All Products
Search
Document Center

Object Storage Service:Can I recover an OSS object after the object is deleted or overwritten?

Last Updated:Oct 24, 2023

The redundancy mechanism of Object Storage Service (OSS) is used to recover data when server or hardware failures occur. Alibaba Cloud cannot recover OSS data that is manually deleted, overwritten, or automatically deleted by configuration rules.

Data deletion and overwriting

The following section describes the data deletion and overwriting in the Service Terms and Service Level Agreement.

  • The following section describes user data management in the Service Terms:

    • You can delete, modify, and manage your business data. If you release services or delete data, Alibaba Cloud does not retain the data.

    • If the user data is deleted, the data cannot be recovered. You assume the consequences and responsibilities that result from the deletion of such data on your own. You understand and agree that Alibaba Cloud has no obligation to continue to retain, export, or return user data.

  • The following section describes data destructibility in the service-level agreement (SLA):

    If you delete data or want data to be automatically deleted when your services expire, Alibaba Cloud automatically deletes disk data and clears memory on the corresponding physical server. The data cannot be recovered.

Operations that may delete or overwrite data

Your data may be deleted or overwritten when you perform one of the following operations. Proceed with caution.

  • Delete objects by using the OSS console, ossutil, ossbrowser, or OSS SDKs. For more information, see Delete objects.

  • Upload an object that has the same name as an existing object to OSS by using the OSS console, ossutil, ossbrowser, or OSS SDKs. The existing object is overwritten by the uploaded object.

  • Configure lifecycle rules to delete objects on a regular basis. OSS automatically deletes objects based on the lifecycle rules. For more information, see Configure lifecycle rules.

  • Configure cross-region replication (CRR) rules for your bucket and select Add/Delete/Change for Replication Policy to synchronize data from the source bucket to your bucket. If objects in the source bucket are modified or deleted, the changes are synchronized to the destination bucket. For more information, see Configure CRR.

  • Other users delete or overwrite your objects because the configured access permissions on the bucket are inappropriate. For more information about access permissions, see Overview.

How do I prevent my objects from being accidentally deleted or overwritten?

You can use one of the following methods to prevent your objects from being deleted or overwritten:

  • Enable versioning

    When you enable versioning for a bucket, the objects that are deleted or overwritten are stored as previous versions in the bucket. You can recover an object to a previous version at any time. For more information, see Overview.

  • Use CRR to back up objects

    You can configure CRR rules for your bucket and select Add/Delete/Change for Replication Policy to synchronize data from your bucket to another bucket. For more information, see Configure CRR.

  • Configure scheduled backup

    You can use Cloud Backup to back up your objects. This way, you can recover your objects at the earliest opportunity when the objects are lost. For more information, see Configure scheduled backup.

  • Configure overwriting parameters for objects that have the same name

    When you call the upload operation to upload an object, set the x-oss-forbid-overwrite parameter to true to prevent overwriting objects that have the same name.

  • Configure appropriate access permissions

    Take note of the following principles when you grant access permissions to other users who want to access your bucket:

    • Do not use an Alibaba Cloud account to access OSS.

    • Grant read and write permissions to different RAM users. Use a RAM user that has only read permissions or Security Token Service (STS) temporary access credentials to access read-only data.

    • We recommend that you provide STS temporary access credentials to the users who need to only temporarily access your data.

    • Grant the least but sufficient access permissions on OSS data for different businesses.

    • Use a secure location to store your data access credentials, such as the password of your Alibaba Cloud account and the access credentials of a RAM user.

    For more information, see Overview.