Chapter 66. role
This chapter describes the commands under the role
command.
66.1. role add
Adds a role assignment to a user or group on the system, a domain, or a project
Usage:
openstack role add [-h] [--system <system> | --domain <domain> | --project <project>] [--user <user> | --group <group>] [--group-domain <group-domain>] [--project-domain <project-domain>] [--user-domain <user-domain>] [--inherited] [--role-domain <role-domain>] <role>
Value | Summary |
---|---|
<role> | Role to add to <user> (name or id) |
Value | Summary |
---|---|
-h, --help | Show this help message and exit |
--system <system> | Include <system> (all) |
--domain <domain> | Include <domain> (name or id) |
--project <project> | Include <project> (name or id) |
--user <user> | Include <user> (name or id) |
--group <group> | Include <group> (name or id) |
--group-domain <group-domain> | Domain the group belongs to (name or id). this can be used in case collisions between group names exist. |
--project-domain <project-domain> | Domain the project belongs to (name or id). this can be used in case collisions between project names exist. |
--user-domain <user-domain> | Domain the user belongs to (name or id). this can be used in case collisions between user names exist. |
--inherited | Specifies if the role grant is inheritable to the sub projects |
--role-domain <role-domain> | Domain the role belongs to (name or id). this must be specified when the name of a domain specific role is used. |
66.2. role assignment list
List role assignments
Usage:
openstack role assignment list [-h] [-f {csv,json,table,value,yaml}] [-c COLUMN] [--quote {all,minimal,none,nonnumeric}] [--noindent] [--max-width <integer>] [--fit-width] [--print-empty] [--sort-column SORT_COLUMN] [--effective] [--role <role>] [--role-domain <role-domain>] [--names] [--user <user>] [--user-domain <user-domain>] [--group <group>] [--group-domain <group-domain>] [--domain <domain> | --project <project> | --system <system>] [--project-domain <project-domain>] [--inherited] [--auth-user] [--auth-project]
Value | Summary |
---|---|
-h, --help | Show this help message and exit |
--effective | Returns only effective role assignments |
--role <role> | Role to filter (name or id) |
--role-domain <role-domain> | Domain the role belongs to (name or id). this must be specified when the name of a domain specific role is used. |
--names | Display names instead of ids |
--user <user> | User to filter (name or id) |
--user-domain <user-domain> | Domain the user belongs to (name or id). this can be used in case collisions between user names exist. |
--group <group> | Group to filter (name or id) |
--group-domain <group-domain> | Domain the group belongs to (name or id). this can be used in case collisions between group names exist. |
--domain <domain> | Domain to filter (name or id) |
--project <project> | Project to filter (name or id) |
--system <system> | Filter based on system role assignments |
--project-domain <project-domain> | Domain the project belongs to (name or id). this can be used in case collisions between project names exist. |
--inherited | Specifies if the role grant is inheritable to the sub projects |
--auth-user | Only list assignments for the authenticated user |
--auth-project | Only list assignments for the project to which the authenticated user’s token is scoped |
Value | Summary |
---|---|
-f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml} | The output format, defaults to table |
-c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated |
--sort-column SORT_COLUMN | Specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated |
Value | Summary |
---|---|
--quote {all,minimal,none,nonnumeric} | When to include quotes, defaults to nonnumeric |
Value | Summary |
---|---|
--noindent | Whether to disable indenting the json |
Value | Summary |
---|---|
--max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. |
--fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable |
--print-empty | Print empty table if there is no data to show. |
66.3. role create
Create new role
Usage:
openstack role create [-h] [-f {json,shell,table,value,yaml}] [-c COLUMN] [--noindent] [--prefix PREFIX] [--max-width <integer>] [--fit-width] [--print-empty] [--domain <domain>] [--or-show] <role-name>
Value | Summary |
---|---|
<role-name> | New role name |
Value | Summary |
---|---|
-h, --help | Show this help message and exit |
--domain <domain> | Domain the role belongs to (name or id) |
--or-show | Return existing role |
Value | Summary |
---|---|
-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml} | The output format, defaults to table |
-c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated |
Value | Summary |
---|---|
--noindent | Whether to disable indenting the json |
Value | Summary |
---|---|
--prefix PREFIX | Add a prefix to all variable names |
Value | Summary |
---|---|
--max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. |
--fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable |
--print-empty | Print empty table if there is no data to show. |
66.4. role delete
Delete role(s)
Usage:
openstack role delete [-h] [--domain <domain>] <role> [<role> ...]
Value | Summary |
---|---|
<role> | Role(s) to delete (name or id) |
Value | Summary |
---|---|
-h, --help | Show this help message and exit |
--domain <domain> | Domain the role belongs to (name or id) |
66.5. role list
List roles
Usage:
openstack role list [-h] [-f {csv,json,table,value,yaml}] [-c COLUMN] [--quote {all,minimal,none,nonnumeric}] [--noindent] [--max-width <integer>] [--fit-width] [--print-empty] [--sort-column SORT_COLUMN] [--domain <domain>]
Value | Summary |
---|---|
-h, --help | Show this help message and exit |
--domain <domain> | Include <domain> (name or id) |
Value | Summary |
---|---|
-f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml} | The output format, defaults to table |
-c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated |
--sort-column SORT_COLUMN | Specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated |
Value | Summary |
---|---|
--quote {all,minimal,none,nonnumeric} | When to include quotes, defaults to nonnumeric |
Value | Summary |
---|---|
--noindent | Whether to disable indenting the json |
Value | Summary |
---|---|
--max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. |
--fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable |
--print-empty | Print empty table if there is no data to show. |
66.6. role remove
Removes a role assignment from system/domain/project : user/group
Usage:
openstack role remove [-h] [--system <system> | --domain <domain> | --project <project>] [--user <user> | --group <group>] [--group-domain <group-domain>] [--project-domain <project-domain>] [--user-domain <user-domain>] [--inherited] [--role-domain <role-domain>] <role>
Value | Summary |
---|---|
<role> | Role to remove (name or id) |
Value | Summary |
---|---|
-h, --help | Show this help message and exit |
--system <system> | Include <system> (all) |
--domain <domain> | Include <domain> (name or id) |
--project <project> | Include <project> (name or id) |
--user <user> | Include <user> (name or id) |
--group <group> | Include <group> (name or id) |
--group-domain <group-domain> | Domain the group belongs to (name or id). this can be used in case collisions between group names exist. |
--project-domain <project-domain> | Domain the project belongs to (name or id). this can be used in case collisions between project names exist. |
--user-domain <user-domain> | Domain the user belongs to (name or id). this can be used in case collisions between user names exist. |
--inherited | Specifies if the role grant is inheritable to the sub projects |
--role-domain <role-domain> | Domain the role belongs to (name or id). this must be specified when the name of a domain specific role is used. |
66.7. role set
Set role properties
Usage:
openstack role set [-h] [--domain <domain>] [--name <name>] <role>
Value | Summary |
---|---|
<role> | Role to modify (name or id) |
Value | Summary |
---|---|
-h, --help | Show this help message and exit |
--domain <domain> | Domain the role belongs to (name or id) |
--name <name> | Set role name |
66.8. role show
Display role details
Usage:
openstack role show [-h] [-f {json,shell,table,value,yaml}] [-c COLUMN] [--noindent] [--prefix PREFIX] [--max-width <integer>] [--fit-width] [--print-empty] [--domain <domain>] <role>
Value | Summary |
---|---|
<role> | Role to display (name or id) |
Value | Summary |
---|---|
-h, --help | Show this help message and exit |
--domain <domain> | Domain the role belongs to (name or id) |
Value | Summary |
---|---|
-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml} | The output format, defaults to table |
-c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated |
Value | Summary |
---|---|
--noindent | Whether to disable indenting the json |
Value | Summary |
---|---|
--prefix PREFIX | Add a prefix to all variable names |
Value | Summary |
---|---|
--max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. |
--fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable |
--print-empty | Print empty table if there is no data to show. |