role (Identity v3)

updated: 2021-05-21 12:53

role (Identity v3)¶

role add¶

Adds a role assignment to a user or group on the system, a domain, or a project

openstack role add
    [--system <system> | --domain <domain> | --project <project>]
    [--user <user> | --group <group>]
    [--group-domain <group-domain>]
    [--project-domain <project-domain>]
    [--user-domain <user-domain>]
    [--inherited]
    [--role-domain <role-domain>]
    <role>

--system <system>¶: Include <system> (all)

--domain <domain>¶: Include <domain> (name or ID)

--project <project>¶: Include <project> (name or ID)

--user <user>¶: Include <user> (name or ID)

--group <group>¶: Include <group> (name or ID)

--group-domain <group-domain>¶: Domain the group belongs to (name or ID). This can be used in case collisions between group names exist.

--project-domain <project-domain>¶: Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

--user-domain <user-domain>¶: Domain the user belongs to (name or ID). This can be used in case collisions between user names exist.

--inherited¶: Specifies if the role grant is inheritable to the sub projects

--role-domain <role-domain>¶: Domain the role belongs to (name or ID). This must be specified when the name of a domain specific role is used.

role¶: Role to add to <user> (name or ID)

This command is provided by the python-openstackclient plugin.

role assignment list¶

List role assignments

openstack role assignment list
    [--format-config-file FORMAT_CONFIG]
    [--sort-column SORT_COLUMN]
    [--effective]
    [--role <role>]
    [--role-domain <role-domain>]
    [--names]
    [--user <user>]
    [--user-domain <user-domain>]
    [--group <group>]
    [--group-domain <group-domain>]
    [--domain <domain> | --project <project> | --system <system>]
    [--project-domain <project-domain>]
    [--inherited]
    [--auth-user]
    [--auth-project]

--format-config-file <FORMAT_CONFIG>¶: Config file for the dict-to-csv formatter

--sort-column SORT_COLUMN¶: specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--effective¶: Returns only effective role assignments

--role <role>¶: Role to filter (name or ID)

--role-domain <role-domain>¶: Domain the role belongs to (name or ID). This must be specified when the name of a domain specific role is used.

--names¶: Display names instead of IDs

--user <user>¶: User to filter (name or ID)

--user-domain <user-domain>¶: Domain the user belongs to (name or ID). This can be used in case collisions between user names exist.

--group <group>¶: Group to filter (name or ID)

--group-domain <group-domain>¶: Domain the group belongs to (name or ID). This can be used in case collisions between group names exist.

--domain <domain>¶: Domain to filter (name or ID)

--project <project>¶: Project to filter (name or ID)

--system <system>¶: Filter based on system role assignments

--project-domain <project-domain>¶: Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

--inherited¶: Specifies if the role grant is inheritable to the sub projects

--auth-user¶: Only list assignments for the authenticated user

--auth-project¶: Only list assignments for the project to which the authenticated user’s token is scoped

This command is provided by the python-openstackclient plugin.

role create¶

Create new role

openstack role create
    [--description <description>]
    [--domain <domain>]
    [--or-show]
    [--immutable | --no-immutable]
    <role-name>

--description <description>¶: Add description about the role

--domain <domain>¶: Domain the role belongs to (name or ID)

--or-show¶: Return existing role

--immutable¶: Make resource immutable. An immutable project may not be deleted or modified except to remove the immutable flag

--no-immutable¶: Make resource mutable (default)

role-name¶: New role name

This command is provided by the python-openstackclient plugin.

role delete¶

Delete role(s)

openstack role delete [--domain <domain>] <role> [<role> ...]

--domain <domain>¶: Domain the role belongs to (name or ID)

role¶: Role(s) to delete (name or ID)

This command is provided by the python-openstackclient plugin.

role list¶

List roles

openstack role list
    [--format-config-file FORMAT_CONFIG]
    [--sort-column SORT_COLUMN]
    [--domain <domain>]

--format-config-file <FORMAT_CONFIG>¶: Config file for the dict-to-csv formatter

--sort-column SORT_COLUMN¶: specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--domain <domain>¶: Include <domain> (name or ID)

This command is provided by the python-openstackclient plugin.

role remove¶

Removes a role assignment from system/domain/project : user/group

openstack role remove
    [--system <system> | --domain <domain> | --project <project>]
    [--user <user> | --group <group>]
    [--group-domain <group-domain>]
    [--project-domain <project-domain>]
    [--user-domain <user-domain>]
    [--inherited]
    [--role-domain <role-domain>]
    <role>

--system <system>¶: Include <system> (all)

--domain <domain>¶: Include <domain> (name or ID)

--project <project>¶: Include <project> (name or ID)

--user <user>¶: Include <user> (name or ID)

--group <group>¶: Include <group> (name or ID)

--group-domain <group-domain>¶: Domain the group belongs to (name or ID). This can be used in case collisions between group names exist.

--project-domain <project-domain>¶: Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

--user-domain <user-domain>¶: Domain the user belongs to (name or ID). This can be used in case collisions between user names exist.

--inherited¶: Specifies if the role grant is inheritable to the sub projects

--role-domain <role-domain>¶: Domain the role belongs to (name or ID). This must be specified when the name of a domain specific role is used.

role¶: Role to remove (name or ID)

This command is provided by the python-openstackclient plugin.

role set¶

Set role properties

openstack role set
    [--description <description>]
    [--domain <domain>]
    [--name <name>]
    [--immutable | --no-immutable]
    <role>

--description <description>¶: Add description about the role

--domain <domain>¶: Domain the role belongs to (name or ID)

--name <name>¶: Set role name

--immutable¶: Make resource immutable. An immutable project may not be deleted or modified except to remove the immutable flag

--no-immutable¶: Make resource mutable (default)

role¶: Role to modify (name or ID)

This command is provided by the python-openstackclient plugin.

role show¶

Display role details

openstack role show [--domain <domain>] <role>

--domain <domain>¶: Domain the role belongs to (name or ID)

role¶: Role to display (name or ID)

This command is provided by the python-openstackclient plugin.

updated: 2021-05-21 12:53

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.

role (Identity v3)

role (Identity v3)¶

role add¶

role assignment list¶

role create¶

role delete¶

role list¶

role remove¶

role set¶

role show¶

python-openstackclient

Page Contents