Object Lock: Setting for a Bucket or Object, Disabling, and Applying a Legal Hold

  • Updated on Jun 25, 2024
  • Published on Apr 11, 2022
  • 5 minute(s) read

For an overview of the Object Lock feature and an understanding of the differences between compliance and object lock, refer to Immutability: Compliance and Object Lock. The difference is important to understand because if you create a bucket that has object lock enabled, compliance is automatically disabled.

The Object Lock feature must be enabled before you can use the functionality. Enabling object lock can be done only during bucket creation. You cannot enable object lock on existing buckets of data. Before defining object lock settings, you should review the Object Lock Features.

The feature described below defines object lock retention settings, and this is available ONLY if object lock was enabled when the bucket was created. Changing the object lock settings does not affect any of the existing objects inside the bucket. These settings only apply to objects that are newly placed into the bucket and come with no associated object lock settings.

Setting Object Lock for a Bucket

When object lock is enabled (when the bucket was created), the Object Lock tab is displayed on the settings page for the bucket. This enables you to set the retention mode at the bucket level.

The setting will apply to all NEW objects placed in the bucket after you complete the instructions below.

  1. On the Buckets list, clickfor the desired bucket.
  2. Click Settings.
  3. Click the Object Lock tab. This tab is displayed only if you already enabled the Object Lockfeature for this bucket.

  4. To see the modes, toggle to enable Default Object Retention. By default, Governance Mode is enabled.

  5. Select either Governance Mode or Compliance Mode.
  6. Configure the Retention Time to set the number of days and time scale (days or years).
  7. Click Apply.
    When you update the retention time, it will apply to newly uploaded objects and not to existing objects.
  8. After reviewing the terms of Governance Mode, type CONFIRM.

  9. Click Confirm to save the retention mode settings.

You cannot rename an object that has an active retention. If you attempt to do so, this alert is displayed:

Disabling Object Lock for a Bucket

To disable the bucket-level object lock settings, toggle off the Default Object Retention option. Remember that this applies to NEW objects uploaded to the bucket. If existing objects were subject to retention settings, those settings still apply.

Setting Object Lock for an Object

When a bucket has object lock enabled (when the bucket was created), object lock may be indicated for the object in several ways:

  • Object lock mode is not set for the bucket or a bucket-level mode was set after the object was uploaded
  • Governance mode object lock was set for the bucket before the object was uploaded and, therefore, applies to the object
  • Compliance mode object lock was set for the bucket before the object was uploaded and, therefore, applies to the object

Each scenario is presented below.

In addition, a Legal Hold feature is available for an object. A legal hold on an object prevents the deletion of that object, as described in Applying a Legal Hold. The object is "on hold" for an indefinite amount of time until the hold is released.

Object Lock is Not Set

When an object lock mode is not set for the bucket or a bucket level mode is set after the object was uploaded, you can view Object Lock in the File Details.

  1. In the Bucket List, navigate to the bucket in which the object is located. Click the bucket to show objects.
  2. Show versions in the Objects list by clicking Show Versions in the upper right of the list:

    This is an important step because you will not otherwise see object lock information in the File Details.
  3. Click the name of the object. The File Details panel is displayed. Notice the Object Lock area, for example:

If you want to enable lock for this object only:

  1. Click Enable.
  2. Select the mode (Governance or Compliance).
  3. Enter the date until which the retention will remain in effect. Although a date may be displayed by default, you must enter a date or click the calendar icon and select a date.

  4. Click Apply.

Governance Mode Object Lock is Set

If Governance mode object lock was set for the bucket, the object lock applies to any newly uploaded object. You can view Object Lock in the File Details.

  1. In the Bucket List, navigate to the bucket in which the object is located. Click the bucket to show objects.
  2. Show versions in the Objects list by clicking Show Versions in the upper right of the list:
    This is an important step because you will not otherwise see object lock information in the File Details.
  3. Click the name of the object. The File Details panel is displayed. Notice the Object Lock area, which shows that Governance Mode is set and retained until the date/time shown. For example:

You can change the mode and/or retention date. Or, you can indicate that you do not want object lock (None).

  1. Click Edit.
  2. Optionally, change the mode to Compliance (and enter a retention date) or None.
  3. Optionally, you can change only the date until which the retention will remain in effect. Although a date may be displayed by default, you must enter a date or click the calendar icon and select a date.

  4. Click Apply.

Compliance Mode Object Lock is Set

If Compliance mode object lock was set for the bucket, the object lock applies to any newly uploaded object. You can view Object Lock in the File Details.

  1. In the Bucket List, navigate to the bucket in which the object is located. Click the bucket to show objects.
  2. Show versions in the Objects list by clicking Show Versions in the upper right of the list:
    This is an important step because you will not otherwise see object lock information in the File Details.
  3. Click the name of the object. The File Details panel is displayed. Notice the Object Lock area, which shows that Compliance Mode is set and retained until the date/time shown. For example:

You can change only the retention date to extend the time period.

  1. Click Edit.
  2. You can change the date until which the retention will remain in effect. This must be a date beyond the one already set. Although a date may be displayed by default, you must enter a date or click the calendar icon and select a date.

  3. Click Apply.

The following message is displayed if you attempt to chane the retention mode to Governance or None.

Applying a Legal Hold

If you want to prevent the deletion of the object for an indefinite amount of time:

  1. In the Bucket List, navigate to the bucket in which the object is located. Click the bucket to show objects.
  2. Show versions in the Objects list by clicking Show Versionsin the upper right of the list.
    This is an important step because you will not otherwise see object lock information in the File Details.
  3. Click the name of the object. The File Details panel is displayed. Locate Legal Hold in the Object Lock area. For example:

  4. Enable the Legal Hold toggle. 
  5. Confirm that you want to change the legal hold status for the file by clicking Confirm:

The object is "on hold"  until the hold is released by disabling the toggle.