network rbac¶
A network rbac is a Role-Based Access Control (RBAC) policy for network resources. It enables both operators and users to grant access to network resources for specific projects.
Network v2
network rbac create¶
Create network RBAC policy
os network rbac create
--type <type>
--action <action>
--target-project <target-project> [--target-project-domain <target-project-domain>]
[--project <project> [--project-domain <project-domain>]]
<rbac-policy>
-
--type
<type>
¶ Type of the object that RBAC policy affects (“qos_policy” or “network”) (required)
-
--action
<action>
¶ Action for the RBAC policy (“access_as_external” or “access_as_shared”) (required)
-
--target-project
<target-project>
¶ The project to which the RBAC policy will be enforced (name or ID) (required)
-
--target-project-domain
<target-project-domain>
¶ Domain the target project belongs to (name or ID). This can be used in case collisions between project names exist.
-
--project
<project>
¶ The owner project (name or ID)
-
--project-domain
<project-domain>
¶ Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.
-
<rbac-object>
The object to which this RBAC policy affects (name or ID)
network rbac delete¶
Delete network RBAC policy(s)
os network rbac delete
<rbac-policy> [<rbac-policy> ...]
-
<rbac-policy>
RBAC policy(s) to delete (ID only)
network rbac set¶
Set network RBAC policy properties
os network rbac set
[--target-project <target-project> [--target-project-domain <target-project-domain>]]
<rbac-policy>
-
--target-project
<target-project>
¶ The project to which the RBAC policy will be enforced (name or ID)
-
--target-project-domain
<target-project-domain>
¶ Domain the target project belongs to (name or ID). This can be used in case collisions between project names exist.
-
<rbac-policy>
RBAC policy to be modified (ID only)
network rbac show¶
Display network RBAC policy details
os network rbac show
<rbac-policy>
-
<rbac-policy>
RBAC policy (ID only)