Mandatory File Retention

In addition to privileged file retention restrictions, mandatory file retention has further limitations. The retentionMandatory user role authorization is required to create a file with the mandatory retention policy. No user, not even the root user, can modify or delete a retained file. Also, shares with retained but unexpired files cannot be deleted, and storage pools containing files with unexpired retention cannot be unconfigured. A share with mandatory retention can be destroyed after all retained files have expired, and a storage pool with only expired retained files can be unconfigured. Also, a mandatorily retained file protects its ancestors and clone descendants from destruction.

Caution:

Mandatory file retention affects the filesystem, project, and storage pool. Carefully plan mandatory usage so that storage resources, especially pools and their associated drives, are not consumed for longer than necessary or overfilled.

You can change the retention period forward into the future but, unlike privileged file retention, you cannot change the retention backward in time. Thus, for example, you cannot immediately delete a retained filesystem, project, or its storage pool, but must wait until all files' retention times have expired.

To further protect mandatory retention shares, the software cannot be rolled back to a previous version without mandatory file retention nor can a storage pool's disks be reused while retention is active. Furthermore, NTP cannot be disabled, and NTP always synchronizes the clock, regardless of the skew amount. You cannot use a striped storage pool profile with mandatory retention because it does not provide redundancy. Also, the appliance factory reset feature is disabled until all mandatory file retention expires.