storage grid introduced support for S3 object lock in the 11.5 software release allowing tenants to ensure their data cannot be modified or deleted for a specific period of time storage grid 11.9 introduces additional grid admin controls around tenant object lock access previously tenants had full control over object lock retention periods and retention modes this meant that a tenant could set object lock in compliance mode blocking the grid admin from deleting any protected objects for service providers for example this introduced a risk of tenants locking objects for longer than their agreed service period intentionally or otherwise storage grid 11.9 introduces additional grid admin controls in this area allowing admins to set a Max object lock for tension period and allow or disallow compliance mode on a per tenant level now let's log into storage grid and try out these settings we can start by enabling object lock on the grid note that this setting cannot be disabled in the future and requires an ilm policy that does not delete data and provides adequate data protection now tenants can access object lck controls on their buckets now let's go ahead and create a tenant under permissions we can access the tenant settings for S3 object lock first we can set the maximum retention period this is the maximum time during which a locked object cannot be deleted with a retention period of one year for example the object cannot be changed or deleted until one year after it's ingest for this tenant let's set a 30-day maximum retention period now we can enable compliance mode on this tenant object lock offers two retention modes compliance and governance compliance mode will block all changes and deletes from any user including the grid admin governance mode allows changes and deletes from users with special permissions but blocks everyone else we can allow compliance mode for this tenant in the future we can increase this tenants Max retention period or allow compliance mode if it was initially disallowed we can decrease the max retention period or disallow compliance mode as long as no existing buckets on the tenant conflict with the new object lock settings for example if this tenant already created a bucket with compliance mode we cannot disallow compliance mode in the future on the [Music] tenant now let's log into the tenant manager and create a bucket under settings we can enable S3 object lock on this bucket to enforce a default retention mode and period enable default retention now we can choose the default retention settings that this bucket will enforce since governance mode is allowed for this tenant we can select it here now let's pick a default retention period we can see the max retention period allowed for this tenant is set to 30 days if I enter 31 days I'm prompted to contact my administrator let's set a default retention period of two weeks for this bucket now our bucket is ready for S3 object lock thank you for watching