Help Center/ Object Storage Service/ API Reference/ Bucket APIs/ Write-Once-Read-Many (WORM)/ Obtaining the Default WORM Policy of a Bucket
Updated on 2026-04-16 GMT+08:00
View PDF
Share

Obtaining the Default WORM Policy of a Bucket

Functions

If a default WORM policy is configured for a bucket, you can call this API to obtain the default WORM policy of the bucket. For more information about bucket-level WORM policies, see Configuring WORM to Protect Objects from Being Overwritten or Deleted.

If you have never configured the default bucket-level retention policy after you enable WORM for a bucket, you can still use this API to check whether WORM is enabled.

Constraints

  • Before enabling bucket-level WORM, you need to enable versioning. Configuring WORM on OBS Console automatically enables versioning for the bucket, and versioning cannot be suspended afterward. When configuring WORM using APIs, you must first call the API that enables versioning for the bucket. WORM protects objects based on the object version IDs. Only object versions with any WORM retention policy configured can be protected. Assume that object test.txt 001 is protected by WORM. If another file with the same name is uploaded, a new object version test.txt 002 with no WORM policy configured will be generated. In such case, test.txt 002 is not protected and can be deleted. When you download an object without specifying a version ID, the current object version (test.txt 002) will be downloaded.
  • A lifecycle rule cannot delete WORM-protected objects, but can transition their storage class. After an object is no longer protected, it will be deleted when meeting the expiration rule in a lifecycle configuration.
  • Buckets with WORM enabled do not support cross-region replication.
  • If you have deregistered your account or your account has been frozen, the WORM-protected objects will be permanently deleted.
  • WORM-based protection is not available for migration.
  • The metadata of a WORM-protected object can still be modified.
  • Parallel file systems do not support WORM.

Authorization Information

To call this API, you must be the bucket owner or have the permission to obtain the default WORM policy of a bucket. You are advised to use IAM or bucket policies for authorization. For details about OBS authorization methods, see Differences Between OBS Permissions Control Methods.

  • If you use IAM for authorization, you need to use either role/policy-based authorization or identity policy-based authorization and configure the required permissions:
    • If you use role/policy-based authorization (IAM v3 APIs in the old IAM version), you need to grant the obs:bucket:GetBucketObjectLockConfiguration permission. For details, see Creating a Custom IAM Policy.
    • If you use identity policy-based authorization (IAM v5 APIs in the new IAM version), you need to grant the obs:bucket:getBucketObjectLockConfiguration permission, as shown in the following table. For details, see Creating a Custom IAM Identity Policy.

      Action

      Access Level

      Resource Type (*: Required)

      Condition Key

      Alias

      Dependencies

      obs:bucket:getBucketObjectLockConfiguration

      Read

      bucket *

      -

      -

      -
      • obs:EpochTime
      • obs:SourceIp
      • obs:TlsVersion
      • obs:CustomDomain
  • If you use bucket policies for authorization, you need to grant the obs:bucket:GetBucketObjectLockConfiguration permission. For details, see Creating a Custom Bucket Policy.

Request Syntax

GET /?object-lock HTTP/1.1
Host: bucketname.obs.region.myhuaweicloud.com 
Date: date
Authorization: authorization
Content-Type: application/xml
Content-Length: length

URI Parameters

This request contains no message parameters.

Request Headers

This request uses common headers. For details, see Table 3.

Request Body

This request contains no request body parameters.

Response Syntax

HTTP/1.1 status_code
Date: date
Content-Type: application/xml
Content-Length: length

<?xml version="1.0" encoding="UTF-8"?>
<ObjectLockConfiguration xmlns="http://obs.region.myhuaweicloud.com/doc/2015-06-30/">
    <ObjectLockEnabled>Enabled</ObjectLockEnabled>
    <Rule>
       <DefaultRetention>
          <Days>integer</Days>
          <Mode>COMPLIANCE</Mode>
          <Years>integer</Years>
       </DefaultRetention>
    </Rule>
</ObjectLockConfiguration>

Response Headers

This response uses common headers. For details, see Table 1.

Response Body

Table 1 describes the elements of the default bucket-level WORM policy in the response.

Table 1 Elements of the default bucket-level WORM policy

Parameter

Type

Description

ObjectLockConfiguration

Container

Definition

Container for bucket-level WORM configurations. ObjectLockConfiguration is the parent node of ObjectLockEnabled and Rule.

Range

For details, see Table 2.
Table 2 ObjectLockConfiguration parameters

Parameter

Type

Description

ObjectLockEnabled

String

Definition

Bucket-level WORM status.

Range

Enabled: Bucket-level WORM is enabled.

Rule

Container

Definition

Rule container of a bucket-level WORM policy. If the default bucket-level WORM policy has never been configured, the returned information does not contain this part. Rule is the parent node of DefaultRetention.

Range

For details, see Table 3.
Table 3 Rule parameter description

Parameter

Type

Description

DefaultRetention

Container

Definition

Container of the bucket-level default WORM policy. DefaultRetention is the parent node of Mode, Days, and Years.

Range

For details, see Table 4.
Table 4 DefaultRetention parameters

Parameter

Type

Description

Mode

String

Definition

Default retention policy.

Range

COMPLIANCE: compliance mode

Days

Integer

Definition

Default retention days.

Range

1 to 36500

Years

Integer

Definition

Default retention years.

Range

1 to 100

Error Responses

Table 5 describes possible special errors in this request.

Table 5 Error Responses

Error Code

Description

HTTP Status Code

InvalidRequest

The object lock is disabled for the bucket.

400

For other errors, see Table 2.

Sample Request 1

Get the configuration where the bucket has WORM enabled, but has no default retention policy configured.

GET /?object-lock HTTP/1.1
User-Agent: curl/7.29.0
Host: examplebucket.obs.region.myhuaweicloud.com
Accept: */*
Date: WED, 01 Jul 2015 02:25:05 GMT
Authorization: OBS H4IPJX0TQTHTHEBQQCEC:75/Y4Ng1izvzc1nTGxpMXTE6ynw=
Content-Length: 0

Sample Response 1

HTTP/1.1 200 OK
Server: OBS
x-obs-request-id: BF260000016435CE298386946AE4C482
x-obs-id-2: 32AAAQAAEAABSAAgAAEAABAAAQAAEAABCT9W2tcvLmMJ+plfdopaD62S0npbaRUz
Date: WED, 01 Jul 2015 02:25:06 GMT
Content-Length: 157

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ObjectLockConfiguration xmlns="http://obs.myhwclouds.com/doc/2015-06-30/">
  <ObjectLockEnabled>Enabled</ObjectLockEnabled>
</ObjectLockConfiguration>

Sample Request 2

Get the configuration where the bucket has WORM enabled and has the default retention policy configured.

GET /?object-lock HTTP/1.1
User-Agent: curl/7.29.0
Host: examplebucket.obs.region.myhuaweicloud.com
Accept: */*
Date: WED, 01 Jul 2015 02:25:05 GMT
Authorization: OBS H4IPJX0TQTHTHEBQQCEC:75/Y4Ng1izvzc1nTGxpMXTE6ynw=
Content-Length: 0

Sample Response 2

HTTP/1.1 200 OK
Server: OBS
x-obs-request-id: BF260000016435CE298386946AE4C482
x-obs-id-2: 32AAAQAAEAABSAAgAAEAABAAAQAAEAABCT9W2tcvLmMJ+plfdopaD62S0npbaRUz
Date: WED, 01 Jul 2015 02:25:06 GMT
Content-Length: 157

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ObjectLockConfiguration xmlns="http://obs.region.myhuaweicloud.com/doc/2015-06-30/">
  <ObjectLockEnabled>Enabled</ObjectLockEnabled>
  <Rule>
    <DefaultRetention>
      <Mode>COMPLIANCE</Mode>
      <Days>10</Days>
      <Years>0</Years>
    </DefaultRetention>
  </Rule>
</ObjectLockConfiguration>

References

Parent Topic: Write-Once-Read-Many (WORM)