Data access permissions
Data access permissions allow users to access namespace content and some information about namespaces. These permissions are granted separately for individual namespaces.
The data access permissions that can be associated with user and group accounts for any given namespace are:
Browse
List directory contents.
Read
View and retrieve objects, including the system and custom metadata for objects.
View and retrieve previous versions of objects.
Check the existence of objects.
List annotations for objects.
For this permission to be granted, users must also have browse permission.
Read ACL
View and retrieve object ACLs.
Write
Add objects to the namespace.
Modify system metadata (except retention hold).
Add or replace custom metadata.
Write ACL
Add, replace, and delete object ACLs.
Change owner
Change the owners of objects in the namespace.
Delete
Delete objects, custom metadata, and ACLs from the namespace.
Purge
Delete all versions of an object with a single operation. For this permission to be granted, users must also have delete permission.
Privileged
Delete or purge objects that are under retention, provided the user also has delete or purge permission for the applicable namespace
Hold or release objects, provided the user also has write permission for the applicable namespace
Search
Use the HCP metadata query API and the HCP Search Console to query or search the namespace. For this permission to be granted, users must also have read permission.
Users with any data access permissions for a namespace can view information about that namespace.