Configuring a WORM Policy

Prerequisites

• The WORM clock has been initialized.
• When creating a namespace, if you associate the namespace with a replication group and disable WORM, WORM cannot be enabled after the namespace is created.

Procedure

1. Choose Resources > Resources > Namespace.
2. Select a desired account from the Account drop-down list in the upper left corner.
3. Click the desired namespace name to go to the details page. Click the WORM tab.
4. Click Configure.

   The Configure WORM Policy page is displayed.

5. Select a policy mode. Possible options are:
   • Enterprise: used by enterprises to implement internal control. The retention period and permissions of common users and privileged users are set to ensure secure data access security and prevent data tampering, protecting archived files and data of enterprises. Common users cannot modify, rename, or delete files within the retention period. Privileged users (system administrators) cannot modify or rename files within the retention period, but they can use the privilege to delete files. Common users and system administrators cannot modify or rename files whose retention period expires, but can read or delete the files.

     Table 1 describes the related parameters.

     Table 1 Parameters of the Enterprise policy mode

     Parameter	Description
     Max. Retention Period	Maximum protection period supported by a specified namespace or dtree.
     Min. Retention Period	Minimum protection period supported by a specified namespace or dtree.
     Default Retention Period	Default protection period after a file enters the protection state.
     Auto Lock	After this function is enabled, if a file is not modified within the default waiting time, the file automatically enters the locked state.
     Legal Hold File Modification	Common users and privileged users cannot delete legal hold files within the retention period. After the function is enabled, the retention periods of the legal hold files can be modified.

   • None: indicates the None mode, which means that uploaded objects are not protected by default.

     After Legal Hold File Modification is enabled, the retention periods of the legal hold files can be modified.

6. When the policy mode is changed from Enterprise to None, you need to select the authentication mode of the authentication user and enter the username and password of the authentication user.
   

   If you want to change the Enterprise WORM policy of a namespace to None, run CLI command change worm_disable_switch general worm_disable=true so that WORM can be disabled. To modify a WORM policy, you need to select the authentication mode of authentication users and enter the names and passwords of the two authentication users.

   A user can be successfully authenticated only when the following conditions are met:

   • The authentication user can only be the super administrator or administrator.
   • Lock Status of the authentication user is Unlocked.
   • Password Status of the authentication user is Normal or Password about to expire. If the password does not need to be changed upon the first login, the value of Password Status can also be Initial password. Please change it.

   After the WORM policy is changed to None:

   • Files or objects in the initial state before the change cannot enter the protected state through automatic locking. They can enter the protected state only after chmod -w is executed. For files or objects in other states before the change, the status switchover process remains unchanged.
   • The WORM policy of a newly uploaded file or object is None by default.
   • WORM parameters will be changed to the default values. Specifically, the maximum retention period is 70 years, the minimum retention period is 0 years, the default retention period is 3 years, and automatic locking is disabled.

7. Click OK.