role (Identity v3)¶
role add¶
Adds a role assignment to a user or group on the system, a domain, or a project
openstack role add
[--system <system> | --domain <domain> | --project <project>]
[--user <user> | --group <group>]
[--group-domain <group-domain>]
[--project-domain <project-domain>]
[--user-domain <user-domain>]
[--inherited]
[--role-domain <role-domain>]
<role>
- --system <system>¶
Include <system> (all)
- --domain <domain>¶
Include <domain> (name or ID)
- --project <project>¶
Include <project> (name or ID)
- --user <user>¶
Include <user> (name or ID)
- --group <group>¶
Include <group> (name or ID)
- --group-domain <group-domain>¶
Domain the group belongs to (name or ID). This can be used in case collisions between group names exist.
- --project-domain <project-domain>¶
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.
- --user-domain <user-domain>¶
Domain the user belongs to (name or ID). This can be used in case collisions between user names exist.
- --inherited¶
Specifies if the role grant is inheritable to the sub projects
- --role-domain <role-domain>¶
Domain the role belongs to (name or ID). This must be specified when the name of a domain specific role is used.
- role¶
Role to add to <user> (name or ID)
role assignment list¶
List role assignments
openstack role assignment list
[--sort-column SORT_COLUMN]
[--sort-ascending | --sort-descending]
[--effective]
[--role <role>]
[--role-domain <role-domain>]
[--names]
[--user <user>]
[--user-domain <user-domain>]
[--group <group>]
[--group-domain <group-domain>]
[--domain <domain> | --project <project> | --system <system>]
[--project-domain <project-domain>]
[--inherited]
[--auth-user]
[--auth-project]
- --sort-column SORT_COLUMN¶
specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated
- --sort-ascending¶
sort the column(s) in ascending order
- --sort-descending¶
sort the column(s) in descending order
- --effective¶
Returns only effective role assignments
- --role <role>¶
Role to filter (name or ID)
- --role-domain <role-domain>¶
Domain the role belongs to (name or ID). This must be specified when the name of a domain specific role is used.
- --names¶
Display names instead of IDs
- --user <user>¶
User to filter (name or ID)
- --user-domain <user-domain>¶
Domain the user belongs to (name or ID). This can be used in case collisions between user names exist.
- --group <group>¶
Group to filter (name or ID)
- --group-domain <group-domain>¶
Domain the group belongs to (name or ID). This can be used in case collisions between group names exist.
- --domain <domain>¶
Domain to filter (name or ID)
- --project <project>¶
Project to filter (name or ID)
- --system <system>¶
Filter based on system role assignments
- --project-domain <project-domain>¶
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.
- --inherited¶
Specifies if the role grant is inheritable to the sub projects
- --auth-user¶
Only list assignments for the authenticated user
- --auth-project¶
Only list assignments for the project to which the authenticated user’s token is scoped
role create¶
Create new role
openstack role create
[--description <description>]
[--domain <domain>]
[--or-show]
[--immutable | --no-immutable]
<role-name>
- --description <description>¶
Add description about the role
- --domain <domain>¶
Domain the role belongs to (name or ID)
- --or-show¶
Return existing role
- --immutable¶
Make resource immutable. An immutable project may not be deleted or modified except to remove the immutable flag
- --no-immutable¶
Make resource mutable (default)
- role-name¶
New role name
role delete¶
Delete role(s)
openstack role delete [--domain <domain>] <role> [<role> ...]
- --domain <domain>¶
Domain the role belongs to (name or ID)
- role¶
Role(s) to delete (name or ID)
role list¶
List roles
openstack role list
[--sort-column SORT_COLUMN]
[--sort-ascending | --sort-descending]
[--domain <domain>]
- --sort-column SORT_COLUMN¶
specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated
- --sort-ascending¶
sort the column(s) in ascending order
- --sort-descending¶
sort the column(s) in descending order
- --domain <domain>¶
Include <domain> (name or ID)
role remove¶
Removes a role assignment from system/domain/project : user/group
openstack role remove
[--system <system> | --domain <domain> | --project <project>]
[--user <user> | --group <group>]
[--group-domain <group-domain>]
[--project-domain <project-domain>]
[--user-domain <user-domain>]
[--inherited]
[--role-domain <role-domain>]
<role>
- --system <system>¶
Include <system> (all)
- --domain <domain>¶
Include <domain> (name or ID)
- --project <project>¶
Include <project> (name or ID)
- --user <user>¶
Include <user> (name or ID)
- --group <group>¶
Include <group> (name or ID)
- --group-domain <group-domain>¶
Domain the group belongs to (name or ID). This can be used in case collisions between group names exist.
- --project-domain <project-domain>¶
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.
- --user-domain <user-domain>¶
Domain the user belongs to (name or ID). This can be used in case collisions between user names exist.
- --inherited¶
Specifies if the role grant is inheritable to the sub projects
- --role-domain <role-domain>¶
Domain the role belongs to (name or ID). This must be specified when the name of a domain specific role is used.
- role¶
Role to remove (name or ID)
role set¶
Set role properties
openstack role set
[--description <description>]
[--domain <domain>]
[--name <name>]
[--immutable | --no-immutable]
<role>
- --description <description>¶
Add description about the role
- --domain <domain>¶
Domain the role belongs to (name or ID)
- --name <name>¶
Set role name
- --immutable¶
Make resource immutable. An immutable project may not be deleted or modified except to remove the immutable flag
- --no-immutable¶
Make resource mutable (default)
- role¶
Role to modify (name or ID)
role show¶
Display role details
openstack role show [--domain <domain>] <role>
- --domain <domain>¶
Domain the role belongs to (name or ID)
- role¶
Role to display (name or ID)
