Specifying permissions for any number of namespaces

Content Platform Tenant Management Help

Version
9.7.x
File Size
4269 KB
Audience
anonymous
Part Number
MK-95HCPH002-19

You associate data access permissions with a user or group account by first displaying a list of namespaces and then selecting the ones for which you want to specify data access permissions. After selecting the namespaces you want, you select the permissions you want the user or group account to have for those namespaces.

You can specify permissions for any number of namespaces in a single operation. If the user or group account already has permissions for any of the selected namespaces, the set of permissions you select replaces the set of permissions already associated with each of those namespaces.

  1. In the list of user or group accounts on the Users or Groups page, as applicable, select the user account or group account you want.
  2. Click Assign Namespace Permissions.
    The Find and Select Namespaces section lists all the tenant's namespaces. Namespaces for which the user or group account already has any permissions are marked with a checkmark ().
  3. (Optional) Filter the list of namespaces by name.
    1. In the Find and Select Namespaces field, type a text string to use as a filter.
      This string can be up to 64 characters long and can contain any valid UTF-8 characters, including white space. It is not case sensitive.
    2. Click the find control ().
  4. For each namespace from which you want to specify data access permissions, click the add control () to select the group.
    For each AD group with an existing HCP group account for which you want to change the associated roles, click the add control () to select the group.
    To select all the groups in the list, click Select All.
    To deselect a selected group, click the remove control () for the group.
    To deselect all the selected groups, click Clear.
    The selected group rows turns green.
  5. In the Assign Data Access Permissions for Selected Namespaces section, select the permissions you want the user or group account to have for the selected namespaces.
    Selecting Read automatically selects Browse. Selecting Search automatically selects Read and Browse. Selecting Purge automatically selects Delete.
    To select all the permissions, click Select all.
  6. In the S3 Object Lock Permissions section, select the permissions you want to grant to the user or group account for the selected namespaces.
    Important: To use any of these permission settings, you must enable S3 Object Lock on the namespace. The following is a list of S3 Object Lock permissions, explaining when you would use each one
    • Bypass Governance Retention: Allows you to perform operations such as deletion, shortening the retention period, or removing the lock on object versions that are locked in governance mode.
    • Get Bucket Object Lock Configuration: Allows you to retrieve the Object Lock configuration for a bucket.
    • Get Object Legal Hold: Allows you to retrieve an object’s current legal hold status. The legal hold status indicates whether an object is locked and cannot be overwritten or deleted.
    • Get Object Retention: Allows you to retrieve an object’s retention settings. The retention settings indicate whether an object is locked and cannot be overwritten or deleted.
    • Put Bucket Object Lock Configuration: Allows you to place an Object Lock configuration on the specified bucket.
    • Put Object Legal Hold: Allows you to apply a legal hold configuration to the specified object. The legal hold status indicates whether an object is locked and cannot be overwritten or deleted.
    • Put Object Retention: Allows you to apply an Object Retention configuration on an object.
    To select all the permissions, click Select all.
  7. Click Assign Namespaces.