Create and manage roles

A role is a personality that a user assumes to perform a specific set of operations. A role includes a set of rights and privileges. A user assumes that role inherits those rights and privileges.

Note

OpenStack Identity service defines a user’s role on a project, but it is completely up to the individual service to define what that role means. This is referred to as the service’s policy. To get details about what the privileges for each role are, refer to the policy.json file available for each service in the /etc/SERVICE/policy.json file. For example, the policy defined for OpenStack Identity service is defined in the /etc/keystone/policy.json file.

Create a role

  1. Log in to the dashboard and select the admin project from the drop-down list.

  2. On the Identity tab, click the Roles category.

  3. Click the Create Role button.

    In the Create Role window, enter a name for the role.

  4. Click the Create Role button to confirm your changes.

Edit a role

  1. Log in to the dashboard and select the Identity project from the drop-down list.

  2. On the Identity tab, click the Roles category.

  3. Click the Edit button.

    In the Update Role window, enter a new name for the role.

  4. Click the Update Role button to confirm your changes.

Note

Using the dashboard, you can edit only the name assigned to a role.

Delete a role

  1. Log in to the dashboard and select the Identity project from the drop-down list.

  2. On the Identity tab, click the Roles category.

  3. Select the role you want to delete and click the Delete Roles button.

  4. In the Confirm Delete Roles window, click Delete Roles to confirm the deletion.

    You cannot undo this action.