Data access permissions

Data access permissions allow users to access namespace content and some information about namespaces. These permissions are granted separately for individual namespaces.

The data access permissions that can be associated with user and group accounts for any given namespace are:

Browse: List directory contents.

Read:

oView and retrieve objects, including the system and custom metadata for objects.

oView and retrieve previous versions of objects.

oCheck the existence of objects.

oList annotations for objects.

For this permission to be granted, users must also have browse permission.

Read ACL: View and retrieve object ACLs.

Write:

oAdd objects to the namespace.

oModify system metadata (except retention hold).

oAdd or replace custom metadata.

Write ACL: Add, replace, and delete object ACLs.

Change owner: Change the owners of objects in the namespace.

Delete: Delete objects, custom metadata, and ACLs from the namespace.

Purge: Delete all versions of an object with a single operation. For this permission to be granted, users must also have delete permission.

Privileged:

oDelete or purge objects that are under retention, provided the user also has delete or purge permission for the applicable namespace

oHold or release objects, provided the user also has write permission for the applicable namespace

Search: Use the HCP metadata query API and the HCP Search Console to query or search the namespace. For this permission to be granted, users must also have read permission.

Users with any data access permissions for a namespace can view information about that namespace.

Note: An Active Directory (AD) user can be added to an AD group while the user is using the Namespace Browser. However, if the AD group corresponds to an HCP group account, the data access permissions might not take effect immediately. It could take up to eight hours for the user to get the data access permissions associated with the group account. To get the data access permissions immediately, the user must log out of the Namespace Browser and then log back in. If the user is also currently using the HCP System Management Console or the Tenant Management Console, logging out of either of those interfaces has the same effect.

© 2015, 2020 Hitachi Vantara LLC. All rights reserved.