Who can use the management API

To use the HCP management API, you need either a system-level or tenant-level user account that’s defined in HCP. If HCP is configured to support Windows® Active Directory® (AD), applications can also use recognized AD user accounts to access HCP through the management API. A recognized AD user account is an AD user account for a user that belongs to one or more AD groups for which corresponding group accounts are defined in HCP.

What you can do with the API depends on:

The level of account you’re using

The roles associated with the account (or applicable group accounts)

For tenant-level accounts, whether the account (or applicable group accounts) has the allow namespace management property

The permissions granted by each role have the same effect with the management API as they do in the System Management and Tenant Management Consoles. For example, with a system-level user account that includes the administrator role, you can create, modify, and delete tenants and configure the default tenant and namespace. With a system-level user account that includes only the monitor role, you can only retrieve information about these entities.

Similarly, with a tenant-level user account that includes the administrator role, you can create, modify, and delete namespaces. With a tenant-level user account that includes only the monitor role, you can only retrieve information about these entities.

An HCP tenant can grant system-level users administrative access to itself. This enables users with system-level user accounts to perform the activities allowed by the tenant-level roles that correspond to their system-level roles.

If you have only the allow namespace management property and no roles, the activities you can perform with the HCP management API are limited to creating namespaces, listing and deleting namespaces you own, and viewing and modifying the versioning status of namespaces you own.

For you to use the management API with a system-level user account, the API must be enabled in the System Management Console. For you to use the API with a tenant-level user account, the API must be enabled in both the System Management Console and the applicable Tenant Management Console.

For more information on:

System-level user accounts, see Administering HCP

Tenant-level user accounts, see Managing a Tenant and Its Namespaces

Enabling the management API, see Enabling the management API in the Management Consoles

For details on the user accounts required for management API activities, see Resources.

Trademarks and Legal Disclaimer

© 2017 Hitachi Data Systems Corporation. All rights reserved.