Enabling S3 Object Lock globally
Suggest changes
PDFs
If an S3 tenant account needs to comply with regulatory requirements when saving object data, you must enable S3 Object Lock for your entire StorageGRID system. Enabling the global S3 Object Lock setting allows any S3 tenant user to create and manage buckets and objects with S3 Object Lock.
-
You must have the Root Access permission.
-
You must be signed in to the Grid Manager using a supported browser.
-
You must have reviewed the S3 Object Lock workflow, and you must understand the considerations.
-
The default rule in the active ILM policy must be compliant.
A grid administrator must enable the global S3 Object Lock setting to allow tenant users to create new buckets that have S3 Object Lock enabled. After this setting is enabled, it cannot be disabled.
|
If you enabled the global Compliance setting using a previous version of StorageGRID, the new S3 Object Lock setting is automatically enabled when you upgrade to StorageGRID version 11.5. You can continue to use StorageGRID to manage the settings of existing compliant buckets; however, you can no longer create new compliant buckets. |
-
Select Configuration > System Settings > S3 Object Lock.
The S3 Object Lock Settings page appears.
If you had enabled the global Compliance setting using a previous version of StorageGRID, the page includes the following note:
-
Select Enable S3 Object Lock.
-
Select Apply.
A confirmation dialog box appears and reminds you that you cannot disable S3 Object Lock after it is enabled.
-
If you are sure you want to permanently enable S3 Object Lock for your entire system, select OK.
When you select OK:
-
If the default rule in the active ILM policy is compliant, S3 Object Lock is now enabled for the entire grid and cannot be disabled.
-
If the default rule is not compliant, an error appears, indicating that you must create and activate a new ILM policy that includes a compliant rule as its default rule. Select OK, and create a new proposed policy, simulate it, and activate it.
-
After you enable the global S3 Object Lock setting, you might want to create a new ILM policy. After the setting is enabled, the ILM policy can optionally include both a compliant default rule and a non-compliant default rule. For example, you might want to use a non-compliant rule that does not have filters for objects in buckets that do not have S3 Object Lock enabled.