Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

Chapter 2. Role Management

2.1. Role Management
Link kopieren

OpenStack uses a role-based access control (RBAC) mechanism to manage access to its resources. Roles define which actions users can perform. By default, there are two predefined roles: a member role that gets attached to a tenant, and an administrative role to enable users other than the admin to administer the environment. Note that there are abstract levels of permission, and it is possible to create the roles the administrator needs, and configure services adequately.

2.1.1. View Roles
Link kopieren

Use the following command to list the available predefined roles.

keystone role-list

$ keystone role-list
+----------------------------------+---------------+
|                id                |      name     |
+----------------------------------+---------------+
| 71ccc37d41c8491c975ae72676db687f |     Member    |
| 149f50a1fe684bfa88dae76a48d26ef7 | ResellerAdmin |
| 9fe2ff9ee4384b1894a90878d3e92bab |    _member_   |
| 6ecf391421604da985db2f141e46a7c8 |     admin     |
+----------------------------------+---------------+

Copy to Clipboard

Toggle word wrap

To get details for a specified role, run:

keystone role-get [ROLE]

$ keystone role-get [ROLE]

Copy to Clipboard

Toggle word wrap

Example

keystone role-get admin

$ keystone role-get admin
+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|    id    | 6ecf391421604da985db2f141e46a7c8 |
|   name   |             admin                |
+----------+----------------------------------+

Copy to Clipboard

Toggle word wrap

2.1.2. Create and Assign a Role
Link kopieren

As a cloud administrator, you can create and manage roles on the Keystone client using the following set of commands. Each OpenStack deployment must include at least one project, one user, and one role, linked together. However, users can be members of multiple projects. To assign users to multiple projects, create a role and assign that role to a user-project pair. Note that you can create a user and assign a primary project and default role in the dashboard.

Note

Either the name or ID can be used to specify users, roles, or projects.

Create the new-role role:

keystone role-create --name [ROLE_NAME]

$ keystone role-create --name [ROLE_NAME]

Copy to Clipboard

Toggle word wrap

Example

keystone role-create --name new-role

$ keystone role-create --name new-role
+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|    id    | 61013e7aa4ba4e00a0a1ab4b14bc6b2a |
|   name   |             new-role             |
+----------+----------------------------------+

Copy to Clipboard

Toggle word wrap

To assign a user to a project, you must assign the role to a user-project pair. To do this, obtain the user, role, and project names or IDs:
1. List users:
  $ keystone user-list
  Copy to Clipboard Toggle word wrap
2. List roles:
  $ keystone role-list
  Copy to Clipboard Toggle word wrap
3. List projects:
  $ keystone tenant-list
  Copy to Clipboard Toggle word wrap

Assign a role to a user-project pair.

keystone user-role-add --user [USER_NAME] --role [ROLE_NAME] --tenant [TENANT_NAME]

$ keystone user-role-add --user [USER_NAME] --role [ROLE_NAME] --tenant [TENANT_NAME]

Copy to Clipboard

Toggle word wrap

Example

In this example, you assign the new-role role to the demo-demo pair:

keystone user-role-add --user demo --role new-role --tenant demo

$ keystone user-role-add --user demo --role new-role --tenant demo

Copy to Clipboard

Toggle word wrap

Verify the role assignment for the user demo:

keystone user-role-list --user [USER_NAME] --tenant [TENANT_NAME]

$ keystone user-role-list --user [USER_NAME] --tenant [TENANT_NAME]

Copy to Clipboard

Toggle word wrap

Example

keystone user-role-list --user demo --tenant demo

$ keystone user-role-list --user demo --tenant demo

Copy to Clipboard

Toggle word wrap

2.1.3. Delete a Role
Link kopieren

Use the following command to delete a role from a user-project pair. Deleting a role ensures the associated user-project pairing is lost.
```
keystone user-role-remove --user [USER_NAME] --role [ROLE] --tenant [TENANT_NAME]
```
```
$ keystone user-role-remove --user [USER_NAME] --role [ROLE] --tenant [TENANT_NAME]
```
Copy to Clipboard Toggle word wrap
Verify the role removal:
```
keystone user-role-list --user [USER_NAME] --tenant [TENANT_NAME]
```
```
$ keystone user-role-list --user [USER_NAME] --tenant [TENANT_NAME]
```
Copy to Clipboard Toggle word wrap
If the role was removed, the command output omits the removed role.

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

Chapter 2. Role Management

2.1. Role Management
Link kopieren

2.1.1. View Roles
Link kopieren

2.1.2. Create and Assign a Role
Link kopieren

2.1.3. Delete a Role
Link kopieren

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Mehr Inklusion in Open Source

Über Red Hat

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

Chapter 2. Role Management

2.1. Role ManagementLink kopierenLink in die Zwischenablage kopiert!

2.1.1. View RolesLink kopierenLink in die Zwischenablage kopiert!

2.1.2. Create and Assign a RoleLink kopierenLink in die Zwischenablage kopiert!

2.1.3. Delete a RoleLink kopierenLink in die Zwischenablage kopiert!

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Mehr Inklusion in Open Source

Über Red Hat

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links

2.1. Role Management
Link kopieren

2.1.1. View Roles
Link kopieren

2.1.2. Create and Assign a Role
Link kopieren

2.1.3. Delete a Role
Link kopieren