Skip to main content
Hitachi Vantara Knowledge

Configuring a namespace

Changing the namespace name

You can change the name of a namespace any time, except while the S3 compatible, CIFS, or NFS protocol is enabled for the namespace. However, when you change the name, the URL for the namespace may change as well.

When you change the name of a namespace, AD single sign-on is automatically disabled for the REST API for that namespace. You can reenable it any time after the name change (as long as HCP can communicate with AD).

TipBe sure to notify the namespace users when you change the name of a namespace.

Before you begin

To change the name of a namespace, you need the administrator role.

Procedure

  1. In the top-level menu of the Tenant Management Console, click Namespaces.

  2. In the list of namespaces, click the name of the namespace you want.

  3. In the row of tabs below the namespace name, click Settings.

  4. On the left side of the Settings panel, click Name.

  5. In the New Namespace Name field in the Name panel, type the new name for the namespace.

  6. Click Update Name.

Changing the namespace permission mask

When you create a namespace, its data access permission mask includes all permissions. Once the namespace exists, you can change its permission mask at any time.

Before you begin

To change a namespace permission mask, you need the administrator role.

Procedure

  1. In the top-level menu of the Tenant Management Console, click Namespaces.

  2. In the list of namespaces, click the name of the namespace you want.

  3. In the namespace Overview panel, click the edit link for the Permissions section.

    The Console displays a set of checkboxes for the permissions. The permissions that are currently in the namespace permission mask are selected.
  4. Select or deselect permissions as needed to modify the permission mask.

    Selecting Purge automatically selects Delete. Selecting Search automatically selects Read.
  5. Click Submit.

Changing the namespace description

The namespace description is optional. You can enter a description or modify the existing description at any time.

Before you begin

To change a namespace description, you need the administrator role.

Procedure

  1. In the top-level menu of the Tenant Management Console, click Namespaces.

  2. In the list of namespaces, click the name of the namespace you want.

  3. In the namespace Overview panel, click the edit link for the Description section.

  4. In the edit area for the description, type the new description of the namespace.

    The description can be up through 1,024 characters long and can contain any valid UTF-8 characters, including white space.
  5. Click Submit.

Changing the namespace storage quotas

You can change both the hard quota and soft quota for a namespace at any time.

Before you begin

To change namespace quotas, you need the administrator role.

Procedure

  1. In the top-level menu of the Tenant Management Console, click Namespaces.

  2. In the list of namespaces, click the modify quotas control (GUID-D34C5E21-BD35-4BB8-813F-02F23D5BAEAD-low.png) for the namespace whose quotas you want to change.

  3. In the Modify Namespace Quota window, take either or both of these actions:

    • In the Hard Quota field, type the number of gigabytes or terabytes of storage to allocate to the namespace and select either GB or TB to indicate the measurement unit. Valid values are integers greater than or equal to one.
    • In the Soft Quota field, type a new soft quota for the namespace. Valid values are integers in the range ten through 95.
  4. Click Update Quota.

Changing the namespace owner

You can change or remove the owner of a namespace at any time.

Before you begin

To change or remove the owner of a namespace, you need the administrator role.

Procedure

  1. In the top-level menu of the Tenant Management Console, click Namespaces.

  2. In the list of namespaces, click the name of the namespace you want.

  3. In top right corner of the namespace Overview panel, click the Assign Owner link or the name of the current namespace owner, whichever is shown.

  4. In the Modify Namespace Owner window that appears, type the name of the new owner in the New Namespace Owner field.

    Optionally, to remove the current owner of a namespace, leave the New Namespace Owner field empty.
  5. Click Update Owner.

Changing the namespace tags

You can change the tags associated with a namespace at any time.

Before you begin

  • To view the tags associated with a namespace, you need the monitor or administrator role.
  • To change the tags associated with a namespace, you need the administrator role.

Procedure

  1. In the top-level menu of the Tenant Management Console, click Namespaces.

  2. In the list of namespaces, click the name of the namespace you want.

  3. In the row of tabs below the namespace name, click Settings.

  4. On the left side of the Settings panel, click Tags.

  5. Associate a new tag with the namespace.

    1. In the field in the Tags section, type a text string to be used as a tag.

      Tags must be from one through 64 characters long, can contain any valid UTF-8 characters except commas (,), and are not case sensitive. White space is allowed.
    2. Click Add Tag.

    The row with the new tag is highlighted in green.
  6. (Optional) To remove a tag from the namespace, click the delete control (GUID-159B6851-E11F-4AF8-90DA-1D18AA090E0B-low.png) for the tag.

    The row with the tag turns red.
  7. Click Update Settings.

Changing the default retention setting

When you create a namespace, its default retention setting is Deletion Allowed. Once the namespace exists, you can change this setting at any time. Valid values for this setting are:

  • An offset from the time the object is created.

    You specify an offset as numbers of years, months, and/or days. For example, you could specify an offset of two years. Then, an object added to the namespace on March 10, 2011, at 9:45 a.m. would expire on March 10, 2013, at 9:45 a.m.

  • A retention class.
  • One of these special values:
    • Deletion Allowed

      The object can be deleted at any time.

    • Deletion Prohibited

      The object can never be deleted by means of a normal delete operation. If the namespace is in enterprise mode, however, the object can be deleted by means of a privileged delete operation.

      After an object has this retention setting, its retention setting cannot be changed.

    • Initial Unspecified

      The object cannot be deleted, but can have its retention setting changed to any other retention setting. This setting is useful for namespaces for which the only enabled namespace access protocol is SMTP.

  • A fixed date in the future. In this case, the retention period for the object ends at the end of the specified day.
TipIf you specify a fixed date, remember to change the default retention setting again before that date occurs. Otherwise, the default retention setting reverts to Deletion Allowed when the specified date arrives.

Before you begin

  • To view the default retention setting for a namespace, you need the monitor, administrator, or compliance role.
  • To change the default retention setting for a namespace, you need the compliance role.

Procedure

  1. In the top-level menu of the Tenant Management Console, click Namespaces.

  2. In the list of namespaces, click the name of the namespace you want.

  3. In the row of tabs below the namespace name, click Policies.

  4. On the left side of the Policies panel, click Retention.

  5. In the Default Retention Setting section in Retention panel, take one of these actions:

    • To make the default retention setting an offset: In the Retention Method field, select Offset, and then enter values in Years, Months, and Days. Possible values are integers in the range zero through 9,999.
    • To make the default retention setting a retention class: In the Retention Method field, select Retention Class, and then select the retention class you want.
    • To make the default retention setting a special value: In the Retention Method field, select Special Value, and then select the special value you want.
    • To make the default retention setting a fixed date: In the Retention Method field, select Fixed Date, and then either type a date or click the calendar control (GUID-D34C5E21-BD35-4BB8-813F-02F23D5BAEAD-low.png) to select a date.
  6. Click Update Settings in the Default Retention Setting section.

Changing the default shred setting

When you create a namespace, its default shred setting is not to shred. Once the namespace exists, you can change this setting at any time.

Once an object is marked for shredding, its shred setting cannot be changed.

NoteIf HCP is allowed to use erasure coding to implement replication of a namespace, setting the default shred setting to shred for that namespace can significantly increase the load on all systems in the replication topology.

Before you begin

  • To view the default shred setting for a namespace, you need the monitor, administrator, or compliance role.
  • To change the default shred setting for a namespace, you need the compliance role.

Procedure

  1. In the top-level menu of the Tenant Management Console, click Namespaces.

  2. In the list of namespaces, click the name of the namespace you want.

  3. In the row of tabs below the namespace name, click Policies.

  4. On the left side of the Policies panel, click Shredding.

  5. In the Shredding panel:.

    • To enable secure deletion, select Shred on delete.
    • To disable secure deletion, deselect Shred on delete .
  6. Click Update Settings.

Changing the default index setting

When you create a namespace, its default index setting is to index. Once the namespace exists, you can change this setting at any time.

Before you begin

  • To view the default index setting for a namespace, you need the monitor or administrator role.
  • To change the default index setting for a namespace, you need the administrator role.

Procedure

  1. In the top-level menu of the Tenant Management Console, click Namespaces.

  2. In the list of namespaces, click the name of the namespace you want.

  3. In the row of tabs below the namespace name, click Policies.

  4. On the left side of the Policies panel, click Indexing.

  5. In the Indexing panel:

    • To enable indexing, select Index objects.
    • To disable indexing, deselect Index objects.
  6. Click Update Settings.

Changing minimum data access permissions

When you create a namespace, the set of minimum data access permissions is empty both for all users (that is, authenticated users and users that access the namespace anonymously) and for authenticated users. Once the namespace exists, you can modify these sets at any time.

Before you begin

  • To view the minimum data access permissions for a namespace, you need the monitor or administrator role.
  • To change the minimum data access permissions for a namespace, you need the administrator role.

Procedure

  1. In the top-level menu of the Tenant Management Console, click Namespaces.

  2. In the list of namespaces, click the name of the namespace you want.

  3. In the row of tabs below the namespace name, click Protocols.

  4. In the Protocols panel, click Minimum Data Access Permissions.

  5. In the Minimum Data Access Permissions panel, select or deselect permissions, as applicable, for all users (Anonymous and Authenticated Access) and for authenticated users (Authenticated Access Only).

    Selecting Read automatically selects Browse. Selecting Search automatically selects Read and Browse. Selecting Purge automatically selects Delete.By default, selecting a permission in the Anonymous and Authenticated Access row automatically selects the same permission in the Authenticated Access Only row and prevents the permission from being deselected in that row. For information about changing this behavior, see the next step.
  6. Click Advanced Configuration.

  7. (Optional) Take either of these actions:

    • To ensure that authenticated users always have the minimum permissions for all users in addition to the minimum permissions for authenticated users regardless of whether the protocol they’re using requires authentication, select Enforce anonymous permissions for authenticated users.

      Selecting this option causes permissions in the Authenticated Access Only row to be selected automatically when you select the corresponding permissions in the Anonymous and Authenticated Access row.

    • To allow unauthenticated users to have permissions that don’t apply to authenticated users when those users are using a protocol that requires authentication, deselect Enforce anonymous permissions for authenticated users.

      Deselecting this option allows you to select permissions in the two rows independently of each other.

  8. Click Update Settings.

Enabling the use of ACLs

When you create a namespace, the use of ACLs is disabled. Once the namespace exists, you can enable this feature. However, after enabling this feature, you cannot disable it.

Before you begin

To enable the use of ACLs for a namespace, you need the administrator role.

Procedure

  1. In the top-level menu of the Tenant Management Console, click Namespaces.

  2. In the list of namespaces, click the name of the namespace you want.

  3. In the row of tabs below the namespace name, click Settings.

  4. On the left side of the Settings panel, click ACLs.

  5. In the ACLs panel, select Enable ACLs.

  6. In response to the confirming prompt, click Enable ACLs.

Changing the option to enforce ACLs

By default, when you enable the use of ACLs for a namespace, the option to enforce ACLs is enabled. You can enable or disable this option at any time while the use of ACLs is enabled.

Before you begin

To view or change the option to enforce ACLs for a namespace, you need the administrator role.

Procedure

  1. In the top-level menu of the Tenant Management Console, click Namespaces.

  2. In the list of namespaces, click the name of the namespace you want.

  3. In the row of tabs below the namespace name, click Settings.

  4. On the left side of the Settings panel, click ACLs.

  5. In the ACLs panel:

    • To have HCP enforce ACLs, select Enforce ACLs.
    • To have HCP not enforce ACLs, deselect Enforce ACLs.
  6. Click Update Settings.

Changing retention-related settings

When you create a namespace:

  • Changes to POSIX UIDs and GIDs, POSIX permissions, and object owners are not allowed for objects under retention.
  • Only add operations are allowed with custom metadata for objects under retention.

Once the namespace exists, you can change these settings at any time.

Before you begin

  • To view retention-related settings for a namespace, you need the monitor, administrator, or compliance role.
  • To change these settings for a namespace, you need the compliance role.

Procedure

  1. In the top-level menu of the Tenant Management Console, click Namespaces.

  2. In the list of namespaces, click the name of the namespace you want.

  3. In the row of tabs below the namespace name, click Policies.

  4. On the left side of the Policies pane, click Retention.

  5. (Optional) In the Retention Options section in the Retention pane:

    • To allow changes for objects under retention, select Allow ownership and POSIX permission changes for objects under retention.
    • To allow the addition, deletion, and replacement of custom metadata for objects under retention, retention hold, and labeled retention hold, select Add, delete, and replace.
    • To allow only the addition of custom metadata for objects under retention, retention hold, and labeled retention hold, select Add only.
    • To disallow all custom metadata operations for objects under retention, retention hold, and labeled retention hold, select None.
  6. Click Update Settings in the Retention Options section.

  7. (Optional) In the Event-based Retention section in the Retention pane, set the Minimum Retention after Initial Unspecified value. Then, in the Event-based Retention section, click Update Settings.

    Similar to specifying an offset, you can specify this value as numbers of years, months, and/or days. The retention set on Initial Unspecified objects in the namespace must be greater than the Minimum Retention after Initial Unspecified value.

Enabling or disabling XML checking for custom metadata

When you create a namespace, custom metadata XML checking is enabled. You can change this setting at any time.

Before you begin

  • To view the custom metadata XML checking setting for a namespace, you need the monitor or administrator role.
  • To change the custom metadata XML checking setting for a namespace, you need the administrator role.

Procedure

  1. In the top-level menu of the Tenant Management Console, click Namespaces.

  2. In the list of namespaces, click the name of the namespace you want.

  3. In the row of tabs below the namespace name, click Policies.

  4. On the left side of the Policies panel, click Metadata.

  5. In the Metadata panel, take one of these actions:

    • To enable custom metadata XML checking, select Check on ingestion that XML in custom metadata files is well-formed.
    • To disable custom metadata XML checking, deselect Check on ingestion that XML in custom metadata files is well-formed.
  6. Click Update Settings.

Configuring object versioning

When you create a namespace, you specify whether versioning is enabled or disabled for it. Once the namespace exists, you can change this setting at any time except while the WebDAV, CIFS, NFS, or SMTP protocol is enabled for the namespace.

If a tenant is not allowed to create namespaces with versioning enabled, the versioning setting is not available for its namespaces.

When you enable versioning, you can also enable version pruning. If versioning has ever been enabled for a namespace, you can change the pruning settings for the namespace at any time regardless of whether versioning is currently enabled.

TipTo immediately remove old versions of objects, set the number of days to keep them to zero.

HCP maintains a transaction log in which it records create, delete, purge, prune, and disposition operations performed on objects. HCP uses this log to respond to operation-based queries issued through the metadata query API.

For any given namespace, you can choose whether HCP should keep records of deletion operations (delete, purge, prune, and disposition) if the namespace has ever had versioning enabled. The amount of time for which HCP keeps deletion records is determined by the system configuration.

In a namespace that was replicated but is not currently selected for replication, the following sequence of actions can cause objects that were deleted to reappear:

  1. You deselect the option to keep records of deletion operations.
  2. You reselect the namespace for replication.

Before you begin

  • To view the versioning settings for a namespace, you need the monitor or administrator role.
  • To change the versioning settings for a namespace, you need the administrator role.

Procedure

  1. In the top-level menu of the Tenant Management Console, click Namespaces.

  2. In the list of namespaces, click the name of the namespace you want.

  3. In the row of tabs below the namespace name, click Policies.

  4. On the left side of the Policies panel, click Versioning.

  5. In the Versioning panel:

    • To enable or disable versioning, select or deselect the Enable versioning option, respectively.
    • To enable or disable version pruning, select or deselect the Prune versions older than ... days option, respectively.

      If you select this option, in the option field, type the number of days old versions of objects must remain in the namespace before they are pruned. Valid values are integers in the range zero through 36,500 (that is, 100 years). A value of zero means prune immediately.

      This option is available only if you select the Enable versioning option or if versioning has ever been enabled.

    • To keep or not keep deletion records, select or deselect the Keep deletion records for versioned objects option, respectively.
  6. Click Update Settings.

    If the version pruning option is unselected, a confirming message appears.
  7. In the window with the confirming message, select I understand to confirm that you understand the consequences of your action.

  8. Click Update Settings.

Changing the compatibility setting

When you create a namespace, atime synchronization is disabled. You can change this setting at any time.

Before you begin

  • To view the compatibility setting for a namespace, you need the monitor or administrator role.
  • To change the compatibility setting, you need the administrator role.

Procedure

  1. In the top-level menu of the Tenant Management Console, click Namespaces.

  2. In the list of namespaces, click the name of the namespace you want.

  3. In the row of tabs below the namespace name, click Settings.

  4. On the left side of the Settings panel, click Compatibility.

  5. In the Compatibility panel, select or deselect the Synchronize POSIX atime values and object retention settings.

  6. Click Update Settings.

Changing disposition settings

When you create a namespace, disposition is disabled for both objects with expired retention periods and objects flagged as replication collisions. Once the namespace exists, you can change these settings at any time.

Before you begin

  • To view the disposition settings for a namespace, you need the monitor, administrator, or compliance role.
  • To change the disposition settings for a namespace, you need the compliance role.

Procedure

  1. In the top-level menu of the Tenant Management Console, click Namespaces.

  2. In the list of namespaces, click the name of the namespace you want.

  3. In the row of tabs below the namespace name, click Services.

  4. On the left side of the Services panel, click Disposition.

  5. In the Disposition panel:

    • To enable or disable disposition for objects with expired retention periods, select or deselect Automatically delete objects with expired retention periods, respectively.
    • To enable or disable disposition for objects flagged as replication collisions, select or deselect Automatically delete replication collision objects after ... days, respectively.

      If you select this option, in the option field, type the number of days objects flagged as replication collisions must remain in the namespace before they are automatically deleted. Valid values are integers in the range zero through 36,500 (that is, 100 years). A value of zero means delete immediately.

  6. Click Update Settings.

Changing the automatic abort time for multipart uploads

The automatic abort time for a namespace determines how long multipart uploads can remain incomplete before they are automatically aborted.

You can change the automatic abort time for a namespace at any time while the namespace is cloud optimized. You cannot change the automatic abort time for a namespace that is not cloud optimized.

Before you begin

  • To view the automatic abort time for a namespace, you need the monitor or administrator role.
  • To change the automatic abort time for a namespace, you need the administrator role.

Procedure

  1. In the top-level menu of the Tenant Management Console, click Namespaces.

  2. In the list of namespaces, click the name of the namespace you want.

  3. In the row of tabs below the namespace name, click Policies.

  4. On the left side of the Policies panel, click Multipart Upload.

  5. In the Abort incomplete multipart uploads field, type the number of days after which HCP should automatically abort incomplete multipart uploads in the namespace.

    Valid values are integers in the range zero through 180. A value of zero means multipart uploads are never automatically aborted.
  6. Click Update Settings.

Changing replication options

You can enable or disable replication for a namespace on the namespace Replication panel. While replication is enabled for the namespace, you can change options that relate to replication. While replication is disabled for the namespace, these options are hidden.

The replication options you can change are:

  • Read from remote system.

    By default, when you create a namespace, this option is enabled.

    ImportantDo not disable the read-from-remote-system option unless you have a specific reason to do so.
  • Accept REST, S3 compatible, and HSwift requests redirected from other HCP systems.

    By default, when you create a namespace, this option is enabled.

    You may want to disable this option if your applications cannot tolerate stale data or metadata. One way to get stale data would be to request an object for which two versions exist but for which the current version hasn’t been replicated yet. In this case, the system targeted by the request would retrieve the old version from another system in the replication topology and return that version to the application.

  • Collision handling.

    By default, when you create a namespace, this option is set to move objects.

  • Allow erasure coding.

    If allowed by the tenant configuration and if you make the namespace cloud optimized, when you create a namespace, you can choose whether the namespace allows erasure coding.

    Allowing erasure coding for a namespace that has shredding enabled as the default for new objects can significantly increase the load on all systems in the replication topology.

    You can also enable or disable replication for namespaces and, if allowed, manage erasure coding on the Replication page.

    While the tenant is being replicated, if you disable replication for a namespace that has already been replicated and then delete the namespace on one or more systems, the namespace deletions are not replicated. If you then reenable replication for that namespace and the namespace still exists on one or more systems, the namespace is replicated back to the systems where you deleted it.

    ImportantDisabling replication or the read-from-remote-system option for a namespace that has already been replicated may cause object data in that namespace to become inaccessible on one or more systems in the replication topology.

Before you begin

  • To view the replication options for a namespace, you need the monitor or administrator role.
  • To change the replication options for a namespace, you need the administrator role.

Procedure

  1. In the top-level menu of the Tenant Management Console, click Namespaces.

  2. In the list of namespaces, click the namespace you want.

  3. In the row of tabs below the namespace name, click Services.

  4. On the left side of the Services panel, click Replication.

  5. To enable or disable replication, select or deselect Replication.

  6. (Optional) If Enable replication is selected, take one or more of these actions:

    • To enable or disable the read-from-remote-system feature, select or deselect Enable read from remote system.
    • To allow or disallow HCP to service redirected REST, S3 compatible, and HSwift requests that target the namespace, select or deselect Accept requests redirected from other systems in the replication topology.
    • For cloud-optimized namespaces only, to allow or disallow erasure coding for the namespace, select or deselect Allow erasure coding.
    • To change the collision handling option, click Collision Handling. Then, in the Collision Handling section:
      • To have HCP move objects flagged as replication collisions to the .lost+found directory, select Move object to the .lost+found directory.
      • To have HCP rename objects flagged as replication collisions, select Rename object and store in the same location.
  7. Click Update Settings.

Changing the service plan

The service plan for a namespace is set when the namespace is created. You can change this setting at any time.

Before you begin

  • To view the service plan for a namespace, you need the monitor or administrator role.
  • To change the service plan for a namespace, you need the administrator role.

Procedure

  1. In the top-level menu of the Tenant Management Console, click Namespaces.

  2. In the list of namespaces, click the name of the namespace you want.

  3. In the row of tabs below the namespace name, click Services.

  4. On the left side of the Services panel, click Service Plan.

  5. In the list of service plans, select the service plan you want.

    NoteHCP system administrators can delete service plans regardless of whether they’re associated with any namespaces. In this case, the service plan name remains associated with the applicable namespaces, but the service plan is not available to be selected for any namespaces. HCP uses the Default service plan for the namespaces associated with that service plan name.

    In the list of service plans, a deleted service plan has no description.

  6. Click Update Settings.

Changing the retention mode

The retention mode of a namespace is either enterprise or compliance. You can change a namespace in enterprise mode to compliance mode, but you cannot do the reverse.

If a tenant is not allowed to create namespaces in compliance mode, the retention mode setting is not available for its namespaces.

When you change the retention mode of a namespace from enterprise to compliance, you have no guarantee that objects that should have been retained were not already deleted.

ImportantChanging the retention mode of a namespace may violate local regulations regarding data retention. Before taking this action, be sure you understand the implications.

Before you begin

  • To view the retention mode setting for a namespace, you need the monitor or administrator role.
  • To change the retention mode of a namespace, you need the administrator role.

Procedure

  1. In the top-level menu of the Tenant Management Console, click Namespaces.

  2. In the list of namespaces, click the name of the namespace you want.

  3. In the row of tabs below the namespace name, click Settings.

  4. On the left side of the Settings panel, click Retention Mode.

  5. In the Retention Mode panel, select Compliance.

  6. Click Update Settings.

    A confirming message appears.
  7. In the window with the confirming message, select I understand to confirm that you understand the consequences of your action.

  8. Click Update Settings.

Namespace-level CORS rules configuration

You can use the Tenant Management Console to configure CORS rules for a namespace.

Alternatively, you can use either the Hitachi API for Amazon S3 or the HCP management API to configure CORS rules at the namespace level.

You can also configure CORS rules at the tenant level to serve as the default CORS configuration for all namespaces owned by a tenant. To configure CORS settings at the tenant level, use either the System Management Console or the HCP management API. Note that you must have the administrator role to modify a tenant.

This section of the help describes how to use the Tenant Management Console to configure CORS settings at the namespace level.

Request elements (CORS rules)

A CORS rules configuration uses the request elements described in the next table. Some of the request elements are optional.

  • CORSConfiguration

    Container for CORSRules elements.

    Type: Container

    Children: CORSRules

    Ancestor: None

    A CORS rules configuration in HCP can have any number of CORSRule, AllowedMethod, AllowedOrigin, and AllowedHeader elements. However, the maximum size of the CORS configuration cannot exceed 2.5 MB.

  • CORSRule

    A set of origins and methods that you want to allow to access a resource.

    Type: Container

    Children: AllowedMethod, AllowedOrigin, AllowedHeader, MaxAgeSeconds, ExposeHeader

    Ancestor: CORSConfiguration

  • Id

    Optional.

    A unique identifier for the rule. The Id value assists you in finding a rule in the CORS configuration.

    Type: String

    Ancestor: CORSRule

  • AllowedMethod

    HTTP methods that you want to allow the origin to execute. Each CORSRule must identify at least one origin and one method.

    Type: Enum (GET, PUT, HEAD, POST, DELETE)

    Ancestor: CORSRule

  • AllowedOrigin

    Origins that you want to allow cross-origin requests from. Each CORSRule must identify at least one origin and one method.

    The origin value can include at most one wildcard character "*", for example, http://*.example.com. Alternatively, you can specify thewildcard character by itself to enable all origins to send cross-origin requests.

    Type: String

    Ancestor: CORSRule

  • AllowedHeader

    Optional.

    List of headers that are allowed in a preflight OPTIONS request through the Access-Control-Request-Headers header. This element can contain at most one wildcard character "*". Each header name in the Access-Control-Request-Headers header must have a corresponding entry in the CORSRule. The server will send only the allowed headers that were requested in a response.

    Type: String

    Ancestor: CORSRule

  • MaxAgeSeconds

    Optional.

    Maximum time, in seconds, that the browser can cache a preflight OPTIONS response for a specified resource. By caching the response, the browser does not have to send preflight requests to the server within the MaxAgeSeconds time window if repeated requests (same origin, HTTP method, and resource) are issued.

    A CORSRule can have at most one MaxAgeSeconds element.

    Type: Integer (seconds)

    Ancestor: CORSRule

  • ExposeHeader

    Optional.

    One or more response headers that customers can access from their applications, for example, from a JavaScript XMLHttpRequest object.

    You add one ExposeHeader element in the rule for each header. This element restricts the response headers that are accessible by the client.

    Type: String

    Ancestor: CORSRule

CORS configuration template

Here is a sample XML template for setting a CORS rules configuration.

<CORSConfiguration>
     <CORSRule>
          <Id>Optional: Unique string value that identifies the rule</Id>
          <AllowedOrigin>Origin that you want to allow cross-origin requests from</AllowedOrigin>
          <AllowedOrigin>A single wildcard is allowed</AllowedOrigin>
          <AllowedMethod>HTTP method</AllowedMethod>
          <AllowedMethod>HTTP method</AllowedMethod>
          <MaxAgeSeconds>Optional: Time, in seconds, the browser can cache the preflight OPTIONS response for a resource</MaxAgeSeconds>
          <AllowedHeader>Optional: Header that you want the browser to send. A single wildcard is allowed.</AllowedHeader>
          <AllowedHeader>...</AllowedHeader>     <!-- Optional -->
          <ExposeHeader>Optional: Response header that you want accessible from the browser </ExposeHeader>
          <ExposeHeader>...</ExposeHeader>     <!-- Optional -->
     </CORSRule>
     <CORSRule>
          ...
     </CORSRule>
     <CORSRule>
          ...
     </CORSRule>
</CORSConfiguration>

Configuring CORS rules for a namespace

You can use the Tenant Management Console to configure CORS settings for a namespace.

Before you begin

  • To view a tenant, you need the monitor or administrator role.
  • To modify a tenant, you need the administrator role.

Procedure

  1. In the top-level menu of the Tenant Management Console, click Namespaces.

  2. On the Namespaces page, click the right arrow next to the namespace for which you want to configure CORS settings.

    The namespace Overview panel is displayed.
  3. Click the Security tab.

    The Security panel opens to the CORS tab on the left.
  4. In the CORS Configuration field, enter the CORS settings to use for the namespace.

  5. Click Update Settings.

    A message is displayed above the CORS Configuration field indicating whether the update was successful.

Results

Your configuration is saved and persists in HCP.

Notice that the HCP software added the following XML header at the top of the CORS configuration:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

 

  • Was this article helpful?