Data access permissions

Data access permissions allow you to access container content through the various HCP interfaces. You get these permissions either from your HCP user account or from the container configuration.

Data access permissions are container specific. That is, they are granted separately for individual containers.

Each data access permission allows you to perform certain operations. However, not all operations allowed by data access permissions apply to every HCP interface.

Although many of the operations allowed by data access permissions are not supported by the HSwift API, a tenant administrator can give you permission for those operations. You can then perform them through other HCP interfaces that support them.

The data access permissions that you can have for a container are:

  • Browse

    Lets you list container contents.

  • Read

    Lets you:

    • View and retrieve objects in the container, including the system and custom metadata for objects
    • View and retrieve previous versions of objects
    • List annotations for objects
    • Check the existence of objects

    Users with read permission also have browse permission.

  • Read ACL

    Lets you view and retrieve containers and object ACLs.

  • Write

    Lets you:

    • Add objects to the container
    • Modify system metadata (except retention hold) for objects in the container
    • Add or replace custom metadata for objects in the container

  • Write ACL

    Lets you add, replace, and delete container ACLs.

  • Change owner

    Lets you change the container owner and the owners of objects in the container.

  • Delete

    Lets you delete objects, custom metadata, and container ACLs.

  • Privileged

    Lets you:

    • Delete objects that are under retention, provided that you also have delete or purge permission for the container
    • Hold or release objects, provided that you also have write permission for the container

  • Search

    Lets you use the HCP metadata query API and the HCP Search Console to query or search the containers for objects that meet specified criteria. Users with search permission also have read permission.

NoteSome of the features and data access permissions listed here are not available for HSwift.