ACL permissions

Content Platform Tenant Management Help

Version
9.7.x
File Size
4269 KB
Audience
anonymous
Part Number
MK-95HCPH002-19

Granting a permission in an ACL for a bucket gives the grantee certain data access permissions for that bucket. Granting a permission in an ACL for an individual object gives the user certain data access permissions just for that object.

The list below lists the permissions you can grant in an ACL and shows the data access permissions that correspond to each ACL permission.

Read
Browse and read
Read ACP
Read ACL
Write
Write and delete
Write ACP
Write ACL
Full control
Browse, read, read ACL, write, write ACL, and delete

By default, a bucket or object owner that corresponds to an HCP user account or an object owner that corresponds to an AD user account has full control over the applicable bucket or object. For a bucket owner that corresponds to an AD user account, the permissions depend on the tenant configuration.

When adding an ACL to a bucket or object, you can grant only the permissions you already have for that bucket or object. For example, suppose you have read, read ACP, and write ACP permissions for an object. In this case, you can grant read, read ACP, and write ACP permissions for the object to other users, but you cannot grant write permission or full control.

Tenant administrators can change the permissions that users, including the bucket owner, have for a bucket. They cannot change the permissions users have for objects.