Red Hat Summit Red Hat SummitSupportKonsoleEntwicklerDemo startenKontakt

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

6.9.3. Configure User Role Assignment using the Management CLI

Roles for a user to be included in and excluded from can be configured in the Management Console and the Management CLI. This topic only shows using the Management CLI.
The configuration of mapping users and groups to roles is located in the management API at: /core-service=management/access=authorization as role-mapping elements.
Only users of the SuperUser or Administrator roles can perform this configuration.
For easier access to the commands, in the Management CLI change to the /core-service=management/access=authorization location: 
[standalone@localhost:9999] cd /core-service=management/access=authorization
Copy to Clipboard Toggle word wrap

Procedure 6.7. Viewing Role Assignment Configuration

  1. Use the :read-children-names operation to get a complete list of the configured roles: 
    /core-service=management/access=authorization:read-children-names(child-type=role-mapping)
    Copy to Clipboard Toggle word wrap 
    [standalone@localhost:9999 access=authorization] :read-children-names(child-type=role-mapping)
{
    "outcome" => "success",
    "result" => [
        "Administrator",
        "Deployer",
        "Maintainer",
        "Monitor",
        "Operator",
        "SuperUser"
    ]
}
    Copy to Clipboard Toggle word wrap
  2. Use the read-resource operation of a specified role-mapping to get the full details of a specific role: 
    /core-service=management/access=authorization/role-mapping=ROLENAME:read-resource(recursive=true)
    Copy to Clipboard Toggle word wrap 
    [standalone@localhost:9999 access=authorization] ./role-mapping=Administrator:read-resource(recursive=true)
{
    "outcome" => "success",
    "result" => {
        "include-all" => false,
        "exclude" => undefined,
        "include" => {
            "user-theboss" => {
                "name" => "theboss",
                "realm" => undefined,
                "type" => "USER"
            },
            "user-harold" => {
                "name" => "harold",
                "realm" => undefined,
                "type" => "USER"
            },
            "group-SysOps" => {
                "name" => "SysOps",
                "realm" => undefined,
                "type" => "GROUP"
            }
        }
    }
}
[standalone@localhost:9999 access=authorization]
    Copy to Clipboard Toggle word wrap

Procedure 6.8. Add a new role

This procedure shows how to add a role-mapping entry for a role. This must be done before the role can be configured.
  • Use the add operation to add a new role configuration. 
    /core-service=management/access=authorization/role-mapping=ROLENAME:add
    Copy to Clipboard Toggle word wrap
    ROLENAME is the name of the role that the new mapping is for. 
    [standalone@localhost:9999 access=authorization] ./role-mapping=Auditor:add             
{"outcome" => "success"}
[standalone@localhost:9999 access=authorization]
    Copy to Clipboard Toggle word wrap

Procedure 6.9. Add a user as included in a role

This procedure shows how to add a user to the included list of a role.
If no configuration for a role has been done, then a role-mapping entry for it must be done first.
  • Use the add operation to add a user entry to the includes list of the role. 
    /core-service=management/access=authorization/role-mapping=ROLENAME/include=ALIAS:add(name=USERNAME, type=USER)
    Copy to Clipboard Toggle word wrap
    ROLENAME is the name of the role being configured.
    ALIAS is a unique name for this mapping. Red Hat recommends that you use a naming convention for your aliases such as user-USERNAME.
    USERNAME is the name of the user being added to the include list. 
     [standalone@localhost:9999 access=authorization] ./role-mapping=Auditor/include=user-max:add(name=max, type=USER)
{"outcome" => "success"}
[standalone@localhost:9999 access=authorization]
    Copy to Clipboard Toggle word wrap

Procedure 6.10. Add a user as excluded in a role

This procedure shows how to add a user to the excluded list of a role.
If no configuration for a role has been done, then a role-mapping entry for it must be done first.
  • Use the add operation to add a user entry to the excludes list of the role. 
    /core-service=management/access=authorization/role-mapping=ROLENAME/exclude=ALIAS:add(name=USERNAME, type=USER)
    Copy to Clipboard Toggle word wrap
    ROLENAME is the name of the role being configured.
    USERNAME is the name of the user being added to the exclude list.
    ALIAS is a unique name for this mapping. Red Hat recommends that you use a naming convention for your aliases such as user-USERNAME. 
    [standalone@localhost:9999 access=authorization] ./role-mapping=Auditor/exclude=user-max:add(name=max, type=USER)
{"outcome" => "success"}
[standalone@localhost:9999 access=authorization]
    Copy to Clipboard Toggle word wrap

Procedure 6.11. Remove user role include configuration

This procedure shows how to remove a user include entry from a role mapping.
  • Use the remove operation to remove the entry. 
    /core-service=management/access=authorization/role-mapping=ROLENAME/include=ALIAS:remove
    Copy to Clipboard Toggle word wrap
    ROLENAME is the name of the role being configured
    ALIAS is a unique name for this mapping. Red Hat recommends that you use a naming convention for your aliases such as user-USERNAME. 
    [standalone@localhost:9999 access=authorization] ./role-mapping=Auditor/include=user-max:remove
{"outcome" => "success"}
[standalone@localhost:9999 access=authorization]
    Copy to Clipboard Toggle word wrap
    Removing the user from the list of includes does not remove the user from the system, nor does it guarantee that the role won't be assigned to the user. The role might still be assigned based on group membership.

Procedure 6.12. Remove user role exclude configuration

This procedure shows how to remove an user exclude entry from a role mapping.
  • Use the remove operation to remove the entry. 
    /core-service=management/access=authorization/role-mapping=ROLENAME/exclude=ALIAS:remove
    Copy to Clipboard Toggle word wrap
    ROLENAME is the name of the role being configured.
    ALIAS is a unique name for this mapping. Red Hat recommends that you use a naming convention for your aliases such as user-USERNAME. 
    [standalone@localhost:9999 access=authorization] ./role-mapping=Auditor/exclude=user-max:remove
{"outcome" => "success"}
[standalone@localhost:9999 access=authorization]
    Copy to Clipboard Toggle word wrap
    Removing the user from the list of excludes does not remove the user from the system, nor does it guarantee the role will be assigned to the user. Roles might still be excluded based on group membership.
Report a bug
Nach oben
Red Hat logoGithubredditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können. Entdecken Sie unsere neuesten Updates.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

Theme

© 2025 Red Hat