Object Lock
Describes how to lock objects for a specific period or indefinitely.
Typically you lock objects to prevent them from being deleted. You can lock objects for a specific time or indefinitely. You can lock objects from the Object Store UI or CLI. See Create Buckets and mc retention.
Enable object locking at the bucket level only during bucket creation. Creating a bucket with automatic locking enables versioning. After it is enabled, you cannot disable object locking or suspend versioning.
Retention
- Governance
- In Governance mode, users cannot overwrite or delete an object version or alter
its lock settings unless they have special permissions. Users with the
s3:BypassGovernanceRetention
permission can alter the retention period and delete objects. - Compliance
- In Compliance mode, not even the administrative user can alter the retention period, nor delete the object until the retention period has lapsed.
Use the mc retention command to set and manage the retention lock.
Legal Hold
A legal hold prevents an object version from being deleted or overwritten. There is no retention period associated with a legal hold. The legal hold remains in effect until removed.
Any user with the s3:PutObjectLegalHold
permission can place and remove a
legal hold on an object at will. You cannot delete objects that have a legal hold set unless
you explicitly clear the legal hold.
You cannot set a legal hold from the Object Store UI. Use the mc legalhold command to set and manage a legal hold.