ACL permissions

The following describes the permissions that can be granted through an ACL.

  • Read

    • Retrieve objects and system metadata
    • Check for object existence
    • List annotations
    • Check for and retrieve custom metadata

  • Read_ACL

    Check for and retrieve ACLs

  • Write

    • Store objects
    • Create directories
    • Set and change system and custom metadata

  • Write_ACL

    Set and change ACLs

  • Delete

    Delete objects, custom metadata, and ACLs

NoteWith the CIFS or NFS protocol:
  • If you are using an AD user account, when you try to delete an object for which you have been granted delete permission by an ACL, the delete operation fails if the object is located in the root data directory.
  • To read or retrieve an object for which you have been granted read permission by an ACL, you also need browse permission for the namespace.