为 Blob 存储设置和管理不可变性策略Set and manage immutability policies for Blob storage

Azure Blob 存储的不可变存储可让用户以 WORM(一次写入,多次读取)状态存储业务关键型数据对象。Immutable storage for Azure Blob storage enables users to store business-critical data objects in a WORM (Write Once, Read Many) state. 此状态可以根据用户指定的时间间隔使数据保持不可擦除且不可修改的状态。This state makes the data non-erasable and non-modifiable for a user-specified interval. 在保留时间间隔期间内,可以创建和读取 Blob,但不能对其进行修改或删除。For the duration of the retention interval, blobs can be created and read, but cannot be modified or deleted. 不可变存储适用于所有 Azure 区域中的常规用途 v2 和 Blob 存储帐户。Immutable storage is available for general-purpose v2 and Blob storage accounts in all Azure regions.

本文介绍如何使用 Azure 门户、PowerShell 或 Azure CLI 为 Blob 存储中的数据设置和管理永久性策略和合法保留。This article shows how to set and manage immutability policies and legal holds for data in Blob storage using the Azure portal, PowerShell, or Azure CLI. 有关不可变存储的详细信息,请参阅使用不可变的存储来存储业务关键型 Blob 数据For more information about immutable storage, see Store business-critical blob data with immutable storage.

  1. 请创建新的容器或选择现有容器,以便存储需要保持不可变状态的 Blob。Create a new container or select an existing container to store the blobs that need to be kept in the immutable state. 容器必须位于常规用途 v2 或 Blob 存储帐户中。The container must be in a general-purpose v2 or Blob storage account.

  2. 在容器设置中选择“访问策略” 。Select Access policy in the container settings. 然后选择“不可变 Blob 存储”下的“添加策略”。 Then select Add policy under Immutable blob storage.

    门户中的容器设置

  3. 若要启用基于时间的保留,请从下拉菜单中选择“基于时间的保留”。 To enable time-based retention, select Time-based retention from the drop-down menu.

    在“策略类型”下选择“基于时间的保留”

  4. 以天为单位输入保留时间间隔(可接受的值为 1 到 146000 天)。Enter the retention interval in days (acceptable values are 1 to 146000 days).

    “将保留期更新为”框

    策略的初始状态为“未锁定”,在此状态下可以先测试该功能,并在锁定之前对策略进行更改。The initial state of the policy is unlocked allowing you to test the feature and make changes to the policy before you lock it. 必须锁定策略才能符合 SEC 17a-4 等法规的要求。Locking the policy is essential for compliance with regulations like SEC 17a-4.

  5. 锁定策略。Lock the policy. 右键单击省略号 ( ... ),此时会显示以下包含附加操作的菜单:Right-click the ellipsis (...), and the following menu appears with additional actions:

    菜单中的“锁定策略”

  6. 选择“锁定策略”并确认锁定。 Select Lock Policy and confirm the lock. 现已锁定该策略,无法将其删除,只允许延长保留时间间隔。The policy is now locked and cannot be deleted, only extensions of the retention interval will be allowed. 不允许删除和替代 Blob。Blob deletes and overrides are not permitted.

    在菜单中确认“锁定策略”

  7. 若要启用法定保留,请选择“添加策略”。 To enable legal holds, select Add Policy. 从下拉菜单中选择“法定保留” 。Select Legal hold from the drop-down menu.

    菜单中“策略类型”下面的“法定保留”

  8. 使用一个或多个标记创建法定保留。Create a legal hold with one or more tags.

    策略类型下面的“标记名称”框

  9. 若要清除法定保留,请删除已应用的法定保留标识符标记。To clear a legal hold, remove the applied legal hold identifier tag.

允许受保护的追加 Blob 写入Enabling allow protected append blobs writes

允许其他追加写入

后续步骤Next steps

使用不可变存储存储业务关键型 Blob 数据Store business-critical blob data with immutable storage