Chapter 68. role
This chapter describes the commands under the role command.
68.1. role add
Adds a role assignment to a user or group on the system, a domain, or a project
Usage:
openstack role add [-h]
[--system <system> | --domain <domain> | --project <project>]
[--user <user> | --group <group>]
[--group-domain <group-domain>]
[--project-domain <project-domain>]
[--user-domain <user-domain>] [--inherited]
[--role-domain <role-domain>]
<role>
| Value | Summary |
|---|---|
| <role> | Role to add to <user> (name or id) |
| Value | Summary |
|---|---|
| -h, --help | Show this help message and exit |
| --system <system> | Include <system> (all) |
| --domain <domain> | Include <domain> (name or id) |
| --project <project> | Include <project> (name or id) |
| --user <user> | Include <user> (name or id) |
| --group <group> | Include <group> (name or id) |
| --group-domain <group-domain> | Domain the group belongs to (name or id). this can be used in case collisions between group names exist. |
| --project-domain <project-domain> | Domain the project belongs to (name or id). this can be used in case collisions between project names exist. |
| --user-domain <user-domain> | Domain the user belongs to (name or id). this can be used in case collisions between user names exist. |
| --inherited | Specifies if the role grant is inheritable to the sub projects |
| --role-domain <role-domain> | Domain the role belongs to (name or id). this must be specified when the name of a domain specific role is used. |
68.2. role assignment list
List role assignments
Usage:
openstack role assignment list [-h] [-f {csv,json,table,value,yaml}]
[-c COLUMN]
[--quote {all,minimal,none,nonnumeric}]
[--noindent] [--max-width <integer>]
[--fit-width] [--print-empty]
[--sort-column SORT_COLUMN]
[--sort-ascending | --sort-descending]
[--effective] [--role <role>]
[--role-domain <role-domain>] [--names]
[--user <user>]
[--user-domain <user-domain>]
[--group <group>]
[--group-domain <group-domain>]
[--domain <domain> | --project <project> | --system <system>]
[--project-domain <project-domain>]
[--inherited] [--auth-user]
[--auth-project]
| Value | Summary |
|---|---|
| -h, --help | Show this help message and exit |
| --effective | Returns only effective role assignments |
| --role <role> | Role to filter (name or id) |
| --role-domain <role-domain> | Domain the role belongs to (name or id). this must be specified when the name of a domain specific role is used. |
| --names | Display names instead of ids |
| --user <user> | User to filter (name or id) |
| --user-domain <user-domain> | Domain the user belongs to (name or id). this can be used in case collisions between user names exist. |
| --group <group> | Group to filter (name or id) |
| --group-domain <group-domain> | Domain the group belongs to (name or id). this can be used in case collisions between group names exist. |
| --domain <domain> | Domain to filter (name or id) |
| --project <project> | Project to filter (name or id) |
| --system <system> | Filter based on system role assignments |
| --project-domain <project-domain> | Domain the project belongs to (name or id). this can be used in case collisions between project names exist. |
| --inherited | Specifies if the role grant is inheritable to the sub projects |
| --auth-user | Only list assignments for the authenticated user |
| --auth-project | Only list assignments for the project to which the authenticated user’s token is scoped |
| Value | Summary |
|---|---|
| -f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml} | The output format, defaults to table |
| -c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated to show multiple columns |
| --sort-column SORT_COLUMN | Specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated |
| --sort-ascending | Sort the column(s) in ascending order |
| --sort-descending | Sort the column(s) in descending order |
| Value | Summary |
|---|---|
| --quote {all,minimal,none,nonnumeric} | When to include quotes, defaults to nonnumeric |
| Value | Summary |
|---|---|
| --noindent | Whether to disable indenting the json |
| Value | Summary |
|---|---|
| --max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. |
| --fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable |
| --print-empty | Print empty table if there is no data to show. |
68.3. role create
Create new role
Usage:
openstack role create [-h] [-f {json,shell,table,value,yaml}]
[-c COLUMN] [--noindent] [--prefix PREFIX]
[--max-width <integer>] [--fit-width]
[--print-empty] [--description <description>]
[--domain <domain>] [--or-show]
[--immutable | --no-immutable]
<role-name>
| Value | Summary |
|---|---|
| <role-name> | New role name |
| Value | Summary |
|---|---|
| -h, --help | Show this help message and exit |
| --description <description> | Add description about the role |
| --domain <domain> | Domain the role belongs to (name or id) |
| --or-show | Return existing role |
| --immutable | Make resource immutable. an immutable project may not be deleted or modified except to remove the immutable flag |
| --no-immutable | Make resource mutable (default) |
| Value | Summary |
|---|---|
| -f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml} | The output format, defaults to table |
| -c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated to show multiple columns |
| Value | Summary |
|---|---|
| --noindent | Whether to disable indenting the json |
| Value | Summary |
|---|---|
| --prefix PREFIX | Add a prefix to all variable names |
| Value | Summary |
|---|---|
| --max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. |
| --fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable |
| --print-empty | Print empty table if there is no data to show. |
68.4. role delete
Delete role(s)
Usage:
openstack role delete [-h] [--domain <domain>] <role> [<role> ...]
| Value | Summary |
|---|---|
| <role> | Role(s) to delete (name or id) |
| Value | Summary |
|---|---|
| -h, --help | Show this help message and exit |
| --domain <domain> | Domain the role belongs to (name or id) |
68.5. role list
List roles
Usage:
openstack role list [-h] [-f {csv,json,table,value,yaml}] [-c COLUMN]
[--quote {all,minimal,none,nonnumeric}]
[--noindent] [--max-width <integer>] [--fit-width]
[--print-empty] [--sort-column SORT_COLUMN]
[--sort-ascending | --sort-descending]
[--domain <domain>]
| Value | Summary |
|---|---|
| -h, --help | Show this help message and exit |
| --domain <domain> | Include <domain> (name or id) |
| Value | Summary |
|---|---|
| -f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml} | The output format, defaults to table |
| -c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated to show multiple columns |
| --sort-column SORT_COLUMN | Specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated |
| --sort-ascending | Sort the column(s) in ascending order |
| --sort-descending | Sort the column(s) in descending order |
| Value | Summary |
|---|---|
| --quote {all,minimal,none,nonnumeric} | When to include quotes, defaults to nonnumeric |
| Value | Summary |
|---|---|
| --noindent | Whether to disable indenting the json |
| Value | Summary |
|---|---|
| --max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. |
| --fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable |
| --print-empty | Print empty table if there is no data to show. |
68.6. role remove
Removes a role assignment from system/domain/project : user/group
Usage:
openstack role remove [-h]
[--system <system> | --domain <domain> | --project <project>]
[--user <user> | --group <group>]
[--group-domain <group-domain>]
[--project-domain <project-domain>]
[--user-domain <user-domain>] [--inherited]
[--role-domain <role-domain>]
<role>
| Value | Summary |
|---|---|
| <role> | Role to remove (name or id) |
| Value | Summary |
|---|---|
| -h, --help | Show this help message and exit |
| --system <system> | Include <system> (all) |
| --domain <domain> | Include <domain> (name or id) |
| --project <project> | Include <project> (name or id) |
| --user <user> | Include <user> (name or id) |
| --group <group> | Include <group> (name or id) |
| --group-domain <group-domain> | Domain the group belongs to (name or id). this can be used in case collisions between group names exist. |
| --project-domain <project-domain> | Domain the project belongs to (name or id). this can be used in case collisions between project names exist. |
| --user-domain <user-domain> | Domain the user belongs to (name or id). this can be used in case collisions between user names exist. |
| --inherited | Specifies if the role grant is inheritable to the sub projects |
| --role-domain <role-domain> | Domain the role belongs to (name or id). this must be specified when the name of a domain specific role is used. |
68.7. role set
Set role properties
Usage:
openstack role set [-h] [--description <description>]
[--domain <domain>] [--name <name>]
[--immutable | --no-immutable]
<role>
| Value | Summary |
|---|---|
| <role> | Role to modify (name or id) |
| Value | Summary |
|---|---|
| -h, --help | Show this help message and exit |
| --description <description> | Add description about the role |
| --domain <domain> | Domain the role belongs to (name or id) |
| --name <name> | Set role name |
| --immutable | Make resource immutable. an immutable project may not be deleted or modified except to remove the immutable flag |
| --no-immutable | Make resource mutable (default) |
68.8. role show
Display role details
Usage:
openstack role show [-h] [-f {json,shell,table,value,yaml}] [-c COLUMN]
[--noindent] [--prefix PREFIX]
[--max-width <integer>] [--fit-width]
[--print-empty] [--domain <domain>]
<role>
| Value | Summary |
|---|---|
| <role> | Role to display (name or id) |
| Value | Summary |
|---|---|
| -h, --help | Show this help message and exit |
| --domain <domain> | Domain the role belongs to (name or id) |
| Value | Summary |
|---|---|
| -f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml} | The output format, defaults to table |
| -c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated to show multiple columns |
| Value | Summary |
|---|---|
| --noindent | Whether to disable indenting the json |
| Value | Summary |
|---|---|
| --prefix PREFIX | Add a prefix to all variable names |
| Value | Summary |
|---|---|
| --max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. |
| --fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable |
| --print-empty | Print empty table if there is no data to show. |
