Legal hold and related data access controls using static content-based datasets

What is claimed is: 1 . A computer-implemented method of performing data restriction operations including legal holds in a large-scale data system, comprising: scanning multiple data sources to identify data objects for processing as a unitary group with respect to restricted access and process controls; storing metadata of the identified data objects in a static dataset, wherein the static dataset represents data objects that do not change over time resulting in the composition of the dataset remaining unchanged over time, the static dataset preserving the data objects as fixed data and applying protection processes to implement the restricted access and process controls; and processing a user query to access one or more of the data objects referenced by the dataset, wherein the dataset defines a single data access unit for the referenced data objects and the query accesses the referenced data objects as a single unit based on data content rather than data location in a file directory of the system. 2 . The method of claim 1 wherein the restricted access and process controls comprise a legal hold procedure to preserve the data objects for a defined period of time and protected against modification and unauthorized access. 3 . The method of claim 2 wherein the restricted access prohibits access by unauthorized persons or entities, wherein authorization is provided by one of access control list (ACL) or role-based access control (RBAC) procedures. 4 . The method of claim 3 wherein the data objects comprise sensitive data comprising at least one of: legal documents, medical records, proprietary information, trade secret information, and secret financial information. 5 . The method of claim 4 wherein the legal hold procedure is implemented as defined by court rules in accordance with Federal Rules of Civil Procedure. 6 . The method of claim 1 wherein the static dataset receives at least some of the data objects from a dynamic dataset that can receives periodic changes to the metadata based on at least one of addition of one or more additional data objects in the unitary group, or a change in characteristics of a data object referenced by the dataset, and wherein data objects from the dynamic dataset are then no longer modifiable and are subject to the strict access and process controls of the static dataset. 7 . The method of claim 1 wherein data objects are sourced by multiple data sources comprising data stored in multiple storage devices, including network attached storage (NAS), object storage, local storage, or cloud networks, and wherein the data provided by each data source is compiled by a different entity in the system. 8 . The method of claim 1 further comprising producing the dataset by gathering the identified metadata for storage in the data catalog, and executing a user entered query comprising metadata selectors as dataset tags for matching against the cataloged metadata to generate the dataset. 9 . The method of claim 8 wherein the metadata selectors comprise tags consisting of alphanumeric strings applied to respective data objects based on user-defined rules, and wherein the tags define at least one of a file type, name, location, creation time, or characteristic. 10 . The method of claim 8 wherein the dataset is organized into collection information and per file and object information, and wherein collection information comprises a dataset creation time, the query, role-based access control (RBAC) for the dataset, and first free-form metadata, and wherein the per file and object information comprises location of data of the dataset, unstructured metadata information, and second free-form metadata. 11 . A computer-implemented method of enforcing a legal hold procedure in a large-scale data system, comprising: scanning multiple data sources to identify data objects for processing as a unitary group with respect to common access and control processes of the legal hold procedure that preserves the data objects for a defined period of time and protected against modification and unauthorized access; storing metadata of the identified data objects in a static dataset that defines a single data access unit for the referenced data objects; and processing a user query regarding a data object of the identified data objects, wherein the query accesses the referenced data objects through the dataset as a single unit based on data content rather than data location in a file directory of the system. 12 . The method of claim 11 wherein the data objects comprise sensitive data comprising at least one of: legal documents, medical records, proprietary information, trade secret information, and secret financial information, and wherein the legal hold procedure is implemented as defined by court rules in accordance with Federal Rules of Civil Procedure. 13 . The method of claim 12 wherein the restricted access prohibits access by unauthorized persons or entities, wherein authorization is provided by one of access control list (ACL) or role-based access control (RBAC) procedures. 14 . The method of claim 13 wherein the static dataset receives at least some of the data objects from a dynamic dataset that can receives periodic changes to the metadata based on at least one of addition of one or more additional data objects in the unitary group, or a change in characteristics of a data object referenced by the dataset, and wherein data objects from the dynamic dataset are then no longer modifiable and are subject to the strict access and process controls of the static dataset. 15 . The method of claim 11 wherein data objects are sourced by multiple data sources comprising data stored in multiple storage devices, including network attached storage (NAS), object storage, local storage, or cloud networks, and wherein the data provided by each data source is compiled by a different entity in the system. 16 . The method of claim 15 further comprising producing the dataset by gathering the identified metadata for storage in the data catalog, and executing a user entered query comprising metadata selectors as dataset tags for matching against the cataloged metadata to generate the dataset, and further wherein the metadata selectors comprise tags consisting of alphanumeric strings applied to respective data objects based on user-defined rules. 17 . The method of claim 16 wherein the tags define at least one of a file type, name, location, creation time, or characteristic, and further wherein the dataset is organized into collection information and per file and object information, and wherein collection information comprises a dataset creation time, the query, role-based access control (RBAC) for the dataset, and first free-form metadata, and wherein the per file and object information comprises location of data of the dataset, unstructured metadata information, and second free-form metadata. 18 . A computer-implemented method of performing data protection operations including legal holds in a large-scale data system, comprising: scanning multiple data sources to identify data objects for processing as a unitary group with respect to data protection operations; storing metadata of the identified data objects in a static dataset, wherein the static dataset represents data objects that do not change over time resulting in the composition of the dataset remaining unchanged over time, the static dataset preserving the data objects as fixed data and applying protection processes to implement the data protection operations comprising one of bac