network rbac

A network rbac is a Role-Based Access Control (RBAC) policy for network resources. It enables both operators and users to grant access to network resources for specific projects.

Network v2

network rbac create

Create network RBAC policy

openstack network rbac create
    [--extra-property type=<property_type>,name=<property_name>,value=<property_value>]
    --type <type>
    --action <action>
    (--target-project <target-project> | --target-all-projects)
    [--target-project-domain <target-project-domain>]
    [--project <project>]
    [--project-domain <project-domain>]
    <rbac-object>
--extra-property type=<property_type>,name=<property_name>,value=<property_value>

Additional parameters can be passed using this property. Default type of the extra property is string (‘str’), but other types can be used as well. Available types are: ‘dict’, ‘list’, ‘str’, ‘bool’, ‘int’. In case of ‘list’ type, ‘value’ can be semicolon-separated list of values. For ‘dict’ value is semicolon-separated list of the key:value pairs.

--type <type>

Type of the object that RBAC policy affects (“address_group”, “address_scope”, “security_group”, “subnetpool”, “qos_policy” or “network”)

--action <action>

Action for the RBAC policy (“access_as_external” or “access_as_shared”)

--target-project <target-project>

The project to which the RBAC policy will be enforced (name or ID)

--target-all-projects

Allow creating RBAC policy for all projects.

--target-project-domain <target-project-domain>

Domain the target project belongs to (name or ID). This can be used in case collisions between project names exist.

--project <project>

The owner project (name or ID)

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

rbac-object

The object to which this RBAC policy affects (name or ID)

network rbac delete

Delete network RBAC policy(s)

openstack network rbac delete <rbac-policy> [<rbac-policy> ...]
rbac-policy

RBAC policy(s) to delete (ID only)

network rbac list

List network RBAC policies

openstack network rbac list
    [--sort-column SORT_COLUMN]
    [--sort-ascending | --sort-descending]
    [--type <type>]
    [--action <action>]
    [--long]
--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--sort-ascending

sort the column(s) in ascending order

--sort-descending

sort the column(s) in descending order

--type <type>

List network RBAC policies according to given object type (“address_group”, “address_scope”, “security_group”, “subnetpool”, “qos_policy” or “network”)

--action <action>

List network RBAC policies according to given action (“access_as_external” or “access_as_shared”)

--long

List additional fields in output

network rbac set

Set network RBAC policy properties

openstack network rbac set
    [--extra-property type=<property_type>,name=<property_name>,value=<property_value>]
    [--target-project <target-project>]
    [--target-project-domain <target-project-domain>]
    <rbac-policy>
--extra-property type=<property_type>,name=<property_name>,value=<property_value>

Additional parameters can be passed using this property. Default type of the extra property is string (‘str’), but other types can be used as well. Available types are: ‘dict’, ‘list’, ‘str’, ‘bool’, ‘int’. In case of ‘list’ type, ‘value’ can be semicolon-separated list of values. For ‘dict’ value is semicolon-separated list of the key:value pairs.

--target-project <target-project>

The project to which the RBAC policy will be enforced (name or ID)

--target-project-domain <target-project-domain>

Domain the target project belongs to (name or ID). This can be used in case collisions between project names exist.

rbac-policy

RBAC policy to be modified (ID only)

network rbac show

Display network RBAC policy details

openstack network rbac show <rbac-policy>
rbac-policy

RBAC policy (ID only)