此内容没有您所选择的语言版本。

Chapter 3. Group Management


3.1. Manage Keystone Groups

3.1.1. Using the Command-line

You can use Identity Service (keystone) groups to assign consistent permissions to multiple user accounts. This example creates a group and then assigns permissions to the group. As a result, members of the group will inherit the same permissions that were assigned to the group:

Note

The openstack group subcommands require keystone v3.

  1. Create the group grp-Auditors:

    $ openstack group create grp-Auditors
    +-------------+----------------------------------+
    | Field       | Value                            |
    +-------------+----------------------------------+
    | description |                                  |
    | domain_id   | default                          |
    | id          | 2a4856fc242142a4aa7c02d28edfdfff |
    | name        | grp-Auditors                     |
    +-------------+----------------------------------+
  2. View a list of keystone groups:

    $ openstack group list --long
    +----------------------------------+--------------+-----------+-------------+
    | ID                               | Name         | Domain ID | Description |
    +----------------------------------+--------------+-----------+-------------+
    | 2a4856fc242142a4aa7c02d28edfdfff | grp-Auditors | default   |             |
    +----------------------------------+--------------+-----------+-------------+
  3. Grant the grp-Auditors group permission to access the demo project, while using the _member_ role:

    $ openstack role add _member_ --group grp-Auditors --project demo
  4. Add the existing user user1 to the grp-Auditors group:

    $ openstack group add user grp-Auditors user1
    user1 added to group grp-Auditors
  5. Confirm that user1 is a member of grp-Auditors:

    $ openstack group contains user grp-Auditors user1
    user1 in group grp-Auditors
  6. Review the effective permissions that have been assigned to user1:

    $ openstack role assignment list --effective --user user1
    +----------------------------------+----------------------------------+-------+----------------------------------+--------+-----------+
    | Role                             | User                             | Group | Project                          | Domain | Inherited |
    +----------------------------------+----------------------------------+-------+----------------------------------+--------+-----------+
    | 9fe2ff9ee4384b1894a90878d3e92bab | 3fefe5b4f6c948e6959d1feaef4822f2 |       | 0ce36252e2fb4ea8983bed2a568fa832 |        | False     |
    +----------------------------------+----------------------------------+-------+----------------------------------+--------+-----------+

3.1.2. Using Dashboard

You can use the dashboard to manage the membership of keystone groups. You will need to use the command-line to assign role permissions to a group, as covered in the previous example.

3.1.2.1. Create a Group

  1. As an admin user in the dashboard, select Identity > Groups.
  2. Click +Create Group.
  3. Enter a name and description for the group.
  4. Click Create Group.

3.1.2.2. Manage Group Membership

You can use the dashboard to manage the membership of keystone groups.

  1. As an admin user in the dashboard, select Identity > Groups.
  2. Click Manage Members for the group you need to edit.
  3. Use Add users to add a user to the group. If you need to remove a user, mark its checkbox and click or Remove users.
Red Hat logoGithubRedditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

© 2024 Red Hat, Inc.