Page Comparison

In case of using retention or legal holds, the user configured to access the buckets must also be the owner of the buckets, otherwise the check if object lock is enabled will fail.

From the S3 documentation:
x-amz-expected-bucket-owner

The account ID of the expected bucket owner. If the bucket is owned by a different account, the request fails with the HTTP status code 403 Forbidden (access denied). (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectLockConfiguration.html )