Home > Storage > PowerScale (Isilon) > Product Documentation > Security and Compliance > Dell PowerScale: SmartLock Best Practices > Privileged delete
General users and applications cannot change the data or metadata of SmartLock-committed files, move them, or delete them. If a general user or application must change SmartLock-protected data, they must first copy it to a non-SmartLock directory and make their changes to the copy. No one except for a privileged user can alter the SmartLock-protected original file.
Before OneFS 8.0, a privileged user was defined as someone who has root access to the system and can delete SmartLock-protected files. Users could only perform privileged deletes locally, not over the network, which added a layer of control for privileged functions. The privileged user existed only in the Enterprise version of SmartLock. Starting with OneFS 8.0, a non-root user can perform a privileged delete through the RBAC role ISI_PRIV_IFS_WORM_DELETE.