Skip to main content
Hitachi Vantara Knowledge

Modifying a tenant

After creating a tenant, you can modify some of its properties. You do this by using the Settings and Security panels on the Tenants tab for the tenant.

NoteTo view the Settings and Tenants panels, you need the monitor or administrator role. To modify a tenant, you need the administrator role.

These considerations apply to modifying HCP tenants:

  • You can enable AD authentication for a tenant only while HCP can communicate with AD.
  • When you rename a tenant for which AD authentication is enabled, AD authentication is automatically disabled for that tenant. After the operation is complete, you need to manually reenable AD authentication for the tenant.
  • You cannot rename a tenant while the only account with the security role defined for the tenant is a group account.
  • You cannot rename a tenant while the CIFS or NFS protocol is enabled for any namespaces owned by that tenant.
  • When you select a different management network for an HCP tenant while any given user is logged in to the Tenant Management Console for that tenant, HCP denies any subsequent requests made within the same Console session. To continue using the Console, you must start a new session so that the client can use the new management network to access the Console for the tenant.
  • When you select a different data access network for an HCP tenant, HCP denies any client requests for access to namespaces owned by that tenant that arrive over the previously selected network.
  • When a tenant is replicated from one system to a second system, if the management or data access network selected for the tenant on the first system does not exist on the second system, the applicable field in the tenant Settings panel on the second system shows the network name enclosed in angle brackets (for example, <ten1_data>). This network is not included in the dropdown list for the field, so if you select a different network in that field, you cannot then select the undefined network.
  • You can change the service plan that’s assigned to a specific tenant by modifying the tenant to select the new service plan or by modifying the new service plan to assign it to the tenant. You can also modify a service plan to assign it to multiple tenants at the same time.

    To modify the configuration settings for an individual tenant, including selecting a new service plan for that tenant, follow the procedure outlined below.

Modifying tenant properties

You can modify some properties for a tenant by using the Settings panel for the tenant.

Before you begin

To view the Settings panel, you need the monitor or administrator role. To modify a tenant, you need the administrator role.

Procedure

  1. In the top-level menu of the System Management Console, click Tenants.

  2. In the list of tenants, click the name of the tenant that you want to modify.

  3. In the row of tabs below the tenant name, click Settings.

  4. In the Settings panel, make the changes you want.

    To remove a tag from an HCP tenant, in the Tags section in the Settings panel, click the delete control (Delete control icon) for the tag. The row with the tag turns red. To revert the removal before submitting your changes, click again on the delete control.

  5. Click Update Settings.

    If all of these are true, a confirming message appears:
    • You changed the name of the tenant.
    • The tenant supports AD authentication.
    • HCP cannot communicate with AD.

Next steps

In response to the confirming message, click Update Settings.

Tenant-level CORS rules configuration

You can configure CORS rules at the tenant level to serve as the default configuration for all namespaces owned by a tenant. This practice is useful in deployments where a large number of namespaces support the same CORS configuration.

To configure the default CORS settings for all namespaces owned by a tenant, use either the System Management Console or the HCP management API.

  • If a namespace managed by the tenant does not have a CORS configuration, the namespace inherits the tenant-level configuration.
  • If a namespace has its own CORS configuration, the namespace-level configuration overrides the tenant-level configuration.

This section describes how to use the System Management Console to configure the default CORS configuration for all namespaces owned by a tenant.

Request elements (CORS rules)

A CORS rules configuration uses the request elements described in the following table. Some of the request elements are optional.

Request elements for CORS rules configuration

ElementDescription
CORSConfiguration

Container for CORSRules elements.

  • Type: Container
  • Children: CORSRules
  • Ancestor: None

Note: A CORS rules configuration in HCP can have any number of CORSRule, AllowedMethod, AllowedOrigin, and AllowedHeader elements. However, the maximum size of the CORS configuration cannot exceed 2.5 MB.

CORSRule

A set of origins and methods that you want to allow to access a resource.

  • Type: Container
  • Children: AllowedMethod, AllowedOrigin, AllowedHeader, MaxAgeSeconds, ExposeHeader
  • Ancestor: CORSConfiguration
Id

Optional. A unique identifier for the rule. The Id value assists you in finding a rule in the CORS configuration.

  • Type: String
  • Ancestor: CORSRule
AllowedMethod

HTTP methods that you want to allow the origin to execute. Each CORSRule must identify at least one origin and one method.

  • Type: Enum (GET, PUT, HEAD, POST, DELETE)
  • Ancestor: CORSRule
AllowedOrigin

Origins that you want to allow cross-origin requests from. Each CORSRule must identify at least one origin and one method.

The origin value can include at most one wildcard character "*", for example, http://*.example.com. Alternatively, you can specify the wildcard character by itself to enable all origins to send cross-origin requests.

  • Type: String
  • Ancestor: CORSRule
AllowedHeader

Optional. List of headers that are allowed in a preflight OPTIONS request through the Access-Control-Request-Headers header. This element can contain at most one wildcard character "*". Each header name in the Access-Control-Request-Headers header must have a corresponding entry in the CORSRule. The server will send only the allowed headers that were requested in a response.

  • Type: String
  • Ancestor: CORSRule
MaxAgeSeconds

Optional. Maximum time, in seconds, that the browser can cache a preflight OPTIONS response for a specified resource. By caching the response, the browser does not have to send preflight requests to the server within the MaxAgeSeconds time window if repeated requests (same origin, HTTP method, and resource) are issued.

A CORSRule can have at most one MaxAgeSeconds element.

  • Type: Integer (seconds)
  • Ancestor: CORSRule
ExposeHeader

Optional. One or more response headers that customers can access from their applications, for example, from a JavaScript XMLHttpRequest object.

You add one ExposeHeader element in the rule for each header. This element restricts the response headers that are accessible by the client.

  • Type: String
  • Ancestor: CORSRule

CORS configuration template

Here is a sample XML template for setting a CORS rules configuration.

CORS rules configuration template
<CORSConfiguration>
     <CORSRule>
          <Id>Optional: Unique string value that identifies the rule</Id>
          <AllowedOrigin>Origin that you want to allow cross-origin requests from</AllowedOrigin>
          <AllowedOrigin>A single wildcard is allowed</AllowedOrigin>
          <AllowedMethod>HTTP method</AllowedMethod>
          <AllowedMethod>HTTP method</AllowedMethod>
          <MaxAgeSeconds>Optional: Time, in seconds, the browser can cache the preflight OPTIONS response for a resource</MaxAgeSeconds>
          <AllowedHeader>Optional: Header that you want the browser to send. A single wildcard is allowed.</AllowedHeader>
          <AllowedHeader>...</AllowedHeader>     <!-- Optional -->
          <ExposeHeader>Optional: Response header that you want accessible from the browser </ExposeHeader>
          <ExposeHeader>...</ExposeHeader>     <!-- Optional -->
     </CORSRule>
     <CORSRule>
          ...
     </CORSRule>
     <CORSRule>
          ...
     </CORSRule>
</CORSConfiguration>

Configuring CORS rules at the tenant-level

You can use the System Management Console to configure the default CORS settings for all namespaces owned by a tenant.

Before you begin

To view a tenant, you need the monitor or administrator role. To modify a tenant, you need the administrator role.

Procedure

  1. In the top-level menu of the System Management Console, click Tenants.

  2. On the Tenants page, in the Name column, click the right arrow next to the tenant for which you want to configure CORS settings.

    The tenant Overview panel is displayed.
  3. Click the Security tab.

    The Security panel opens to the CORS tab on the left.
  4. In the CORS Configuration field, enter the default CORS settings to use for all namespaces that are owned by the tenant.

  5. Click Update Settings.

    You are returned to the Overview panel for the tenant. A message is displayed at the top of the page indicating whether the update was successful. If a success message is displayed, your configuration is saved and persists in HCP.
  6. To view, update, or delete the saved configuration, click Security to display the Security panel.

    CORS configuration

    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <CORSConfiguration>
         <CORSRule>
              <AllowedOrigin>http://www.example.com</AllowedOrigin>
              <AllowedMethod>PUT</AllowedMethod>
              <AllowedHeader>*</AllowedHeader>
              <ExposeHeader>ETag</ExposeHeader>
              <MaxAgeSeconds>3000</MaxAgeSeconds>
         </CORSRule>
         <CORSRule>
              <AllowedOrigin>*</AllowedOrigin>
              <AllowedMethod>GET</AllowedMethod>
              <AllowedHeader>*</AllowedHeader>
         </CORSRule>
    ...

    Notice that the HCP software added the following XML header at the top of the CORS configuration:

    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  7. If a failure message is displayed, for example, if your configuration had a syntax error, return to the Security panel to make the necessary corrections.

  8. Click Update Settings.

Results

You configured the default CORS settings for all namespaces owned by the tenant.

 

  • Was this article helpful?