About user and group accounts

User and group accounts control access to HCP interfaces. The administrative roles associated with these accounts allow users to use:

The Tenant Management Console

The HCP management API

You need the security role to create, modify, delete, and associate roles with user and group accounts.

The data access permissions associated with user and group accounts allow users to access namespace content through:

Namespace access protocols that require authentication

The Namespace Browser

The HCP metadata query API

The HCP Search Console

You need the administrator role to associate data access permissions with user and group accounts.

The allow namespace management property, which you can assign to a user or group account, allows users to use the HCP management and S3 compatible APIs to:

Create namespaces

List, view and change the versioning status of, and delete namespaces they own

You need the administrator role to assign the allow namespace management property to a user or group account.

User accounts

An HCP user account is a set of credentials that gives a user access to one or more of the interfaces listed above. You create and manage user accounts in the Tenant Management Console.

When you create a user account, you specify whether the user credentials are authenticated locally or by RADIUS. Additionally, for locally authenticated users, you specify whether the account password must be changed the next time the account is used to access one of the Consoles.

When you create a user account, you have the option of associating roles with it and assigning the allow namespace management property. You can change these properties as well associate data access permissions with the account at any time thereafter.

You can enable and disable user accounts, as needed. While an account is disabled, it cannot be used to access any of the applicable interfaces. You might decide to disable an account, for example, while the user for whom you created it is on vacation.

Multiple people can use the same user account concurrently for the same or different interfaces. To prevent this from happening, you should create a separate account for each user, and users should keep their passwords confidential.

Note: For HCP user accounts, HCP logs failed namespace access attempts with a given username once an hour. This prevents repeated log messages in the case where an application specifies invalid credentials. The message that’s logged indicates the number of failed attempts that occurred in the past hour.

A tenant can have at most 10,000 HCP user accounts.

Group accounts

An HCP group account is a representation of an Active Directory group. The group account enables AD users in the AD group to access one or more of the interfaces listed above. You create and manage group accounts in the HCP Tenant Management Console.

When you create a group account, you have the option of associating roles with it. You can change these associations and also associate data access permissions with the account at any time thereafter.

A tenant can have at most 100 group accounts.

© 2015, 2020 Hitachi Vantara LLC. All rights reserved.