Home > Data Protection > Data Protection (general) > Dell PowerProtect Data Domain Retention Lock > File Locking Protocol
Once a file has been migrated onto a PPDD system, it is the responsibility of the backup application to set and communicate the retention attribute by sending over standard industry protocols.
The retention period attribute used by the archiving application is the last access time, or the atime. RL allows granular management of retention periods on a file-by-file basis. As part of the configuration, the system administrator configures the RL software by specifying a minimum and maximum time-based retention period for each MTree to be protected. This ensures that the retention expiration date for an archived file is not set below the minimum or above the maximum retention period defined. If RL-C is installed, this operation requires Security Officer authorization.
Additional RL options available for RL enabled MTrees include:
Example: A backup application stores a backup file on an MTree and sets the last access time (atime) of the file to the retention time representing the point in time where the file may be deleted. The atime specified for the file must be equal to or greater than the minimum retention period, and equal to or less than the maximum retention period for the MTree.
If the retention period from the backup application is:
A permission denied error condition (referred to as EACCESS – a standard POSIX error) is returned.
Note: An exception is considered when the retention period is less than the current time plus the tolerance window (12 hours). In this case, the atime update is ignored without an error and the file is not locked for secure retention on the system.
The backup application must set the atime value and the DD RL must enforce it to avoid any modification or deletion of files under retention. For example, when PPDM defines a backup policy retention using RL-G mode, the resulting backup cannot be modified or deleted once stored on the PPDM system. When the RL time expires, it is the responsibility of the backup application to delete the expired backup sets.