Content Platform Tenant Management Help

File Size
4269 KB
Part Number

To access a namespace and take action in it, clients must have the necessary permissions. The list below describes the possible permissions and the operations they allow.

  • List directory contents.
  • Check for directory existence.
  • Retrieve objects and system metadata.
  • Check for object existence.
  • List annotations.
  • Check for and retrieve annotations.
Read operations also require browse permission.
Read ACL
Check for and retrieve ACLs.
  • Store objects.
  • Create directories.
  • Modify system metadata.
  • Add and replace annotations.
Write ACL
Add, replace, and delete ACLs.
Delete objects, empty directories, annotations, and ACLs.
Delete objects and their old versions (also requires delete permission).
  • Delete or purge objects regardless of retention (also requires delete or purge permissions).
  • Place objects on hold or release objects from hold (also requires write permission).
Change owner
Change object owners.
Search for objects (also requires browse and read permissions).
Note: When using the CIFS protocol with a Windows client, you need both read and write permissions to store objects.

Data access permission mask

The operations allowed in a namespace are determined by a data access permission mask for the namespace. Data access permission masks are set at the system, tenant, and namespace levels.

The effective permissions for a namespace are the operations that are allowed by the mask at all three levels. That is, to be in effect for a namespace, a permission must be included in the system-level permission mask, the tenant-level permission mask, and the namespace-level permission mask.

User permissions

To perform an operation in a namespace, the operation must be allowed by the effective permission mask and by your user permissions. The permissions for what you can do in a namespace come from your user account (if you’re an authenticated user), the namespace configuration, and, for individual objects, the object ACL.

Note: ACLs are enabled on a per-namespace basis. In namespaces where ACLs are enabled, the namespace can be configured to either enforce or ignore the permissions granted by ACL. To find out the ACLs settings for a namespace, contact your tenant administrator.