About user and group accounts

HCP uses system-level user and group accounts to control access to these interfaces:

  • HCP System Management Console
  • Tenant Management Console for managing the default tenant and namespace
  • HCP management API for creating and managing tenants
  • HCP metadata query API for querying the default namespace
  • Search Console to search in the default namespace
NoteSystem-level user and group accounts do not control access to stored data and metadata other than through the metadata query API and Search Console.

User accounts

An HCP user account is a set of credentials that gives a user access to one or more of the interfaces listed above. You create and manage user accounts in the HCP System Management Console.

When you create a user account, you specify a username and password. You also associate roles with the account and specify whether the user credentials are authenticated locally or by RADIUS. Additionally, for locally authenticated users, you specify whether the account password must be changed the next time the account is used to access one of the Consoles.

You can enable and disable user accounts, as needed. While an account is disabled, it cannot be used to access any of the applicable interfaces. You might decide to disable an account, for example, while the user for whom you created it is on vacation.

Multiple people can use the same user account concurrently for the same or different interfaces. To prevent this from happening, you should create a separate account for each user, and users should keep their passwords confidential.

An HCP system can have at most 200 system-level user accounts.

Group accounts

An HCP group account is a representation of an Active Directory group. The group account enables AD users in the AD group to access one or more of the interfaces listed above. You create and manage group accounts in the HCP System Management Console.

When you create a group account, you associate roles with it. When an AD user accesses HCP, that user has all the roles associated with all the group accounts that correspond to AD groups to which the user belongs.

An HCP system can have at most 100 system-level group accounts.