groupAccount

Content Platform Tenant Management Help

Version
9.7.x
File Size
4269 KB
Audience
anonymous
Part Number
MK-95HCPH002-19

The groupAccount data type describes the groupAccounts resource.

Properties

The table below describes the properties included in the groupAccount data type.

Property Data Type Description Notes

allowNamespace

Management

Boolean

Specifies whether the group account has the allow namespace management property. Valid values are:

true
The group account has the allow namespace property.
false
The group account does not have the allow namespace management property.

On a PUT request, the default is true if the roles property includes ADMINISTRATOR in the same request; otherwise, the default is false.

On a POST request, adding ADMINISTRATOR to the roles for the group account automatically enables the allow namespace management property for the account.

Users in groups with the allow namespace management property can use the HCP management and S3 compatible APIs to:

  • Create namespaces
  • List, view and change the versioning status of, and delete namespaces they own
This property is not valid on a PUT request. It is valid on a POST request only if the user making the request has the administrator role.
externalGroupID String Specifies the security identifier (SID) of the AD group that corresponds to the HCP group account. For a PUT request, valid values are the SIDs of AD groups defined in the AD forest supported by HCP.

Either this property or the groupname property is required on a PUT request. If you include both properties in the request body, they must identify the same AD group.

This property is not valid on a POST request. It is returned only by a verbose GET request and only when the user making the request has the security role.

groupname String

Specifies the name of the HCP group account. For a PUT request, valid values are the names of AD groups defined in the AD forest supported by HCP, in either of these formats:

group-name

group-name@ad-domain- name

If you omit the domain name, HCP uses the AD domain specified in the system configuration.

Be sure to use the second format if a group with the specified name exists in more than one domain in the AD forest or if the group name looks like a SID.

Either this property or the externalGroupID property is required on a PUT request. If you include both properties in the request body, they must identify the same AD group.

This property is not valid on a POST request.

roles List

Associates zero, one, or more roles with the group account. Valid values for roles are:

  • ADMINISTRATOR
  • COMPLIANCE
  • MONITOR
  • SECURITY

These values are not case sensitive.

The default is no roles.

This property is valid on a POST request and returned by a GET request only when the user making the request has the security role.

A user with the ADMINISTRATOR role cannot POST this property.

For an existing group account, the set of roles specified in the request body replaces the set of roles currently associated with the group account. To remove all roles, specify an empty set.

In XML, the element that identifies each role is role. In JSON, the name in the name/value pair that lists the roles is role.

Example

Here’s an XML example of the groupAccount data type:

<groupAccount>
    <allowNamespaceManagement>false</allowNamespaceManagement>
    <externalGroupID>S-1-5-21-1522923621-2272695913-102089983-3621
    </externalGroupID>
    <groupname>hcp-admin@ad.example.com</groupname>
    <roles>
         <role>MONITOR</role>
         <role>ADMINISTRATOR</role>
    </roles>
</groupAccount>