role (Identity v3)

updated: 2023-03-02 10:39

role (Identity v3)

role add

Adds a role assignment to a user or group on the system, a domain, or a project

openstack role add
    [--system <system> | --domain <domain> | --project <project>]
    [--user <user> | --group <group>]
    [--group-domain <group-domain>]
    [--project-domain <project-domain>]
    [--user-domain <user-domain>]
    [--inherited]
    [--role-domain <role-domain>]
    <role>
--system <system>

Include <system> (all)

--domain <domain>

Include <domain> (name or ID)

--project <project>

Include <project> (name or ID)

--user <user>

Include <user> (name or ID)

--group <group>

Include <group> (name or ID)

--group-domain <group-domain>

Domain the group belongs to (name or ID). This can be used in case collisions between group names exist.

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

--user-domain <user-domain>

Domain the user belongs to (name or ID). This can be used in case collisions between user names exist.

--inherited

Specifies if the role grant is inheritable to the sub projects

--role-domain <role-domain>

Domain the role belongs to (name or ID). This must be specified when the name of a domain specific role is used.

role

Role to add to <user> (name or ID)

role assignment list

List role assignments

openstack role assignment list
    [--format-config-file FORMAT_CONFIG]
    [--sort-column SORT_COLUMN]
    [--sort-ascending | --sort-descending]
    [--effective]
    [--role <role>]
    [--role-domain <role-domain>]
    [--names]
    [--user <user>]
    [--user-domain <user-domain>]
    [--group <group>]
    [--group-domain <group-domain>]
    [--domain <domain> | --project <project> | --system <system>]
    [--project-domain <project-domain>]
    [--inherited]
    [--auth-user]
    [--auth-project]
--format-config-file <FORMAT_CONFIG>

Config file for the dict-to-csv formatter

--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--sort-ascending

sort the column(s) in ascending order

--sort-descending

sort the column(s) in descending order

--effective

Returns only effective role assignments

--role <role>

Role to filter (name or ID)

--role-domain <role-domain>

Domain the role belongs to (name or ID). This must be specified when the name of a domain specific role is used.

--names

Display names instead of IDs

--user <user>

User to filter (name or ID)

--user-domain <user-domain>

Domain the user belongs to (name or ID). This can be used in case collisions between user names exist.

--group <group>

Group to filter (name or ID)

--group-domain <group-domain>

Domain the group belongs to (name or ID). This can be used in case collisions between group names exist.

--domain <domain>

Domain to filter (name or ID)

--project <project>

Project to filter (name or ID)

--system <system>

Filter based on system role assignments

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

--inherited

Specifies if the role grant is inheritable to the sub projects

--auth-user

Only list assignments for the authenticated user

--auth-project

Only list assignments for the project to which the authenticated user’s token is scoped

role create

Create new role

openstack role create
    [--description <description>]
    [--domain <domain>]
    [--or-show]
    [--immutable | --no-immutable]
    <role-name>
--description <description>

Add description about the role

--domain <domain>

Domain the role belongs to (name or ID)

--or-show

Return existing role

--immutable

Make resource immutable. An immutable project may not be deleted or modified except to remove the immutable flag

--no-immutable

Make resource mutable (default)

role-name

New role name

role delete

Delete role(s)

openstack role delete [--domain <domain>] <role> [<role> ...]
--domain <domain>

Domain the role belongs to (name or ID)

role

Role(s) to delete (name or ID)

role list

List roles

openstack role list
    [--format-config-file FORMAT_CONFIG]
    [--sort-column SORT_COLUMN]
    [--sort-ascending | --sort-descending]
    [--domain <domain>]
--format-config-file <FORMAT_CONFIG>

Config file for the dict-to-csv formatter

--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--sort-ascending

sort the column(s) in ascending order

--sort-descending

sort the column(s) in descending order

--domain <domain>

Include <domain> (name or ID)

role remove

Removes a role assignment from system/domain/project : user/group

openstack role remove
    [--system <system> | --domain <domain> | --project <project>]
    [--user <user> | --group <group>]
    [--group-domain <group-domain>]
    [--project-domain <project-domain>]
    [--user-domain <user-domain>]
    [--inherited]
    [--role-domain <role-domain>]
    <role>
--system <system>

Include <system> (all)

--domain <domain>

Include <domain> (name or ID)

--project <project>

Include <project> (name or ID)

--user <user>

Include <user> (name or ID)

--group <group>

Include <group> (name or ID)

--group-domain <group-domain>

Domain the group belongs to (name or ID). This can be used in case collisions between group names exist.

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

--user-domain <user-domain>

Domain the user belongs to (name or ID). This can be used in case collisions between user names exist.

--inherited

Specifies if the role grant is inheritable to the sub projects

--role-domain <role-domain>

Domain the role belongs to (name or ID). This must be specified when the name of a domain specific role is used.

role

Role to remove (name or ID)

role set

Set role properties

openstack role set
    [--description <description>]
    [--domain <domain>]
    [--name <name>]
    [--immutable | --no-immutable]
    <role>
--description <description>

Add description about the role

--domain <domain>

Domain the role belongs to (name or ID)

--name <name>

Set role name

--immutable

Make resource immutable. An immutable project may not be deleted or modified except to remove the immutable flag

--no-immutable

Make resource mutable (default)

role

Role to modify (name or ID)

role show

Display role details

openstack role show [--domain <domain>] <role>
--domain <domain>

Domain the role belongs to (name or ID)

role

Role to display (name or ID)

updated: 2023-03-02 10:39
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.

questions?