Who can use the management API

Content Platform Tenant Management Help

Version
9.7.x
File Size
4269 KB
Audience
anonymous
Part Number
MK-95HCPH002-19

To use the HCP management API, you need either a system-level or tenant-level user account that’s defined in HCP. If HCP is configured to support Windows® Active Directory® (AD), clients can also use recognized AD user accounts to access HCP through the management API. A recognized AD user account is an AD user account for a user that belongs to one or more AD groups for which corresponding group accounts are defined in HCP.

What you can do with the API depends on:

  • The level of account you’re using
  • The roles associated with the account (or applicable group accounts)
  • For tenant-level accounts, whether the account (or applicable group accounts) has the allow namespace management property

The permissions granted by each role have the same effect with the management API as they do in the Tenant Management Console . For example, with an HCP tenant-level user account that includes the administrator role, you can create, modify, and delete namespaces. With a tenant-level user account that includes only the monitor role, you can only retrieve information about these entities.

An HCP tenant can grant system-level users administrative access to itself. This enables users with system-level user accounts to perform the activities allowed by the tenant-level roles that correspond to their system-level roles.

If you have only the allow namespace management property and no roles, the activities you can perform with the HCP management API are limited to creating namespaces, listing and deleting namespaces you own, and viewing and modifying the versioning status of namespaces you own.

For you to use the management API with a system-level user account, the API must be enabled at the system level. For you to use the management API with a tenant-level user account, the API must be enabled at both the system and tenant levels.