Object Locking
    • 23 Feb 2024
    • PDF

    Object Locking

    • PDF

    Article Summary

    Object locking can be enabled only while creating the bucket, as described in Object Locking. The feature described below defines object locking retention settings, and this is available ONLY if object locking was enabled when the bucket was created.

    Object locking can help prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely. When objects are placed in a bucket that has object locking enabled, the objects are subject to retention mode defaults. The modes are:

    • Governance Mode in which objects are immutable until after they reach the retention date you define here. This is true unless a user has specific IAM permissions to alter the settings.
    • Compliance Mode in which objects are immutable until after they reach the retention date you define here. This cannot be reversed for any reason, by any user, regardless of user permissions.

    Retention modes are set at the bucket level or object level. Both settings are described below.

    Setting Object Locking for a Bucket

    When object locking is enabled (when the bucket was created), the Object Locking tab is displayed on the settings page for the bucket. This enables you to set the retention mode at the bucket level.

    The setting will apply to all NEW objects placed in the bucket after you complete the instructions below.

    1. To see the modes, toggle to enable Bucket-Level Object Retention. By default, Governance Mode is enabled.

    2. Select either Governance Mode or Compliance Mode.
    3. Configure the Retention Time to set the number of days and time scale (days or years).
    4. Click APPLY.
      When you update the retention time, it will apply to newly uploaded objects and not to existing objects.
    5. After reviewing the terms of Governance Mode, type CONFIRM.

    6. Click the Confirm button to save the retention mode settings.

    You cannot rename an object that has an active retention. If you attempt to do so, this alert is displayed:

    Disabling Object Locking for a Bucket

    To disable the bucket level object lock settings, toggle off the Bucket-Level Object Retention option and click APPLY. Remember that this applies to NEW objects uploaded to the bucket. If existing objects were subject to retention settings, those settings still apply.

    Setting Object Locking for an Object

    When a bucket has object locking enabled (when the bucket was created), object locking may be indicated for the object in several ways:

    • Object locking mode is not set for the bucket or a bucket level mode was set after the object was uploaded
    • Governance mode object locking was set for the bucket before the object was uploaded and, therefore, applies to the object
    • Compliance mode object locking was set for the bucket before the object was uploaded and, therefore, applies to the object

    Each scenario is presented below.

    In addition, a Legal Hold feature is available for an object. A legal hold on an object prevents the deletion of that object, as described in Applying a Legal Hold. The object is "on hold" for an indefinite amount of time until the hold is released.

    Object Locking is Not Set

    When an object locking mode is not set for the bucket or a bucket level mode was set after the object was uploaded, you can view Object Locking in the File Details.

    1. In the Bucket List, navigate to the bucket in which the object is located. Click the bucket to show objects.
    2. Show versions in the Objects list by clicking Show Versions in the upper right of the list:
      This is an important step because you will not otherwise see object lock information in the File Details.
    3. Click the name of the object. The File Details panel is displayed. Notice the Object Locking area, for example:

    If you want to enable locking for this object only:

    1. Click Enable.
    2. Select the mode (Governance or Compliance).
    3. Enter the date until which the retention will remain in effect. Although a date may be displayed by default, you must enter a date or click the calendar icon and select a date.
    4. Click APPLY.

    Governance Mode Object Locking is Set

    If Governance mode object locking was set for the bucket, the object locking applies to any newly uploaded object. You can view Object Locking in the File Details.

    1. In the Bucket List, navigate to the bucket in which the object is located. Click the bucket to show objects.
    2. Show versions in the Objects list by clicking Show Versions in the upper right of the list:
      This is an important step because you will not otherwise see object lock information in the File Details.
    3. Click the name of the object. The File Details panel is displayed. Notice the Object Locking area, which shows that Governance Mode is set and retained until the date/time shown. For example:

    You can change the mode and/or retention date. Or, you can indicate that you do not want object locking (None).

    1. Click Edit.
    2. Optionally, change the mode to Compliance (and enter a retention date) or None.
    3. Optionally, you can change only the date until which the retention will remain in effect. Although a date may be displayed by default, you must enter a date or click the calendar icon and select a date.
    4. Click APPLY.

    Compliance Mode Object Locking is Set

    If Compliance mode object locking was set for the bucket, the object locking applies to any newly uploaded object. You can view Object Locking in the File Details.

    1. In the Bucket List, navigate to the bucket in which the object is located. Click the bucket to show objects.
    2. Show versions in the Objects list by clicking Show Versions in the upper right of the list:
      This is an important step because you will not otherwise see object lock information in the File Details.
    3. Click the name of the object. The File Details panel is displayed. Notice the Object Locking area, which shows that Compliance Mode is set and retained until the date/time shown. For example:

    You can change only the retention date to extend the time period.

    1. Click Edit.
    2. You can change the date until which the retention will remain in effect. This must be a date beyond the one already set. Although a date may be displayed by default, you must enter a date or click the calendar icon and select a date.
    3. Click APPLY.

    The following message is displayed if you attempt to chane the retention mode to Governance or None.

    If you want to prevent the deletion of the object for an indefinite amount of time:

    1. In the Bucket List, navigate to the bucket in which the object is located. Click the bucket to show objects.
    2. Show versions in the Objects list by clicking Show Versions in the upper right of the list:
      This is an important step because you will not otherwise see object lock information in the File Details.
    3. Click the name of the object. The File Details panel is displayed. Notice the Object Locking area, which shows that Compliance Mode is set and retained until the date/time shown. For example:

    4. Enable the Legal Hold toggle. 
    5. Confirm that you want to change the legal hold status for the file by clicking Confirm:

    The object is "on hold"  until the hold is released by disabling the toggle.



    What's Next