< Previous | Contents | Next >

Data access permissions

Data access permissions allow you to access bucket content through the various HCP interfaces. You get these permissions either from your user account or from the bucket configuration.


Data access permissions are bucket specific. That is, they are granted separately for individual buckets.


Each data access permission allows you to perform certain operations. However, not all operations allowed by data access permissions apply to every HCP interface. For example, you can view and retrieve ACLs through the HTTP protocol and HS3 API but not through any other namespace access protocol.


Although many of the operations allowed by data access permissions are not supported by the HS3 API, a tenant administrator can give you permission for those operations. You can then perform them through other HCP interfaces that support them.


The data access permissions that you can have for a bucket are:


Browse — Lets you list bucket contents.


Read — Lets you:


View and retrieve objects in the bucket, including the system and custom metadata for objects


View and retrieve previous versions of objects


List annotations for objects


Check the existence of objects


Users with read permission also have browse permission.


Chapter 1: Introduction to Hitachi Content Platform 11

Data access permissions


Read ACL — Lets you view and retrieve bucket and object ACLs.


Write — Lets you:


Add objects to the bucket


Modify system metadata (except retention hold) for objects in the bucket


Add or replace custom metadata for objects in the bucket


Write ACL — Lets you add, replace, and delete bucket and object ACLs.


Change owner — Lets you change the bucket owner and the owners of objects in the bucket.


Delete — Lets you delete objects, custom metadata, and bucket and object ACLs.


Purge — Lets you delete all versions of an object with a single operation. Users with purge permission also have delete permission.


Privileged — Lets you:


Delete or purge objects that are under retention, provided that you also have delete or purge permission for the bucket


Hold or release objects, provided that you also have write permission for the bucket


Search — Lets you use the HCP metadata query API and the HCP Search Console to query or search the bucket for objects that meet specified criteria. Users with search permission also have read permission.


If you have any data access permissions for a bucket, you can view information about that bucket through the HTTP protocol and Namespace Browser.


For more information on:


Bucket and object ACLs, see “Access control lists” on page 25


Object versions, see “Versioning” on page 34


12 Chapter 1: Introduction to Hitachi Content Platform

Examples in this book


Object owners, see “Object owners” on page 24


Object retention and hold, see “Retention” on page 20


The HCP Search Console, see “HCP Search Console” on page 8