delete bucket and object ACLs.
•Change owner — Lets you change the bucket owner and the owners of objects in the bucket.
•Delete — Lets you delete objects, custom metadata, and bucket and object ACLs.
•Purge — Lets you delete all versions of an object with a single operation. Users with purge permission also have delete permission.
•Privileged — Lets you:
oDelete or purge objects that are under retention, provided that you also have delete or purge permission for the bucket
oHold or release objects, provided that you also have write permission for the bucket
•Search — Lets you use the HCP metadata query API and the HCP Search Console to query or search the bucket for objects that meet specified criteria. Users with search permission also have read permission.
If you have any data access permissions for a bucket, you can view information about that bucket through the HTTP protocol and Namespace Browser.
For more information on:
•Bucket and object ACLs, see Access control lists
•Object versions, see Versioning
•Object owners, see Object owners
•Object retention and hold, see Retention
•The HCP Search Console, see HCP Search Console
Trademarks and Legal Disclaimer
© 2017 Hitachi Vantara Corporation. All rights reserved.