userAccount (tenant level)

Content Platform Tenant Management Help

Version
9.7.x
File Size
4269 KB
Audience
anonymous
Part Number
MK-95HCPH002-19

The userAccount data type describes the userAccounts resource.

When you create a user account, you use a query parameter to specify the password for the account. You use the same query parameter to change the password for a user account.

Properties

The table below describes the properties included in the userAccount data type.

Property Data type Description Notes
allowNamespace Management Boolean

Specifies whether the user account has the allow namespace management property. Valid values are:

true
The user account has the allow namespace property.
false
The user account does not have the allow namespace management property.

On a PUT request, the default is true if the roles property includes ADMINISTRATOR in the same request; otherwise, the default is false.

On a POST request, adding ADMINISTRATOR to the roles for the user account automatically enables the allow namespace management property for the account.

Users with the allow namespace management property can use the HCP management and S3 compatible APIs to:

  • Create namespaces
  • List, view and change the versioning status of, and delete namespaces they own
This property is not valid on a PUT request. It is valid on a POST request only if the user making the request has the administrator role.
description String

Specifies the description of the user account. This description is optional. The default is no description.

To remove a description from an existing user account, specify the description property with no value.

This property is valid on a POST request only if the user making the request has the security role.
enabled Boolean

Specifies whether the user account is enabled. Valid values are:

true
The user account is enabled.
false
The user account is disabled.
This property is required on a PUT request. It is valid on a POST request only if the user making the request has the security role.
forcePasswordChange Boolean

Specifies whether the password for the user account must be changed the next time the account is used to log into the Tenant Management Console. Valid values are:

true
The password must be changed.
false
The password does not need to be changed.
This property is required on a PUT request. It is valid on a POST request and returned by a GET request only if the user making the request has the security role.
fullName String Specifies the full name of the user for whom you’re creating the account. This name must be from one through 64 characters long and can contain any valid UTF-8 characters, including white space. This property is required on a PUT request. It is valid on a POST request only if the user making the request has the security role.
localAuthentication Boolean

Specifies whether the user account is authenticated locally or by a RADIUS server specified at the HCP system level. Valid values are:

true
The user account is authenticated locally.
false
The user account is authenticated by a RADIUS server.
This property is required on a PUT request. It is not valid on a POST request and is returned only by a verbose GET request.
roles List

Associates zero, one, or more roles with the user account. Valid values for roles are:

  • ADMINISTRATOR
  • COMPLIANCE
  • MONITOR
  • SECURITY

These values are not case sensitive.

The default is no roles.

This property is valid on a POST request and returned by a GET request only when the user making the request has the security role.

For an existing user account, the set of roles specified in the request body replaces the set of roles currently associated with the user account. To remove all roles, specify an empty set.

In XML, the element that identifies each role is role. In JSON, the name in the name/value pair that lists the roles is role.

userGUID String Specifies the system-supplied globally unique user ID for the user account. HCP generates this ID automatically when you create an account. This property is not valid on a PUT or POST request. It is returned only by a verbose GET request and only when the user making the request has the security role.
userID Integer

Specifies the system-supplied local user ID for the user account. HCP generates this ID automatically when you create an account.

Local user IDs are unique within an HCP system. These IDs are maintained for backward compatibility but are no longer used for user identification.

This property is not valid on a PUT or POST request. It is returned only by a verbose GET request and only when the user making the request has the security role.
username String

Specifies the username for the user account. Usernames must be from one through 64 characters long and can contain any valid UTF-8 characters, including white space, but cannot start with an opening square bracket ([).

Usernames are not case sensitive.

The username for a user account must be unique for the tenant. Different tenants can have user accounts with the same username.

You can reuse usernames that are not currently in use. So, for example, if you delete the account for a user and then create a new account for that user, you can give the user the same username as before.

Tip: Consider using email addresses as user names. This enables users to more easily remember their HCP usernames. It also gives you easy access to email addresses should you need to contact any users.

This property is required on a PUT request. It is valid on a POST request only when the user making the request has the security role.

Query parameter for setting user account passwords

You use the password query parameter to specify the password for a new user account and to change the password for an existing user account. The value of this parameter is the password you want.

Example

Here’s an XML example of the userAccount data type:

<userAccount>
    <allowNamespaceManagement>false</allowNamespaceManagement>
    <description>Compliance officer.</description>
    <enabled>true</enabled>
    <forcePasswordChange>true</forcePasswordChange>
    <fullName>Morgan White</fullName>
    <localAuthentication>true</localAuthentication>
    <roles>
         <role>MONITOR</role>
         <role>COMPLIANCE</role>
    </roles>
    <userGUID>a8ae69dc-e2e3-44a9-aa64-9c142a38ed5d</userGUID>
    <userID>517</userID>
    <username>mwhite</username>
</userAccount>