User and group accounts control access to HCP interfaces. The administrative roles associated with these accounts allow users to use:
•The Tenant Management Console
•The HCP management API
You need the security role to create, modify, delete, and associate roles with user and group accounts.
The data access permissions associated with user and group accounts allow users to access namespace content through:
•Namespace access protocols that require authentication
•The Namespace Browser
•The HCP metadata query API
•The HCP Search Console
You need the administrator role to associate data access permissions with user and group accounts.
The allow namespace management property, which you can assign to a user or group account, allows users to use the HCP management and HS3 APIs to:
•Create namespaces
•List, view and change the versioning status of, and delete namespaces they own
You need the administrator role to assign the allow namespace management property to a user or group account.
User accounts
An HCP user account is a set of credentials that gives a user access to one or more of the interfaces listed above. You create and manage user accounts in the Tenant Management Console.
When you create a user account, you specify whether the user credentials are authenticated locally or by RADIUS. Additionally, for locally authenticated users, you specify whether the account password must be changed the next time the account is used to access one of the Consoles.
When you create a user account, you have the option of associating roles with it and assigning the allow namespace management property. You can change these properties as well associate data access permissions with the account at any time thereafter.
You can enable and disable user accounts, as needed. While an account is disabled, it cannot be used to access any of the applicable interfaces. You might decide to disable an account, for example, while the user for whom you created it is on vacation.
Multiple people can use the same user account concurrently for the same or different interfaces. To prevent this from happening, you should create a separate account for each user, and users should keep their passwords confidential.
A tenant can have at most 10,000 HCP user accounts.
Group accounts
An HCP group account is a representation of an Active Directory group. The group account enables AD users in the AD group to access one or more of the interfaces listed in Chapter 1: "About user and group accounts" on page 1. You create and manage group accounts in the HCP Tenant Management Console.
When you create a group account, you have the option of associating roles with it. You can change these associations and also associate data access permissions with the account at any time thereafter.
© 2015 Hitachi Data Systems Corporation. All rights reserved.