role

Identity v2, v3

role add

Add role assignment to a user or group in a project or domain

os role add
    --domain <domain> | --project <project> [--project-domain <project-domain>]
    --user <user> [--user-domain <user-domain>] | --group <group> [--group-domain <group-domain>]
    --role-domain <role-domain>
    --inherited
    <role>
--domain <domain>

Include <domain> (name or ID)

New in version 3.

--project <project>

Include <project> (name or ID)

--user <user>

Include <user> (name or ID)

--group <group>

Include <group> (name or ID)

New in version 3.

--user-domain <user-domain>

Domain the user belongs to (name or ID). This can be used in case collisions between user names exist.

New in version 3.

--group-domain <group-domain>

Domain the group belongs to (name or ID). This can be used in case collisions between group names exist.

New in version 3.

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

New in version 3.

--inherited

Specifies if the role grant is inheritable to the sub projects.

New in version 3.

--role-domain <role-domain>

Domain the role belongs to (name or ID). This must be specified when the name of a domain specific role is used.

New in version 3.

<role>

Role to add to <project>:<user> (name or ID)

role create

Create new role

os role create
    [--or-show]
    [--domain <domain>]
    <name>
--domain <domain>

Domain the role belongs to (name or ID).

New in version 3.

--or-show

Return existing role

If the role already exists return the existing role data and do not fail.

<name>

New role name

role delete

Delete role(s)

os role delete
    <role> [<role> ...]
    [--domain <domain>]
<role>

Role to delete (name or ID)

--domain <domain>

Domain the role belongs to (name or ID).

New in version 3.

role list

List roles

os role list
    --domain <domain> | --project <project> [--project-domain <project-domain>]
    --user <user> [--user-domain <user-domain>] | --group <group> [--group-domain <group-domain>]
    --inherited
--domain <domain>

Filter roles by <domain> (name or ID)

(Deprecated if being used to list assignments in conjunction with the --user <user>, option, please use role assignment list instead)

--project <project>

Filter roles by <project> (name or ID)

(Deprecated, please use role assignment list instead)

--user <user>

Filter roles by <user> (name or ID)

(Deprecated, please use role assignment list instead)

--group <group>

Filter roles by <group> (name or ID)

(Deprecated, please use role assignment list instead)

--user-domain <user-domain>

Domain the user belongs to (name or ID). This can be used in case collisions between user names exist.

(Deprecated, please use role assignment list instead)

New in version 3.

--group-domain <group-domain>

Domain the group belongs to (name or ID). This can be used in case collisions between group names exist.

(Deprecated, please use role assignment list instead)

New in version 3.

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

(Deprecated, please use role assignment list instead)

New in version 3.

--inherited

Specifies if the role grant is inheritable to the sub projects.

(Deprecated, please use role assignment list instead)

New in version 3.

role remove

Remove role assignment from domain/project : user/group

os role remove
    --domain <domain> | --project <project> [--project-domain <project-domain>]
    --user <user> [--user-domain <user-domain>] | --group <group> [--group-domain <group-domain>]
    --role-domain <role-domain>
    --inherited
    <role>
--domain <domain>

Include <domain> (name or ID)

New in version 3.

--project <project>

Include <project> (name or ID)

--user <user>

Include <user> (name or ID)

--group <group>

Include <group> (name or ID)

New in version 3.

--user-domain <user-domain>

Domain the user belongs to (name or ID). This can be used in case collisions between user names exist.

New in version 3.

--group-domain <group-domain>

Domain the group belongs to (name or ID). This can be used in case collisions between group names exist.

New in version 3.

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

New in version 3.

--inherited

Specifies if the role grant is inheritable to the sub projects.

New in version 3.

--role-domain <role-domain>

Domain the role belongs to (name or ID). This must be specified when the name of a domain specific role is used.

New in version 3.

<role>

Role to remove (name or ID)

role set

Set role properties

New in version 3.

os role set
    [--name <name>]
    [--domain <domain>]
    <role>
--name <name>

Set role name

--domain <domain>

Domain the role belongs to (name or ID).

New in version 3.

<role>

Role to modify (name or ID)

role show

Display role details

os role show
    [--domain <domain>]
    <role>
--domain <domain>

Domain the role belongs to (name or ID).

New in version 3.

<role>

Role to display (name or ID)

Table Of Contents

Previous topic

request token

Next topic

role assignment

Project Source

This Page

Navigation

© Copyright 2012-2013 OpenStack Foundation. Created using Sphinx 1.2.3.