User story
As a record manager, I want to take the benefits of the retention features provided by Amazon S3 to secure the records at storage media by using the Governance mode, so that I can prevent any deletion or change of the records at storage media level, except for specific power users.
Description
The goal is to maintain a high level of security by using S3 retention features (prevent deletion or change at storage media for records under retention or legal hold) but with a more flexible mode than S3 Compliance mode as power users can shorten retention or delete a record under retention or legal hold.
Apart the S3 storage class, the behavior and features are very close to the Compliance mode: Nuxeo has to provide to S3 the retention period and legal hold status and common users can’t delete content or shorten retention.
The goal of this ticket is to make sure that the Retention addon governance mode (cf. NXP-30002) is compliant with the S3 governance mode.
Acceptance criteria
When the retention addon is configured in Governance mode:
- As a user with ManageRecord permission, I can NOT delete a document under retention or legal hold
- As a user with write permission but without ManageRecord, I can NOT delete a document under retention or legal hold
- As a user with RemoveRecords permission, I can delete a document under retention or legal hold
- As an administrator, I can delete a document under retention or legal hold
- As a S3 administrator, I can see the expiration date in the S3 object when I put the document under retention in Nuxeo
- As a S3 administrator, I can see the legal hold attribute in the S3 object when I put the document under retention in Nuxeo