Permissions

Content Platform Tenant Management Help

Version
9.7.x
File Size
4269 KB
Audience
anonymous
Part Number
MK-95HCPH002-19

To access a namespace and take action in it, clients must have the necessary permissions. The list below describes the possible permissions and the operations they allow.

Browse
  • List directory contents.
  • Check for directory existence.
Read
  • Retrieve objects and system metadata.
  • Check for object existence.
  • List annotations.
  • Check for and retrieve annotations.
Read operations also require browse permission.
Read ACL
Check for and retrieve ACLs.
Write
  • Store objects.
  • Create directories.
  • Modify system metadata.
  • Add and replace annotations.
Write ACL
Add, replace, and delete ACLs.
Delete
Delete objects, empty directories, annotations, and ACLs.
Purge
Delete objects and their old versions (also requires delete permission).
Privileged
  • Delete or purge objects regardless of retention (also requires delete or purge permissions).
  • Place objects on hold or release objects from hold (also requires write permission).
Change owner
Change object owners.
Search
Search for objects (also requires browse and read permissions).
Note: When using the CIFS protocol with a Windows client, you need both read and write permissions to store objects.

Data access permission mask

The operations allowed in a namespace are determined by a data access permission mask for the namespace. Data access permission masks are set at the system, tenant, and namespace levels.

The effective permissions for a namespace are the operations that are allowed by the mask at all three levels. That is, to be in effect for a namespace, a permission must be included in the system-level permission mask, the tenant-level permission mask, and the namespace-level permission mask.

User permissions

To perform an operation in a namespace, the operation must be allowed by the effective permission mask and by your user permissions. The permissions for what you can do in a namespace come from your user account (if you’re an authenticated user), the namespace configuration, and, for individual objects, the object ACL.

Note: ACLs are enabled on a per-namespace basis. In namespaces where ACLs are enabled, the namespace can be configured to either enforce or ignore the permissions granted by ACL. To find out the ACLs settings for a namespace, contact your tenant administrator.