Help Center/ Object Storage Service/ API Reference/ APIs/ Advanced Bucket Settings/ Configuring a Default WORM Policy for a Bucket
Updated on 2025-08-22 GMT+08:00
View PDF
Share

Configuring a Default WORM Policy for a Bucket

Functions

This API configures a default WORM policy and retention period for a bucket.

With the bucket's default WORM policy, if you do not specify a WORM policy or a retention period when you upload an object to the bucket, the default policy will be automatically applied to the newly uploaded object. An object-level WORM policy requires configuring a specific date, which indicates an object will be protected until that date. For a default bucket-level WORM policy, a retention period is required, and the protection for an object starts when the object is uploaded to the bucket.

To perform this operation, you must have the PutBucketObjectLockConfiguration permission. By default, only the bucket owner can perform this operation. The bucket owner can grant the permission to other users by configuring the bucket policy or user policy.

  • You can modify or even delete the default WORM policy of a bucket. The change applies only to the objects uploaded after the change, but not to those uploaded before.
  • During a multipart upload, the object parts uploaded are not protected before they are assembled. After object parts are assembled, the new object is protected by the default bucket-level WORM policy. You can also configure an object-level WORM policy for the new object.

Other restrictions on the WORM retention configuration:

  • The WORM mode can only be COMPLIANCE.
  • The retention period can be set to 1 to 36500 days or 1 to 100 years.

Request Syntax

PUT /?object-lock HTTP/1.1
Host: bucketname.obs.region.myhuaweicloud.com 
Date: date
Authorization: authorization
Content-Type: application/xml
Content-Length: length
<ObjectLockConfiguration xmlns="http://obs.region.myhuaweicloud.com/doc/2015-06-30/">
    <ObjectLockEnabled>Enabled</ObjectLockEnabled>
    <Rule>
       <DefaultRetention>
          <Days>integer</Days>
          <Mode>COMPLIANCE</Mode>
          <Years>integer</Years>
       </DefaultRetention>
    </Rule>
</ObjectLockConfiguration>

Request Parameters

This request contains no message parameters.

Request Headers

This request uses common headers. For details, see Table 1.

Request Elements

Table 1 Request elements

Parameter

Mandatory (Yes/No)

Type

Description

ObjectLockConfiguration

Yes

Container

Definition:

Container for bucket-level WORM configurations. ObjectLockConfiguration is the parent node of ObjectLockEnabled and Rule.

Constraints:

None

Range:

For details, see Table 2.

Default value:

None
Table 2 Parameters in ObjectLockConfiguration

Parameter

Mandatory (Yes/No)

Type

Description

ObjectLockEnabled

No

String

Definition:

Bucket-level WORM status.

Constraints:

None

Range:

Enabled: Bucket-level WORM is enabled.

Default value:

None

Rule

Yes when ObjectLockEnabled is set to Enabled. If this parameter is not specified, the default bucket-level WORM policy will be cleared.

Container

Definition:

Rule container of a bucket-level WORM policy. Rule is the parent node of DefaultRetention.

Constraints:

None

Range:

For details, see Table 3.

Default value:

None
Table 3 Rule parameter description

Parameter

Mandatory (Yes/No)

Type

Description

DefaultRetention

Yes if Rule is specified

Container

Definition:

Container of a bucket-level WORM policy. DefaultRetention is the parent node of Mode, Days, and Years.

Constraints:

None

Range:

For details, see Table 4.

Default value:

None
Table 4 DefaultRetention parameters

Parameter

Mandatory (Yes/No)

Type

Description

Mode

Yes if DefaultRetention is specified

String

Definition:

WORM retention policy of a bucket.

Constraints:

None

Range:

COMPLIANCE: compliance mode

Default value:

None

Days

If the DefaultRetention container is included, you must specify either Days or Years, but you cannot specify both at the same time.

Integer

Definition:

Number of retention days.

Constraints:

Only one of Days and Years can be set to a value other than 0. The value must be within the allowed range.

Range:

1 to 36500

Default value:

None

Years

If the DefaultRetention container is included, you must specify either Years or Days, but you cannot specify both at the same time.

Integer

Definition:

Default retention years.

Constraints:

  • One year is considered as 365 days, regardless of the leap year.
  • Only one of Days and Years can be set to a value other than 0. The value must be within the allowed range.

Range:

1 to 100

Default value:

None

Response Syntax

HTTP/1.1 status_code
Date: date
Content-Length: length

Response Headers

This response uses common headers. For details, see Table 1.

Response Elements

This response contains no elements.

Error Responses

Table 5 describes possible special errors in this request.

Table 5 Error Responses

Error Code

Description

HTTP Status Code

InvalidRequest

The object lock is disabled for the bucket.

400

MalformedXML

Invalid policy configuration format.

400

For other errors, see Table 2.

Sample Request 1

Configure the default bucket-level WORM policy with a retention period of 2 years.

PUT /?object-lock HTTP/1.1
Host: bucketname.obs.region.myhuaweicloud.com 
Date: WED, 01 Jul 2015 02:25:05 GMT
Authorization: OBS H4IPJX0TQTHTHEBQQCEC:75/Y4Ng1izvzc1nTGxpMXTE6ynw=
Content-Type: application/xml
Content-Length: 157
<ObjectLockConfiguration xmlns="http://obs.region.myhuaweicloud.com/doc/2015-06-30/">
    <ObjectLockEnabled>Enabled</ObjectLockEnabled>
    <Rule>
       <DefaultRetention>
          <Mode>COMPLIANCE</Mode>
          <Years>2</Years>
       </DefaultRetention>
    </Rule>
</ObjectLockConfiguration>

Sample Response 1

HTTP/1.1 200 OK
Server: OBS
x-obs-request-id: BF260000016435CE298386946AE4C482
x-obs-id-2: 32AAAQAAEAABSAAgAAEAABAAAQAAEAABCT9W2tcvLmMJ+plfdopaD62S0npbaRUz
Date: WED, 01 Jul 2015 02:25:06 GMT
Content-Length: 0

Sample Request 2

Delete the configuration of the default bucket-level WORM policy.

PUT /?object-lock HTTP/1.1
Host: bucketname.obs.region.myhuaweicloud.com 
Date: WED, 01 Jul 2015 02:25:05 GMT
Authorization: OBS H4IPJX0TQTHTHEBQQCEC:75/Y4Ng1izvzc1nTGxpMXTE6ynw=
Content-Type: application/xml
Content-Length: 157
<ObjectLockConfiguration xmlns="http://obs.region.myhuaweicloud.com/doc/2015-06-30/">
</ObjectLockConfiguration>

Sample Response 2

HTTP/1.1 200 OK
Server: OBS
x-obs-request-id: BF260000016435CE298386946AE4C482
x-obs-id-2: 32AAAQAAEAABSAAgAAEAABAAAQAAEAABCT9W2tcvLmMJ+plfdopaD62S0npbaRUz
Date: WED, 01 Jul 2015 02:25:06 GMT
Content-Length: 0
Parent topic: Advanced Bucket Settings