< Previous | Contents | Next >

Data access permissions

Data access permissions allow you to access bucket content through the various HCP interfaces. You get these permissions either from your user account or from the bucket configuration.

Data access permissions are bucket specific. That is, they are granted separately for individual buckets.

Each data access permission allows you to perform certain operations. However, not all operations allowed by data access permissions apply to every HCP interface. For example, you can view and retrieve ACLs through the HTTP protocol and HS3 API but not through any other namespace access protocol.

Although many of the operations allowed by data access permissions are not supported by the HS3 API, a tenant administrator can give you permission for those operations. You can then perform them through other HCP interfaces that support them.

The data access permissions that you can have for a bucket are:

Browse — Lets you list bucket contents.

Read — Lets you:

View and retrieve objects in the bucket, including the system and custom metadata for objects

View and retrieve previous versions of objects

List annotations for objects

Check the existence of objects

Users with read permission also have browse permission.

Chapter 1: Introduction to Hitachi Content Platform 11

Data access permissions

Read ACL — Lets you view and retrieve bucket and object ACLs.

Write — Lets you:

Add objects to the bucket

Modify system metadata (except retention hold) for objects in the bucket

Add or replace custom metadata for objects in the bucket

Write ACL — Lets you add, replace, and delete bucket and object ACLs.

Change owner — Lets you change the bucket owner and the owners of objects in the bucket.

Delete — Lets you delete objects, custom metadata, and bucket and object ACLs.

Purge — Lets you delete all versions of an object with a single operation. Users with purge permission also have delete permission.

Privileged — Lets you:

Delete or purge objects that are under retention, provided that you also have delete or purge permission for the bucket

Hold or release objects, provided that you also have write permission for the bucket

Search — Lets you use the HCP metadata query API and the HCP Search Console to query or search the bucket for objects that meet specified criteria. Users with search permission also have read permission.

If you have any data access permissions for a bucket, you can view information about that bucket through the HTTP protocol and Namespace Browser.

For more information on:

Bucket and object ACLs, see “Access control lists” on page 25

Object versions, see “Versioning” on page 34

12 Chapter 1: Introduction to Hitachi Content Platform

Examples in this book

Object owners, see “Object owners” on page 24

Object retention and hold, see “Retention” on page 20

The HCP Search Console, see “HCP Search Console” on page 8