HCP System Management Help


groupAccount data type properties

The table below describes the properties included in the groupAccount data type.

Property name

Data type

Description

Notes

allowNamespaceManagement

Boolean

Specifies whether the group account has the allow namespace management property. Valid values are:

true — The group account has the allow namespace property.

false — The group account does not have the allow namespace management property.

On a PUT request, the default is true if the roles property includes ADMINISTRATOR in the same request; otherwise, the default is false.

On a POST request, adding ADMINISTRATOR to the roles for the group account automatically enables the allow namespace management property for the account.

Users in groups with the allow namespace management property can use the HCP management and HS3 APIs to:

Create namespaces

List, view and change the versioning status of, and delete namespaces they own

This property is not valid on a PUT request. It is valid on a POST request only if the user making the request has the administrator role.

externalGroupID

String

Specifies the security identifier (SID) of the AD group that corresponds to the HCP group account. For a PUT request, valid values are the SIDs of AD groups defined in the AD forest supported by HCP.

Either this property or the groupname property is required on a PUT request. If you include both properties in the request body, they must identify the same AD group.

This property is not valid on a POST request. It is returned only by a verbose GET request and only when the user making the request has the security role.

groupname

String

Specifies the name of the HCP group account. For a PUT request, valid values are the names of AD groups defined in the AD forest supported by HCP, in either of these formats:

group-name

group-name@ad-domain-
name

If you omit the domain name, HCP uses the AD domain specified in the system configuration.

Be sure to use the second format if a group with the specified name exists in more than one domain in the AD forest or if the group name looks like a SID.

Either this property or the externalGroupID property is required on a PUT request. If you include both properties in the request body, they must identify the same AD group.

This property is not valid on a POST request.

roles

List

Associates zero, one, or more roles with the group account. Valid values for roles are:

ADMINISTRATOR

COMPLIANCE

MONITOR

SECURITY

These values are not case sensitive.

The default is no roles.

This property is valid on a POST request and returned by a GET request only when the user making the request has the security role.

A user with the ADMINISTRATOR role cannot POST this property.

For an existing group account, the set of roles specified in the request body replaces the set of roles currently associated with the group account. To remove all roles, specify an empty set.

In XML, each listed role is the value of an element named role. In JSON, the name in the name/value pair that lists the roles is role.

© 2017 Hitachi Vantara Corporation. All rights reserved.