Ce contenu n'est pas disponible dans la langue sélectionnée.
Chapter 4. Managing groups
You can use Identity Service (keystone) groups to assign consistent permissions to multiple user accounts.
4.1. Configuring groups with the CLI
Create a group and assign permissions to the group. Members of the group inherit the same permissions that you assign to the group:
Create the group
grp-Auditors
:$ openstack group create grp-Auditors +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | | | domain_id | default | | id | 2a4856fc242142a4aa7c02d28edfdfff | | name | grp-Auditors | +-------------+----------------------------------+
View a list of keystone groups:
$ openstack group list --long +----------------------------------+--------------+-----------+-------------+ | ID | Name | Domain ID | Description | +----------------------------------+--------------+-----------+-------------+ | 2a4856fc242142a4aa7c02d28edfdfff | grp-Auditors | default | | +----------------------------------+--------------+-----------+-------------+
Grant the
grp-Auditors
group permission to access thedemo
project, while using themember
role:$ openstack role add member --group grp-Auditors --project demo
Add the existing user
user1
to thegrp-Auditors
group:$ openstack group add user grp-Auditors user1 user1 added to group grp-Auditors
Confirm that
user1
is a member ofgrp-Auditors
:$ openstack group contains user grp-Auditors user1 user1 in group grp-Auditors
Review the effective permissions that have been assigned to
user1
:$ openstack role assignment list --effective --user user1 +----------------------------------+----------------------------------+-------+----------------------------------+--------+-----------+ | Role | User | Group | Project | Domain | Inherited | +----------------------------------+----------------------------------+-------+----------------------------------+--------+-----------+ | 9fe2ff9ee4384b1894a90878d3e92bab | 3fefe5b4f6c948e6959d1feaef4822f2 | | 0ce36252e2fb4ea8983bed2a568fa832 | | False | +----------------------------------+----------------------------------+-------+----------------------------------+--------+-----------+
4.2. Configuring groups with the Dashboard
You can use the dashboard to manage the membership of keystone groups. However, you must use the command-line to assign role permissions to a group. For more information, see Configuring groups with the CLI.
4.2.1. Creating a group
- Log in to the dashboard as a user with administrative privileges.
- Select Identity > Groups.
- Click +Create Group.
- Enter a name and description for the group.
- Click Create Group.
4.2.2. Managing Group membership
You can use the dashboard to manage the membership of keystone groups.
- Log in to the dashboard as a user with administrative privileges.
- Select Identity > Groups.
- Click Manage Members for the group that you want to edit.
- Use Add users to add a user to the group. If you want to remove a user, mark its checkbox and click Remove users.