Namespace settings
The following table describes the settings you can specify when you create or edit a ECS namespace.
The way in which namespace and bucket names are used when addressing objects in ECS is described in Object base URL.
| Field | Description | Can be edited |
|---|---|---|
| Name | The name of the namespace, in lowercase characters. | No |
| Namespace Admin | The user ID of one or more users assigned to the Namespace Administrator role; a list of users is comma separated.
Namespace Administrators can be local or domain users. If the Namespace Administrator is a domain user, ensure that an authentication provider is added to ECS. See Introduction to users and roles for details. |
Yes |
| Domain Group Admin | The domain group assigned to the Namespace Administrator role. Any member, when authenticated, is assigned the Namespace Administrator role for the namespace. The domain group must be assigned to the namespace by setting the Domain User Mappings for the namespace.
To use this feature you must ensure that an authentication provider is added to ECS. See Introduction to users and roles for details. |
Yes |
| Replication Group | The default replication group for the namespace. | Yes |
| Namespace Quota | The storage space limit that is specified for the namespace. You can specify a storage limit for the namespace and define notification and access behavior when the quota is reached. The quota setting for a namespace cannot be less than 1 GiB. You can specify namespace quota settings in increments of GiB. You can select one of the following quota behavior options:
|
Yes |
| Default Bucket Quota | The default storage limit that is specified for buckets created in this namespace. This is a hard quota which, when reached, prevents write/update access to the bucket.
Changing the default bucket quota does not change the bucket quota for buckets that are already created. |
Yes |
| Server-side Encryption | The default value for server-side encryption for buckets created in this namespace.
Server-side encryption, also known as Data At Rest Encryption or D@RE, encrypts data inline before storing it on ECS disks or drives. This encryption helps prevent sensitive data from being acquired from discarded or stolen media. If you turn this setting on for the namespace, then all its buckets are encrypted and this setting cannot be changed when a bucket is created. If you want the buckets in the namespace to be unencrypted, then you must leave this setting off. If you leave this setting off for the namespace, individual buckets can be set as encrypted when created. For a complete description of the feature, see the ECS Security Configuration Guide, available from the ECS Product Documentation page. |
No |
| Access During Outage |
The default behavior when accessing data in the buckets created in this namespace during a temporary site outage in a geo-federated setup. If you turn this setting on for the namespace and a temporary site outage occurs, if you cannot access a bucket at the failed site where the bucket was created (owner site), you will be able to access a copy of the bucket at another site. Note that objects that you access in the buckets in the namespace might have been updated at the failed site, but changes might not have been propagated to the site from which you are accessing the object. If you leave this setting off for the namespace, data in the site which has the temporary outage is not available for access from other sites, and object reads for data that is owned by the failed site will fail. For more information, see TSO behavior with the ADO bucket setting turned on. |
Yes |
| Compliance |
The rules that limit changes that can be made to retention settings on objects under retention. ECS has object retention features enabled or defined at the object level, bucket level, and namespace level. Compliance strengthens these features by limiting changes that can be made to retention settings on objects under retention. You can turn this setting on only at the time the namespace is created; you cannot change it after the namespace is created. Compliance is supported by S3 and CAS systems. For details about the rules enforced by compliance, see the ECS Data Access Guide, available from the ECS Product Documentation page. |
No |
| Retention Policies | Enables one or more retention policies to be added and configured.
A namespace can have one or more associated retention polices, where each policy defines a retention period. When you apply a retention policy to a number of objects, rather than to an individual object, a change to the retention policy changes the retention period for all the objects to which the policy is applied. A request to modify an object before the expiration of the retention period is disallowed. In addition to specifying a retention policy for a number of objects, you can specify retention policies and a quota for the entire namespace. For more information on retention, see Retention periods and policies. |
Yes |
| Domain | Enables Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) domains to be specified and the rules for including users from the domain to be configured.
Domain users can be assigned to ECS management roles and can use the ECS self-service capability to register as object users. The mapping of domain users into a namespace is described in Domain users require an assigned namespace to perform object user operations. |
Yes |
You can set the following attribute using the ECS Management REST API, but not from the ECS Portal.
- Allowed (and Disallowed) Replication Groups
- Enables a client to specify the replication groups that the namespace can use.