Considerations for compliant buckets and objects

Make sure you understand the restrictions StorageGRID places on compliant buckets and how compliance affects the life of an object.

Restrictions for using compliant buckets

Restrictions for objects in compliant buckets

Each object that is saved in a compliant bucket goes through three stages:

  1. Object ingest
    • When an object is ingested, the system generates metadata for the object that includes a unique object identifier (UUID) and the ingest date and time. The object inherits the compliance settings from the bucket.
    • After an object is ingested into a compliant bucket, its data, S3 user-defined metadata, or S3 object tags cannot be modified, even after the retention period expires.
    • StorageGRID maintains three copies of all object metadata at each site to provide redundancy and protect object metadata from loss. Metadata is stored independently of object data.
  2. Retention period
    • The retention period for an object starts when the object is ingested into the bucket.
    • Each time the object is accessed or looked up, the compliance settings for the bucket are also looked up. The system uses the object's ingest time and date and the bucket's retention period setting to calculate when the object's retention period will expire.
    • During an object's retention period, multiple copies of the object are stored by StorageGRID. The exact number and type of copies and the storage locations are determined by rules in the active ILM policy.
      Note: Contact your StorageGRID administrator to understand how objects will be managed or to request a new ILM rule be added to manage the objects in a particular bucket.
    • During an object's retention period, or when legal hold is enabled for the bucket, you cannot delete the object.

  3. Object deletion
    • When an object's retention period ends, all copies of the object can be deleted, unless legal hold is enabled for the bucket.
    • When an object’s retention period ends, a bucket-level compliance setting allows you to control how objects are deleted: by users when required or automatically by the system.
    • If the bucket setting is to delete objects automatically, all copies of the object are removed by the background ILM process in StorageGRID. When an object’s retention period ends, the object is scheduled for deletion. The actual amount of time needed to delete all object copies can vary, depending on the number of objects in the grid and how busy the grid processes are.