Tenant-level group account resources

Tenant-level group account resources let you create, retrieve information about, modify, and delete tenant-level group accounts. The table below provides information about these resources.

Group account resources are not available for the default tenant.

.../tenants/tenant-name/groupAccounts

Data typeMethodUseAccessNotes
groupAccountPUTCreate a group account for a tenantTenant-level user account with the security roleYou can create a group account only if HCP is configured to support AD.
ListGETRetrieve a list of the group accounts defined for a tenantTenant-level user account with the monitor, administrator, or security role

The listed group accounts are identified by the group name.

In XML, the element that identifies each group account is groupname. The root element for the list of group accounts is groupAccounts.

In JSON, the name in the name/value pair that lists the group accounts is groupname.

.../tenants/tenant-name/groupAccounts/group-name

Data typeMethodUseAccessNotes
groupAccountGETRetrieve information about a group accountTenant-level user account with the monitor, administrator, or security roleThe information returned depends on the roles associated with the user making the request.
N/AHEADCheck for the existence of a group accountTenant-level user account with the monitor, administrator, or security role
groupAccountPOSTModify a group accountTenant-level user account with the administrator or security roleA user with only the administrator role can modify only the allow-NamespaceManagement property. A user with only the security role cannot modify that property.
N/ADELETEDelete a group accountTenant-level user account with the security role

.../tenants/tenant-name/groupAccounts/group-name/dataAccessPermissions

Data typeMethodUseAccessNotes

dataAccess

Permissions

GETRetrieve information about the data access permissions associated with a group accountTenant-level user account with the administrator, security, or monitor role
POSTModify the data access permissions associated with a group accountTenant-level user account with the administrator role

The request body must contain all permissions granted for each included namespace. If a namespace is not included, its permissions are not changed by the POST request.

By default, when you create a group account, it does not include any data access permissions.