Chapter 68. role


This chapter describes the commands under the role command.

68.1. role add

Adds a role assignment to a user or group on the system, a domain, or a project

Usage:

openstack role add [-h]
                          [--system <system> | --domain <domain> | --project <project>]
                          [--user <user> | --group <group>]
                          [--group-domain <group-domain>]
                          [--project-domain <project-domain>]
                          [--user-domain <user-domain>] [--inherited]
                          [--role-domain <role-domain>]
                          <role>

Table 68.1. Positional arguments
ValueSummary

<role>

Role to add to <user> (name or id)

Table 68.2. Command arguments
ValueSummary

-h, --help

Show this help message and exit

--system <system>

Include <system> (all)

--domain <domain>

Include <domain> (name or id)

--project <project>

Include <project> (name or id)

--user <user>

Include <user> (name or id)

--group <group>

Include <group> (name or id)

--group-domain <group-domain>

Domain the group belongs to (name or id). this can be used in case collisions between group names exist.

--project-domain <project-domain>

Domain the project belongs to (name or id). this can be used in case collisions between project names exist.

--user-domain <user-domain>

Domain the user belongs to (name or id). this can be used in case collisions between user names exist.

--inherited

Specifies if the role grant is inheritable to the sub projects

--role-domain <role-domain>

Domain the role belongs to (name or id). this must be specified when the name of a domain specific role is used.

68.2. role assignment list

List role assignments

Usage:

openstack role assignment list [-h] [-f {csv,json,table,value,yaml}]
                                      [-c COLUMN]
                                      [--quote {all,minimal,none,nonnumeric}]
                                      [--noindent] [--max-width <integer>]
                                      [--fit-width] [--print-empty]
                                      [--sort-column SORT_COLUMN]
                                      [--sort-ascending | --sort-descending]
                                      [--effective] [--role <role>]
                                      [--role-domain <role-domain>] [--names]
                                      [--user <user>]
                                      [--user-domain <user-domain>]
                                      [--group <group>]
                                      [--group-domain <group-domain>]
                                      [--domain <domain> | --project <project> | --system <system>]
                                      [--project-domain <project-domain>]
                                      [--inherited] [--auth-user]
                                      [--auth-project]

Table 68.3. Command arguments
ValueSummary

-h, --help

Show this help message and exit

--effective

Returns only effective role assignments

--role <role>

Role to filter (name or id)

--role-domain <role-domain>

Domain the role belongs to (name or id). this must be specified when the name of a domain specific role is used.

--names

Display names instead of ids

--user <user>

User to filter (name or id)

--user-domain <user-domain>

Domain the user belongs to (name or id). this can be used in case collisions between user names exist.

--group <group>

Group to filter (name or id)

--group-domain <group-domain>

Domain the group belongs to (name or id). this can be used in case collisions between group names exist.

--domain <domain>

Domain to filter (name or id)

--project <project>

Project to filter (name or id)

--system <system>

Filter based on system role assignments

--project-domain <project-domain>

Domain the project belongs to (name or id). this can be used in case collisions between project names exist.

--inherited

Specifies if the role grant is inheritable to the sub projects

--auth-user

Only list assignments for the authenticated user

--auth-project

Only list assignments for the project to which the authenticated user’s token is scoped

Table 68.4. Output formatter options
ValueSummary

-f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated to show multiple columns

--sort-column SORT_COLUMN

Specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--sort-ascending

Sort the column(s) in ascending order

--sort-descending

Sort the column(s) in descending order

Table 68.5. CSV formatter options
ValueSummary

--quote {all,minimal,none,nonnumeric}

When to include quotes, defaults to nonnumeric

Table 68.6. JSON formatter options
ValueSummary

--noindent

Whether to disable indenting the json

Table 68.7. Table formatter options
ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

68.3. role create

Create new role

Usage:

openstack role create [-h] [-f {json,shell,table,value,yaml}]
                             [-c COLUMN] [--noindent] [--prefix PREFIX]
                             [--max-width <integer>] [--fit-width]
                             [--print-empty] [--description <description>]
                             [--domain <domain>] [--or-show]
                             [--immutable | --no-immutable]
                             <role-name>

Table 68.8. Positional arguments
ValueSummary

<role-name>

New role name

Table 68.9. Command arguments
ValueSummary

-h, --help

Show this help message and exit

--description <description>

Add description about the role

--domain <domain>

Domain the role belongs to (name or id)

--or-show

Return existing role

--immutable

Make resource immutable. an immutable project may not be deleted or modified except to remove the immutable flag

--no-immutable

Make resource mutable (default)

Table 68.10. Output formatter options
ValueSummary

-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated to show multiple columns

Table 68.11. JSON formatter options
ValueSummary

--noindent

Whether to disable indenting the json

Table 68.12. Shell formatter options
ValueSummary

--prefix PREFIX

Add a prefix to all variable names

Table 68.13. Table formatter options
ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

68.4. role delete

Delete role(s)

Usage:

openstack role delete [-h] [--domain <domain>] <role> [<role> ...]

Table 68.14. Positional arguments
ValueSummary

<role>

Role(s) to delete (name or id)

Table 68.15. Command arguments
ValueSummary

-h, --help

Show this help message and exit

--domain <domain>

Domain the role belongs to (name or id)

68.5. role list

List roles

Usage:

openstack role list [-h] [-f {csv,json,table,value,yaml}] [-c COLUMN]
                           [--quote {all,minimal,none,nonnumeric}]
                           [--noindent] [--max-width <integer>] [--fit-width]
                           [--print-empty] [--sort-column SORT_COLUMN]
                           [--sort-ascending | --sort-descending]
                           [--domain <domain>]

Table 68.16. Command arguments
ValueSummary

-h, --help

Show this help message and exit

--domain <domain>

Include <domain> (name or id)

Table 68.17. Output formatter options
ValueSummary

-f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated to show multiple columns

--sort-column SORT_COLUMN

Specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--sort-ascending

Sort the column(s) in ascending order

--sort-descending

Sort the column(s) in descending order

Table 68.18. CSV formatter options
ValueSummary

--quote {all,minimal,none,nonnumeric}

When to include quotes, defaults to nonnumeric

Table 68.19. JSON formatter options
ValueSummary

--noindent

Whether to disable indenting the json

Table 68.20. Table formatter options
ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

68.6. role remove

Removes a role assignment from system/domain/project : user/group

Usage:

openstack role remove [-h]
                             [--system <system> | --domain <domain> | --project <project>]
                             [--user <user> | --group <group>]
                             [--group-domain <group-domain>]
                             [--project-domain <project-domain>]
                             [--user-domain <user-domain>] [--inherited]
                             [--role-domain <role-domain>]
                             <role>

Table 68.21. Positional arguments
ValueSummary

<role>

Role to remove (name or id)

Table 68.22. Command arguments
ValueSummary

-h, --help

Show this help message and exit

--system <system>

Include <system> (all)

--domain <domain>

Include <domain> (name or id)

--project <project>

Include <project> (name or id)

--user <user>

Include <user> (name or id)

--group <group>

Include <group> (name or id)

--group-domain <group-domain>

Domain the group belongs to (name or id). this can be used in case collisions between group names exist.

--project-domain <project-domain>

Domain the project belongs to (name or id). this can be used in case collisions between project names exist.

--user-domain <user-domain>

Domain the user belongs to (name or id). this can be used in case collisions between user names exist.

--inherited

Specifies if the role grant is inheritable to the sub projects

--role-domain <role-domain>

Domain the role belongs to (name or id). this must be specified when the name of a domain specific role is used.

68.7. role set

Set role properties

Usage:

openstack role set [-h] [--description <description>]
                          [--domain <domain>] [--name <name>]
                          [--immutable | --no-immutable]
                          <role>

Table 68.23. Positional arguments
ValueSummary

<role>

Role to modify (name or id)

Table 68.24. Command arguments
ValueSummary

-h, --help

Show this help message and exit

--description <description>

Add description about the role

--domain <domain>

Domain the role belongs to (name or id)

--name <name>

Set role name

--immutable

Make resource immutable. an immutable project may not be deleted or modified except to remove the immutable flag

--no-immutable

Make resource mutable (default)

68.8. role show

Display role details

Usage:

openstack role show [-h] [-f {json,shell,table,value,yaml}] [-c COLUMN]
                           [--noindent] [--prefix PREFIX]
                           [--max-width <integer>] [--fit-width]
                           [--print-empty] [--domain <domain>]
                           <role>

Table 68.25. Positional arguments
ValueSummary

<role>

Role to display (name or id)

Table 68.26. Command arguments
ValueSummary

-h, --help

Show this help message and exit

--domain <domain>

Domain the role belongs to (name or id)

Table 68.27. Output formatter options
ValueSummary

-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated to show multiple columns

Table 68.28. JSON formatter options
ValueSummary

--noindent

Whether to disable indenting the json

Table 68.29. Shell formatter options
ValueSummary

--prefix PREFIX

Add a prefix to all variable names

Table 68.30. Table formatter options
ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.