Skip to main content
Outside service Partner
Hitachi Vantara Knowledge

Working with group accounts


To view, create, and manage HCP group accounts, you use the Groups page in the Tenant Management Console. This page is available only if the tenant supports AD authentication. For more information on AD authentication, see User authentication.

To display the Groups page, in the top-level menu of the Tenant Management Console, select Security Groups.

RoleWebHelp.png

Roles: To:

View the group account list, you need the monitor, administrator, or security role

View the full definitions of groups accounts, you need the security role

View the allow namespace management property and data access permissions for group accounts, you need the monitor or administrator role

Create, associate roles with, and delete group accounts, you need the security role

Modify the allow namespace management property and data access permissions for group accounts, you need the administrator role

© 2015, 2019 Hitachi Vantara Corporation. All rights reserved.

About the Groups page


The Groups page lets you create, modify, and delete HCP group accounts. It also lists the existing group accounts.

By default, the group account list includes all existing group accounts. The accounts are listed 20 at a time in ascending order by group name.

You can page through, sort, and filter the list of group accounts. The Groups page indicates which accounts are shown out of the total number of accounts in the current list.

To view additional information about an individual group account, click on the group name.

Paging

You can change the number of group accounts shown at a time on the Groups page. To do this, in the Items per page field, select the number of group accounts you want. The options are 10, 20, and 50.

To page forward or backward through the group account list, click on the next ( TenantForward_1.png ) or back ( TenantBack_1.png ) control, respectively.

To jump to a specific page in the group account list:

1.In the Page field, type the page number you want.

2.Press Enter.

Sorting

You can sort the group account list in ascending or descending order by group name. To change the sort order, click on the Name column heading. Each time you click on the column heading, the sort order switches between ascending and descending.

Filtering

You can filter the group account list by group name. The filtered list includes only those group accounts with a name that begins with or is the same as a specified text string.

To filter the group account list:

1.In the entry field above the list, type the text string you want to use as a filter. This string can be up to 64 characters long and can contain any valid UTF-8 characters, including white space. It is not case sensitive.

2.Click on the find control ( FindControl_1.png ).

To redisplay the entire list of group accounts after filtering it, click on the clear filter control ( ClearFilterControl_1.png ).

© 2015, 2019 Hitachi Vantara Corporation. All rights reserved.

Creating group accounts


You create group accounts by first displaying a list of AD groups and then selecting the ones from which you want to create HCP group accounts. After selecting the groups you want, you select the roles you want to associate with those group accounts. If you have the administrator role, you can also associate data access permissions with the accounts.

You can create up to the maximum supported number of group accounts in a single operation (that is, 100).

In HCP, each AD group is identified by both the group name and the name of the AD domain in which the group is defined (for example, hcp-admin@ad.example.com). The HCP group account created from an AD group has the same name as the AD group, including the domain name. Internally, however, the HCP group account is associated with the security ID (SID) of the AD group.

You can create an HCP group account from any group defined in the AD forest that HCP uses for user authentication. The only exceptions are predefined groups such as Administrators that have the same SID in all domains.

You can use a single operation to both create new group accounts and change the roles and data access permissions associated with existing group accounts. In this case, all the accounts involved end up with the same roles and permissions.

To create group accounts:

1.On the Groups page in the Tenant Management Console, click on Add Active Directory Groups.

The Find and Select Groups section lists all the AD groups HCP knows about. Groups for which HCP group accounts already exist for the tenant are marked with a checkmark ( NamespaceCheckmark_1.png ).

2.Optionally, filter the list of AD groups:

a.In the Find and Select Groups field, type a text string to use as a filter for the list of AD groups from which you can create HCP group accounts. This string can be up to 64 characters long and can contain any valid UTF-8 characters, including white space. It is not case sensitive.

b.Click on the find control ( FindControl_1.png ).

To redisplay the entire list of AD groups after filtering it, click on the clear filter control ( ClearFilterControl_1.png ).

3.For each AD group from which you want to create an HCP group account, click on the add control ( PlusControl.png ) to select the group. The group row turns green.

Also, for each AD group with an existing HCP group account for which you want to change the associated roles, click on the add control ( PlusControl.png ) to select the group. The group row turns green.

To select all the groups in the list, click on Select All.

To deselect a selected group, click on the remove control ( MinusControl.png ) for the group.

To deselect all the selected groups, click on Clear.

4.In the Assign Roles to Selected Groups section, select the roles you want to associate with all the new group accounts you’re creating and all the existing group accounts for which you’re changing the associated roles. You can select any number of roles, including none.

5.Optionally, if you have the administrator role, select Allow namespace management. (This option is selected automatically and cannot be deselected if the account being created has the administrator role.)

6.Optionally, if you have the administrator role, click on Assign Namespace Permissions. Then associate data access permissions with the group accounts, as described in Specifying permissions for any number of namespaces.

7.Click on Add Groups.

© 2015, 2019 Hitachi Vantara Corporation. All rights reserved.

Modifying a group account


You can change the roles associated with group accounts at any time. You can do this for an individual group account, as described below, or for multiple group accounts in a single operation, as described in Creating group accounts.

To change the roles associated with an individual group account:

1.In the list of group accounts on the Groups page in the Tenant Management Console, click on the name of the group account you want to modify.

2.In the Roles section, select or deselect roles as applicable.

3.Click on Update Settings in the Roles section.

© 2015, 2019 Hitachi Vantara Corporation. All rights reserved.

Deleting a group account


You can delete a group account at any time. Deleting a group account has no effect on the corresponding group in AD.

When you delete a group account, AD users in the corresponding AD group immediately lose the roles and data access permissions granted by that group account.

If no existing HCP user account has the security role, you cannot delete the last group account with the security role.

When a group is deleted in AD, the corresponding HCP group account is not automatically deleted. However, the name of the group account changes to the SID of the deleted AD group. HCP group accounts that correspond to deleted AD groups serve no purpose and should be deleted.

NoteWebHelp.png

Note: The Tenant Management Console may not immediately reflect the change to the HCP group account name.

To delete a group account:

1.In the list of group accounts on the Groups page in the Tenant Management Console, click on the delete control ( DeleteControl.png ) for the group account you want to delete.

2.In response to the confirming message, click on Delete.

© 2015, 2019 Hitachi Vantara Corporation. All rights reserved.