userAccount (tenant level)

The userAccount data type describes the userAccounts resource.

When you create a user account, you use a query parameter to specify the password for the account. You use the same query parameter to change the password for a user account.

Properties

The table below describes the properties included in the userAccount data type.

PropertyData typeDescriptionNotes
allowNamespace ManagementBoolean

Specifies whether the user account has the allow namespace management property. Valid values are:

  • true

    The user account has the allow namespace property.

  • false

    The user account does not have the allow namespace management property.

On a PUT request, the default is true if the roles property includes ADMINISTRATOR in the same request; otherwise, the default is false.

On a POST request, adding ADMINISTRATOR to the roles for the user account automatically enables the allow namespace management property for the account.

Users with the allow namespace management property can use the HCP management and S3 compatible APIs to:

  • Create namespaces
  • List, view and change the versioning status of, and delete namespaces they own
This property is not valid on a PUT request. It is valid on a POST request only if the user making the request has the administrator role.
descriptionString

Specifies the description of the user account. This description is optional. The default is no description.

To remove a description from an existing user account, specify the description property with no value.

This property is valid on a POST request only if the user making the request has the security role.
enabledBoolean

Specifies whether the user account is enabled. Valid values are:

  • true

    The user account is enabled.

  • false

    The user account is disabled.

This property is required on a PUT request. It is valid on a POST request only if the user making the request has the security role.
forcePasswordChangeBoolean

Specifies whether the password for the user account must be changed the next time the account is used to log into the Tenant Management Console. Valid values are:

  • true

    The password must be changed.

  • false

    The password does not need to be changed.

This property is required on a PUT request. It is valid on a POST request and returned by a GET request only if the user making the request has the security role.
fullNameStringSpecifies the full name of the user for whom you’re creating the account. This name must be from one through 64 characters long and can contain any valid UTF-8 characters, including white space.This property is required on a PUT request. It is valid on a POST request only if the user making the request has the security role.
localAuthenticationBoolean

Specifies whether the user account is authenticated locally or by a RADIUS server specified at the HCP system level. Valid values are:

  • true

    The user account is authenticated locally.

  • false

    The user account is authenticated by a RADIUS server.

This property is required on a PUT request. It is not valid on a POST request and is returned only by a verbose GET request.
rolesList

Associates zero, one, or more roles with the user account. Valid values for roles are:

  • ADMINISTRATOR
  • COMPLIANCE
  • MONITOR
  • SECURITY

These values are not case sensitive.

The default is no roles.

This property is valid on a POST request and returned by a GET request only when the user making the request has the security role.

For an existing user account, the set of roles specified in the request body replaces the set of roles currently associated with the user account. To remove all roles, specify an empty set.

In XML, the element that identifies each role is role. In JSON, the name in the name/value pair that lists the roles is role.

userGUIDStringSpecifies the system-supplied globally unique user ID for the user account. HCP generates this ID automatically when you create an account.This property is not valid on a PUT or POST request. It is returned only by a verbose GET request and only when the user making the request has the security role.
userIDInteger

Specifies the system-supplied local user ID for the user account. HCP generates this ID automatically when you create an account.

Local user IDs are unique within an HCP system. These IDs are maintained for backward compatibility but are no longer used for user identification.

This property is not valid on a PUT or POST request. It is returned only by a verbose GET request and only when the user making the request has the security role.
usernameString

Specifies the username for the user account. Usernames must be from one through 64 characters long and can contain any valid UTF-8 characters, including white space, but cannot start with an opening square bracket ([).

Usernames are not case sensitive.

The username for a user account must be unique for the tenant. Different tenants can have user accounts with the same username.

You can reuse usernames that are not currently in use. So, for example, if you delete the account for a user and then create a new account for that user, you can give the user the same username as before.

Tip: Consider using email addresses as user names. This enables users to more easily remember their HCP usernames. It also gives you easy access to email addresses should you need to contact any users.

This property is required on a PUT request. It is valid on a POST request only when the user making the request has the security role.

Query parameter for setting user account passwords

You use the password query parameter to specify the password for a new user account and to change the password for an existing user account. The value of this parameter is the password you want.

Example

Here’s an XML example of the userAccount data type:

<userAccount>
    <allowNamespaceManagement>false</allowNamespaceManagement>
    <description>Compliance officer.</description>
    <enabled>true</enabled>
    <forcePasswordChange>true</forcePasswordChange>
    <fullName>Morgan White</fullName>
    <localAuthentication>true</localAuthentication>
    <roles>
         <role>MONITOR</role>
         <role>COMPLIANCE</role>
    </roles>
    <userGUID>a8ae69dc-e2e3-44a9-aa64-9c142a38ed5d</userGUID>
    <userID>517</userID>
    <username>mwhite</username>
</userAccount>