How versioning and WORM-like ACLs work on NetApp StorageGRID

Versioning is used to provide access to previous revisions of an object (e.g. GET object.mp3?v=2 gets revision #2 of the object). *If* users are allowed to overwrite objects but *not allowed* to delete old versions (not the default!), then objects practically become indelible.
But each revision is a copy that takes up disk space, so the benefit of versioning should be higher than its cost.
One popular feature used in conjunction with S3 versioning is S3 Object Lock with specified retention, which guarantees retention until a certain date, but unlocks and allows deletion of older objects - very useful for backups that need to be ransomware-resistant as long as they're needed.
But even without any of these tricks, the versioning feature protects files from accidental deletion or change, as you can always GET object.mp4?v=2 and re-upload it to recover from deleting the object or uploading a wrong revision 3.

Wondering about Object Lock with S3 versioning vs. legacy "Compliance"? See https://docs.netapp.com/us-en/storagegrid-117/ilm/managing-objects-with-s3-object-lock.html

"Software WORM" or ACLs-based WORM is simpler: it aims to prevent users from modifying (and hence also deleting) existing objects. To do that we craft a bucket policy ACL that prevents these requests to non-admin users. Obviously this isn't as robust, but it serves many purposes, including prevention from accidental modification or deletion of files, and unlike versioning, does not take extra storage space.