Overview
When using the VPSA Object Store web console to delete an object, you may receive an error showing that the deletion is unauthorized, despite your user having admin permission.
Error (412): Unauthorized operation.
This may indicate that the object in question has an object lock retention date which has not yet passed.
Locked Object versions can only be deleted once the retention date has passed.
Checking Object Retention Date using AWS CLI
The retention date of an object can be checked using the AWS CLI using the s3api
's get-object-retention
subcommand.
For example, if the object key is one/two/three.txt
and it's in the bucket mybucket
, the command would look something like this:
aws \
--endpoint-url=https://vsa-00000001-example-01.zadarazios.com \
s3api get-object-retention \
--version-id 123456789.54321
--bucket mybucket \
--key one/two/three.txt
An example JSON response:
{
"Retention": {
"Mode": "COMPLIANCE",
"RetainUntilDate": "2024-01-01T00:00:00+00:00"
}
}
Checking Object Retention Date using VPSA Object Store Console
Note: The VPSA Object Store Console will show you the latest Object Version. To get details of any previous versions you'll need to use the AWS CLI, see above.
After clicking on an object from the VPSA Object Store Console, click on the HTTP Headers tab in the bottom pane. The `X-Object-Lock-Retain-Until-Date` value will show any retention date for the object: