role¶

Identity v2, v3

role add¶

Add role assignment to a user or group in a project or domain

os role add
    --domain <domain> | --project <project> [--project-domain <project-domain>]
    --user <user> [--user-domain <user-domain>] | --group <group> [--group-domain <group-domain>]
    --role-domain <role-domain>
    --inherited
    <role>

--domain <domain>¶: Include <domain> (name or ID)

New in version 3.

--project <project>¶: Include <project> (name or ID)

--user <user>¶: Include <user> (name or ID)

--group <group>¶: Include <group> (name or ID)

New in version 3.

--user-domain <user-domain>¶: Domain the user belongs to (name or ID). This can be used in case collisions between user names exist.

New in version 3.

--group-domain <group-domain>¶: Domain the group belongs to (name or ID). This can be used in case collisions between group names exist.

New in version 3.

--project-domain <project-domain>¶: Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

New in version 3.

--inherited¶: Specifies if the role grant is inheritable to the sub projects.

New in version 3.

--role-domain <role-domain>¶: Domain the role belongs to (name or ID). This must be specified when the name of a domain specific role is used.

New in version 3.

<role>: Role to add to <project>:<user> (name or ID)

role create¶

Create new role

os role create
    [--or-show]
    [--domain <domain>]
    <name>

--domain <domain>¶: Domain the role belongs to (name or ID).

New in version 3.

--or-show¶

Return existing role

If the role already exists return the existing role data and do not fail.

<name>: New role name

role delete¶

Delete role(s)

os role delete
    <role> [<role> ...]
    [--domain <domain>]

<role>: Role to delete (name or ID)

--domain <domain>¶: Domain the role belongs to (name or ID).

New in version 3.

role list¶

List roles

os role list
    --domain <domain> | --project <project> [--project-domain <project-domain>]
    --user <user> [--user-domain <user-domain>] | --group <group> [--group-domain <group-domain>]
    --inherited

--domain <domain>¶

Filter roles by <domain> (name or ID)

(Deprecated if being used to list assignments in conjunction with the --user <user>, option, please use role assignment list instead)

--project <project>¶

Filter roles by <project> (name or ID)

(Deprecated, please use role assignment list instead)

--user <user>¶

Filter roles by <user> (name or ID)

(Deprecated, please use role assignment list instead)

--group <group>¶

Filter roles by <group> (name or ID)

(Deprecated, please use role assignment list instead)

--user-domain <user-domain>¶

Domain the user belongs to (name or ID). This can be used in case collisions between user names exist.

(Deprecated, please use role assignment list instead)

New in version 3.

--group-domain <group-domain>¶

Domain the group belongs to (name or ID). This can be used in case collisions between group names exist.

(Deprecated, please use role assignment list instead)

New in version 3.

--project-domain <project-domain>¶

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

(Deprecated, please use role assignment list instead)

New in version 3.

--inherited¶

Specifies if the role grant is inheritable to the sub projects.

(Deprecated, please use role assignment list instead)

New in version 3.

role remove¶

Remove role assignment from domain/project : user/group

os role remove
    --domain <domain> | --project <project> [--project-domain <project-domain>]
    --user <user> [--user-domain <user-domain>] | --group <group> [--group-domain <group-domain>]
    --role-domain <role-domain>
    --inherited
    <role>

--domain <domain>¶: Include <domain> (name or ID)

New in version 3.

--project <project>¶: Include <project> (name or ID)

--user <user>¶: Include <user> (name or ID)

--group <group>¶: Include <group> (name or ID)

New in version 3.

--user-domain <user-domain>¶: Domain the user belongs to (name or ID). This can be used in case collisions between user names exist.

New in version 3.

--group-domain <group-domain>¶: Domain the group belongs to (name or ID). This can be used in case collisions between group names exist.

New in version 3.

--project-domain <project-domain>¶: Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

New in version 3.

--inherited¶: Specifies if the role grant is inheritable to the sub projects.

New in version 3.

--role-domain <role-domain>¶: Domain the role belongs to (name or ID). This must be specified when the name of a domain specific role is used.

New in version 3.

<role>: Role to remove (name or ID)

role set¶

Set role properties

New in version 3.

os role set
    [--name <name>]
    [--domain <domain>]
    <role>

--name <name>¶: Set role name

--domain <domain>¶: Domain the role belongs to (name or ID).

New in version 3.

<role>: Role to modify (name or ID)

role show¶

Display role details

os role show
    [--domain <domain>]
    <role>

--domain <domain>¶: Domain the role belongs to (name or ID).

New in version 3.

<role>: Role to display (name or ID)

Table Of Contents

role
- role add
- role create
- role delete
- role list
- role remove
- role set
- role show

Previous topic

Next topic

role assignment

Project Source

This Page