What I want to be able to do is to change be able to set the retention date on an object programatically and guarantee that it will take effect immediately; that is, I want to be able to assign an arbitrary date value (to be determined by my application) to the user.maui.retentionEnd attribute and have it enforced immediately. I understand that in order to assign a value to the user.maui.retentionEnd attribute, it must be present on the object, which requires it to be associated with a Policy for which retention is enabled. Also, in order to guarantee that the retention date will take effect immediately, the user.maui.retentionStart value must either not be set or must be set to a date that is less then or equal to the current date. Otherwise, there will be a window of time in which retention is not enforced.
My plan was to create a subtenant that is dedicated to my application and that has a single policy that is designated as the default for all objects created by my application. This default policy would have retention enabled, but it wouldn't matter what date the retention period is set to because my application will change it after creating a new object (which I have verified is possible).
As mentioned above, this scheme also depends on there being no start delay, however I have not been able to determine how to set user.maui.retentionStart programmatically. Plan was to simply not specify a start delay window when setting up the default policy, however a closer reading of the Atmos Administrator's Guide led me to discover that might not be possible. Is there a way set up a policy that is enabled for retention, but does not specify a Start Delay Window? If not, is it possible to set it to a date in the past so that the effect would be that there is no window? (I do not have a server available that I can test this on). If neither of those options work, is there another way to accomplish my goal?
Since version 2.1.4, Atmos supports SEC 17a-4(f) compliance, which basically means retention is enabled immediately upon policy assignment. If you are running an older version, you should work through your support channels to get an update. When creating a new policy on a 2.1.4+ system, you should see a checkbox at the top that will enable compliance and set a zero-second start delay window (see image below). I believe this is what you're looking for.