HCP System Management Help


HCP tenant query parameters

When you create an HCP tenant, HCP automatically creates the initial user or group account for the tenant, depending on which query parameters you include in the PUT request.

Creating an initial user account

To create a tenant with an initial user account, you use these query parameters, which correspond to user account properties with the same name:

username — This parameter is required when you create a tenant. The username you specify is also used as the full name for the user account.

password — This parameter is required when you create a tenant.

forcePasswordChange — This parameter is optional when you create a tenant. The default is false.

For information on values for these parameters, see userAccount data type properties.

The user account that’s created:

Is enabled

Is locally authenticated

Has only the security role

Has no data access permissions

Has no description

The username, password, and forcePasswordChange query parameters are valid only when you create an HCP tenant and only if you enable local authentication for the tenant in the same request. They are not valid on a request to modify a tenant.

For an example of a request that uses these query parameters, see “Example: Creating an HCP tenant” on page 39.

Creating an initial group account

To create the tenant with an initial group account, you use the initialSecurityGroup query parameter. The value of this parameter must be the name or SID of an AD group defined in the AD forest supported by HCP. You can specify the name in either of these formats:

group-name

group-name@ad-domain-name

If you omit the domain name, HCP uses the AD domain specified in the system configuration.

Be sure to use the second format if a group with the specified name exists in more than one domain in the AD forest or if the group name looks like a SID.

The group account that’s created:

Has only the security role

Has no data access permissions

The initialSecurityGroup query parameter is valid only when you create an HCP tenant and only if you enable AD authentication for the tenant in the same request. It is not valid on a request to modify a tenant.

© 2017 Hitachi Vantara Corporation. All rights reserved.