Red Hat SummitChapter 3. Group Management
3.1. Manage Keystone Groups
3.1.1. Using the Command-line
You can use Identity Service (keystone) groups to assign consistent permissions to multiple user accounts. This example creates a group and then assigns permissions to the group. As a result, members of the group will inherit the same permissions that were assigned to the group:
The openstack group subcommands require keystone v3.
Create the group
grp-Auditors:Copy to Clipboard Copied! Toggle word wrap Toggle overflow View a list of keystone groups:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Grant the
grp-Auditorsgroup permission to access thedemoproject, while using the_member_role:openstack role add _member_ --group grp-Auditors --project demo
$ openstack role add _member_ --group grp-Auditors --project demoCopy to Clipboard Copied! Toggle word wrap Toggle overflow Add the existing user
user1to thegrp-Auditorsgroup:openstack group add user grp-Auditors user1
$ openstack group add user grp-Auditors user1 user1 added to group grp-AuditorsCopy to Clipboard Copied! Toggle word wrap Toggle overflow Confirm that
user1is a member ofgrp-Auditors:openstack group contains user grp-Auditors user1
$ openstack group contains user grp-Auditors user1 user1 in group grp-AuditorsCopy to Clipboard Copied! Toggle word wrap Toggle overflow Review the effective permissions that have been assigned to
user1:Copy to Clipboard Copied! Toggle word wrap Toggle overflow
3.1.2. Using Dashboard
You can use the dashboard to manage the membership of keystone groups. You will need to use the command-line to assign role permissions to a group, as covered in the previous example.
3.1.2.1. Create a Group
- As an admin user in the dashboard, select Identity > Groups.
- Click +Create Group.
- Enter a name and description for the group.
- Click Create Group.
3.1.2.2. Manage Group Membership
You can use the dashboard to manage the membership of keystone groups.
- As an admin user in the dashboard, select Identity > Groups.
- Click Manage Members for the group you need to edit.
- Use Add users to add a user to the group. If you need to remove a user, mark its checkbox and click or Remove users.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}