Red Hat SummitChapter 4. Managing groups
You can use Identity Service (keystone) groups to assign consistent permissions to multiple user accounts.
4.1. Configuring groups with the CLI
Create a group and assign permissions to the group. Members of the group inherit the same permissions that you assign to the group:
Create the group
grp-Auditors:Copy to Clipboard Copied! Toggle word wrap Toggle overflow View a list of keystone groups:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Grant the
grp-Auditorsgroup permission to access thedemoproject, while using thememberrole:openstack role add member --group grp-Auditors --project demo
$ openstack role add member --group grp-Auditors --project demoCopy to Clipboard Copied! Toggle word wrap Toggle overflow Add the existing user
user1to thegrp-Auditorsgroup:openstack group add user grp-Auditors user1
$ openstack group add user grp-Auditors user1 user1 added to group grp-AuditorsCopy to Clipboard Copied! Toggle word wrap Toggle overflow Confirm that
user1is a member ofgrp-Auditors:openstack group contains user grp-Auditors user1
$ openstack group contains user grp-Auditors user1 user1 in group grp-AuditorsCopy to Clipboard Copied! Toggle word wrap Toggle overflow Review the effective permissions that have been assigned to
user1:Copy to Clipboard Copied! Toggle word wrap Toggle overflow
4.2. Configuring groups with the Dashboard
You can use the dashboard to manage the membership of keystone groups. However, you must use the command-line to assign role permissions to a group. For more information, see Configuring groups with the CLI.
4.2.1. Creating a group
- Log in to the dashboard as a user with administrative privileges.
- Select Identity > Groups.
- Click +Create Group.
- Enter a name and description for the group.
- Click Create Group.
4.2.2. Managing Group membership
You can use the dashboard to manage the membership of keystone groups.
- Log in to the dashboard as a user with administrative privileges.
- Select Identity > Groups.
- Click Manage Members for the group that you want to edit.
- Use Add users to add a user to the group. If you want to remove a user, mark its checkbox and click Remove users.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}