Data access permissions

Content Platform Tenant Management Help

Version
9.7.x
File Size
4269 KB
Audience
anonymous
Part Number
MK-95HCPH002-19

Data access permissions allow users to access namespace content and some information about namespaces. These permissions are granted separately for individual namespaces.

The data access permissions that can be associated with user and group accounts for any given namespace are:

Browse
List directory contents.
Read
View and retrieve objects, including the system and custom metadata for objects.
View and retrieve previous versions of objects.
Check the existence of objects.
List annotations for objects.
For this permission to be granted, users must also have browse permission.
Read ACL
View and retrieve object ACLs.
Write
Add objects to the namespace.
Modify system metadata (except retention hold).
Add or replace custom metadata.
Write ACL
Add, replace, and delete object ACLs.
Change owner
Change the owners of objects in the namespace.
Delete
Delete objects, custom metadata, and ACLs from the namespace.
Purge
Delete all versions of an object with a single operation. For this permission to be granted, users must also have delete permission.
Privileged
Delete or purge objects that are under retention, provided the user also has delete or purge permission for the applicable namespace
Hold or release objects, provided the user also has write permission for the applicable namespace
Search
Use the HCP metadata query API and the HCP Search Console to query or search the namespace. For this permission to be granted, users must also have read permission.

Users with any data access permissions for a namespace can view information about that namespace.

Note: An Active Directory (AD) user can be added to an AD group while the user is using the Namespace Browser. However, if the AD group corresponds to an HCP group account, the data access permissions might not take effect immediately. It could take up to eight hours for the user to get the data access permissions associated with the group account. To get the data access permissions immediately, the user must log out of the Namespace Browser and then log back in. If the user is also currently using the HCP System Management Console or the Tenant Management Console, logging out of either of those interfaces has the same effect.