Azure Storage Account Immutability (Part 2/4) : Time Based Retention
In the last article, the Immutability of Blob Storage feature, types of immutability supported by Azure, scopes available to configure it and the Storage Account configurations required to use the feature were discussed in detail. In this articles, the options & steps to configure Time based retention shall be explained. Following are the articles in this series for quick reference.
Azure Storage Account Immutability : Basics
Azure Storage Account Immutability : Time Based Retention *
Azure Storage Account Immutability : Legal Hold Based Retention
What is Time Based Retention Policy — Capability to prevent editing & deleting Blob and optionally its versions for a defined time (anywhere between 1 day to 400 years).
Time Based Retention Policy — Supported scopes:
Scope #1: Version level immutability — Immutability at Blob Version level
Scope #2: Container level immutability — Immutability at Blob level
Steps to configure Scope #1 Version level immutability — Blob Version level immutability:
- Enable Blob Versioning at Account level. This is a pre-requisite to enable Blob Version immutability at Account level or at specific container level which in turn is a pre-requisite to achieve Time based retention at Blob version level. [Discussed in last article]
- Enable Blob Version immutability at Account level or at Container level. If not enabled at Account level, then it needs to be enabled at a specific container level to use Time based retention at blob version level. If enabled at Account level, then the Blob Version immutability is automatically enabled for all the containers in the Storage Account and this option shall not be disabled at container level. [Discussed in last article]
- Define an optional Time based retention policy (number of immutable retention days) at Account level. If defined, the policy would be used as a default policy for all the blob/version across all containers. Navigation path is Storage Account > Data Management > Data Protection > Access Control > Check “Enable version-level immutability support” > Manage Policy > Define a Time based retention policy.
4. Define an optional Time based retention policy (number of immutable retention days) at Container level. If defined, the policy would be used as a default policy for all the blob/version for the specific container. Navigation path is Storage Account > Go to specific Container > Settings > Access Policy > Add Policy > Define a Time based retention policy.
5. When uploading the blob files,
Case #1: If the default Time based retention policy is defined at Account level & Container level, then the policy defined at Container level would be used as the default policy for blob/version uploaded to the specific container.
Case #2: If the default Time based retention policy is defined at Container level but not at Account level, then the policy defined at Container level would be used as the default policy for blob/version uploaded to the specific container.
Case #3: If the default Time based retention policy is defined at Account level but not at Container level, then the policy defined at Account level would be used as the default policy for blobs uploaded to the specific container.
Case #4: If the default Time based retention policy is neither defined at Account level nor at Container level, then a default time based retention policy doesn’t exist for a blob/version. The Time based retention policy needs to be directly configured at the blob/version level. You could also ignore setting any time based retention policy at blob/version level if immutability is not required for the blob/version (screenshot #3 below).
Note: No matter the availability of default time based retention policy at Account Level and/or Container level, the time based retention shall be directly configured at blob/version level if blob version immutability is enabled either at Account level or at specific Container level.
Steps to configure Scope #2 Container level immutability — Blob level immutability:
- Do not enable Blob Version immutability at Account and Container level [Discussed in last article].
2. Define a Time based retention policy at every container level where the blobs needs to achieve immutability. This time based retention policy would be applied for all the blobs uploaded to the specific container and the blobs uploaded would be immutable for the configured number of days.
In this article, the options & steps to configure Time based retention policy have be explained in detail.
In the next article, the options & steps to configure Legal Hold based immutability policy shall be explained in detail.
Happy Learning !
