Workflow for S3 Object Lock

Contributors netapp-perveilerk netapp-madkat

As a grid administrator, you must coordinate closely with tenant users to ensure that the objects are protected in a manner that satisfies their retention requirements.

The workflow diagram shows the high-level steps for using S3 Object Lock. These steps are performed by the grid administrator and by tenant users.

S3 Object Lock workflow

Grid admin tasks

As the workflow diagram shows, a grid administrator must perform two high-level tasks before S3 tenant users can use S3 Object Lock:

  1. Create at least one compliant ILM rule and make that rule the default rule in the active ILM policy.

  2. Enable the global S3 Object Lock setting for the entire StorageGRID system.

Tenant user tasks

After the global S3 Object Lock setting has been enabled, tenants can perform these tasks:

  1. Create buckets that have S3 Object Lock enabled.

  2. Specify default retention settings for the bucket, which are applied to objects added to the bucket that do not specify their own retention settings.

  3. Add objects to those buckets and specify object-level retention periods and legal hold settings.

  4. As required, update a retention period or change the legal hold setting for an individual object.