groupAccount
The groupAccount
data type describes the groupAccounts
resource.
Properties
The table below describes the properties included in the groupAccount
data type.
Property | Data Type | Description | Notes |
allowNamespace Management | Boolean |
Specifies whether the group account has the allow namespace management property. Valid values are:
On a PUT request, the default is On a POST request, adding ADMINISTRATOR to the roles for the group account automatically enables the allow namespace management property for the account. Users in groups with the allow namespace management property can use the HCP management and S3 compatible APIs to:
| This property is not valid on a PUT request. It is valid on a POST request only if the user making the request has the administrator role. |
externalGroupID | String | Specifies the security identifier (SID) of the AD group that corresponds to the HCP group account. For a PUT request, valid values are the SIDs of AD groups defined in the AD forest supported by HCP. |
Either this property or the groupname property is required on a PUT request. If you include both properties in the request body, they must identify the same AD group. This property is not valid on a POST request. It is returned only by a verbose GET request and only when the user making the request has the security role. |
groupname | String |
Specifies the name of the HCP group account. For a PUT request, valid values are the names of AD groups defined in the AD forest supported by HCP, in either of these formats: group-name group-name@ad-domain- name If you omit the domain name, HCP uses the AD domain specified in the system configuration. Be sure to use the second format if a group with the specified name exists in more than one domain in the AD forest or if the group name looks like a SID. |
Either this property or the This property is not valid on a POST request. |
roles | List |
Associates zero, one, or more roles with the group account. Valid values for roles are:
These values are not case sensitive. The default is no roles. |
This property is valid on a POST request and returned by a GET request only when the user making the request has the security role. A user with the ADMINISTRATOR role cannot POST this property. For an existing group account, the set of roles specified in the request body replaces the set of roles currently associated with the group account. To remove all roles, specify an empty set. In XML, the element that identifies each role is |
Example
Here’s an XML example of the groupAccount
data type:
<groupAccount> <allowNamespaceManagement>false</allowNamespaceManagement> <externalGroupID>S-1-5-21-1522923621-2272695913-102089983-3621 </externalGroupID> <groupname>hcp-admin@ad.example.com</groupname> <roles> <role>MONITOR</role> <role>ADMINISTRATOR</role> </roles> </groupAccount>