Skip to content
Products
Platform
Developer Tools
Portal

FAQ

Last updated on

  • General

    Is the Block- and Object Storage logically and physically separated?

    Yes, Object Storage is logically and physically from Block Storage separated.

    How can I use separate roles with different rights on my buckets?

    With our object storage, all credentials within a project can currently access all buckets within a project, if the default credentials group is used. This provides maximum flexibility within a project.

    If you need another solution, there are multiple options:

    • You can use the “Credentials Groups” within the same project and restrict the access per group
    • Another option would be to create another project for this.

  • Object Lock

    Can I enable Object Lock on an existing bucket?

    No. Object Lock can only be enabled at bucket creation time by passing objectLockEnabled=true. Existing buckets cannot be converted.

    Can I disable Object Lock on a bucket?

    No. Once Object Lock is enabled on a bucket, it cannot be disabled. The bucket will enforce Object Lock for its entire lifetime.

    What is the maximum retention period?

    The maximum retention period is 365 days.

    What is the difference between COMPLIANCE and GOVERNANCE mode?
    • COMPLIANCE: No one can delete, overwrite, or shorten the retention period on an object until it expires. This is the strictest mode and is suitable for regulatory requirements.
    • GOVERNANCE: Objects are protected, but users with the s3:BypassGovernanceRetention permission can modify or delete protected objects. This is useful for protection against accidental deletion while retaining administrative override capabilities.

    What happens when I remove the default retention from a bucket?

    Only future uploads are affected. Objects that were uploaded with a retention period keep their existing protection. Object Lock itself remains active on the bucket.

    What happens when I disable the Compliance Lock on a project?

    The Compliance Lock can only be disabled if no buckets with Object Lock exist in the project. Since Object Lock cannot be removed from an existing bucket, you must delete all Object Lock-enabled buckets before you can disable the Compliance Lock. The API returns HTTP 409 Conflict if Object Lock-enabled buckets still exist.

    Buckets without Object Lock are not affected and do not need to be deleted. Once the Compliance Lock is disabled, you cannot create new buckets with Object Lock until the Compliance Lock is re-enabled.

    Does the default retention override per-object retention?

    No. If you upload an object with an explicit retention setting, that setting takes precedence over the bucket default. The default retention only applies to objects that are uploaded without an explicit retention setting.

    What S3 operations are available for Object Lock?

    The following S3-compatible API operations are supported on buckets with Object Lock enabled:

    OperationDescription
    PutObjectRetentionSet or extend retention on an object
    GetObjectRetentionGet the retention settings of an object
    PutObjectLegalHoldEnable or disable Legal Hold on an object
    GetObjectLegalHoldCheck Legal Hold status of an object
    GetObjectLockConfigurationGet the Object Lock configuration of a bucket