Chapter 68. role

This chapter describes the commands under the role command.

68.1. role add

Adds a role assignment to a user or group on the system, a domain, or a project

Usage:

openstack role add [-h]
                          [--system <system> | --domain <domain> | --project <project>]
                          [--user <user> | --group <group>]
                          [--group-domain <group-domain>]
                          [--project-domain <project-domain>]
                          [--user-domain <user-domain>] [--inherited]
                          [--role-domain <role-domain>]
                          <role>

Table 68.1. Positional Arguments

ValueSummary

<role>

Role to add to <user> (name or id)

Table 68.2. Optional Arguments

ValueSummary

-h, --help

Show this help message and exit

--system <system>

Include <system> (all)

--domain <domain>

Include <domain> (name or id)

--project <project>

Include <project> (name or id)

--user <user>

Include <user> (name or id)

--group <group>

Include <group> (name or id)

--group-domain <group-domain>

Domain the group belongs to (name or id). this can be used in case collisions between group names exist.

--project-domain <project-domain>

Domain the project belongs to (name or id). this can be used in case collisions between project names exist.

--user-domain <user-domain>

Domain the user belongs to (name or id). this can be used in case collisions between user names exist.

--inherited

Specifies if the role grant is inheritable to the sub projects

--role-domain <role-domain>

Domain the role belongs to (name or id). this must be specified when the name of a domain specific role is used.

68.2. role assignment list

List role assignments

Usage:

openstack role assignment list [-h] [-f {csv,json,table,value,yaml}]
                                      [-c COLUMN]
                                      [--quote {all,minimal,none,nonnumeric}]
                                      [--noindent] [--max-width <integer>]
                                      [--fit-width] [--print-empty]
                                      [--sort-column SORT_COLUMN]
                                      [--effective] [--role <role>]
                                      [--role-domain <role-domain>] [--names]
                                      [--user <user>]
                                      [--user-domain <user-domain>]
                                      [--group <group>]
                                      [--group-domain <group-domain>]
                                      [--domain <domain> | --project <project> | --system <system>]
                                      [--project-domain <project-domain>]
                                      [--inherited] [--auth-user]
                                      [--auth-project]

Table 68.3. Optional Arguments

ValueSummary

-h, --help

Show this help message and exit

--effective

Returns only effective role assignments

--role <role>

Role to filter (name or id)

--role-domain <role-domain>

Domain the role belongs to (name or id). this must be specified when the name of a domain specific role is used.

--names

Display names instead of ids

--user <user>

User to filter (name or id)

--user-domain <user-domain>

Domain the user belongs to (name or id). this can be used in case collisions between user names exist.

--group <group>

Group to filter (name or id)

--group-domain <group-domain>

Domain the group belongs to (name or id). this can be used in case collisions between group names exist.

--domain <domain>

Domain to filter (name or id)

--project <project>

Project to filter (name or id)

--system <system>

Filter based on system role assignments

--project-domain <project-domain>

Domain the project belongs to (name or id). this can be used in case collisions between project names exist.

--inherited

Specifies if the role grant is inheritable to the sub projects

--auth-user

Only list assignments for the authenticated user

--auth-project

Only list assignments for the project to which the authenticated user’s token is scoped

Table 68.4. Output Formatters

ValueSummary

output formatter options-f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

--sort-column SORT_COLUMN

Specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

Table 68.5. CSV Formatter

ValueSummary

--quote {all,minimal,none,nonnumeric}

When to include quotes, defaults to nonnumeric

Table 68.6. JSON Formatter

ValueSummary

--noindent

Whether to disable indenting the json

Table 68.7. Table Formatter

ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

68.3. role create

Create new role

Usage:

openstack role create [-h] [-f {json,shell,table,value,yaml}]
                             [-c COLUMN] [--noindent] [--prefix PREFIX]
                             [--max-width <integer>] [--fit-width]
                             [--print-empty] [--domain <domain>] [--or-show]
                             <role-name>

Table 68.8. Positional Arguments

ValueSummary

<role-name>

New role name

Table 68.9. Optional Arguments

ValueSummary

-h, --help

Show this help message and exit

--domain <domain>

Domain the role belongs to (name or id)

--or-show

Return existing role

Table 68.10. Output Formatters

ValueSummary

output formatter options-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

Table 68.11. JSON Formatter

ValueSummary

--noindent

Whether to disable indenting the json

Table 68.12. Shell Formatter

ValueSummary

a format a UNIX shell can parse (variable="value")--prefix PREFIX

Add a prefix to all variable names

Table 68.13. Table Formatter

ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

68.4. role delete

Delete role(s)

Usage:

openstack role delete [-h] [--domain <domain>] <role> [<role> ...]

Table 68.14. Positional Arguments

ValueSummary

<role>

Role(s) to delete (name or id)

Table 68.15. Optional Arguments

ValueSummary

-h, --help

Show this help message and exit

--domain <domain>

Domain the role belongs to (name or id)

68.5. role list

List roles

Usage:

openstack role list [-h] [-f {csv,json,table,value,yaml}] [-c COLUMN]
                           [--quote {all,minimal,none,nonnumeric}]
                           [--noindent] [--max-width <integer>] [--fit-width]
                           [--print-empty] [--sort-column SORT_COLUMN]
                           [--system <system> | --domain <domain> | --project <project>]
                           [--user <user> | --group <group>]
                           [--group-domain <group-domain>]
                           [--project-domain <project-domain>]
                           [--user-domain <user-domain>] [--inherited]

Table 68.16. Optional Arguments

ValueSummary

-h, --help

Show this help message and exit

--system <system>

Include <system> (all)

--domain <domain>

Include <domain> (name or id)

--project <project>

Include <project> (name or id)

--user <user>

Include <user> (name or id)

--group <group>

Include <group> (name or id)

--group-domain <group-domain>

Domain the group belongs to (name or id). this can be used in case collisions between group names exist.

--project-domain <project-domain>

Domain the project belongs to (name or id). this can be used in case collisions between project names exist.

--user-domain <user-domain>

Domain the user belongs to (name or id). this can be used in case collisions between user names exist.

--inherited

Specifies if the role grant is inheritable to the sub projects

Table 68.17. Output Formatters

ValueSummary

output formatter options-f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

--sort-column SORT_COLUMN

Specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

Table 68.18. CSV Formatter

ValueSummary

--quote {all,minimal,none,nonnumeric}

When to include quotes, defaults to nonnumeric

Table 68.19. JSON Formatter

ValueSummary

--noindent

Whether to disable indenting the json

Table 68.20. Table Formatter

ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

68.6. role remove

Removes a role assignment from system/domain/project : user/group

Usage:

openstack role remove [-h]
                             [--system <system> | --domain <domain> | --project <project>]
                             [--user <user> | --group <group>]
                             [--group-domain <group-domain>]
                             [--project-domain <project-domain>]
                             [--user-domain <user-domain>] [--inherited]
                             [--role-domain <role-domain>]
                             <role>

Table 68.21. Positional Arguments

ValueSummary

<role>

Role to remove (name or id)

Table 68.22. Optional Arguments

ValueSummary

-h, --help

Show this help message and exit

--system <system>

Include <system> (all)

--domain <domain>

Include <domain> (name or id)

--project <project>

Include <project> (name or id)

--user <user>

Include <user> (name or id)

--group <group>

Include <group> (name or id)

--group-domain <group-domain>

Domain the group belongs to (name or id). this can be used in case collisions between group names exist.

--project-domain <project-domain>

Domain the project belongs to (name or id). this can be used in case collisions between project names exist.

--user-domain <user-domain>

Domain the user belongs to (name or id). this can be used in case collisions between user names exist.

--inherited

Specifies if the role grant is inheritable to the sub projects

--role-domain <role-domain>

Domain the role belongs to (name or id). this must be specified when the name of a domain specific role is used.

68.7. role set

Set role properties

Usage:

openstack role set [-h] [--domain <domain>] [--name <name>] <role>

Table 68.23. Positional Arguments

ValueSummary

<role>

Role to modify (name or id)

Table 68.24. Optional Arguments

ValueSummary

-h, --help

Show this help message and exit

--domain <domain>

Domain the role belongs to (name or id)

--name <name>

Set role name

68.8. role show

Display role details

Usage:

openstack role show [-h] [-f {json,shell,table,value,yaml}] [-c COLUMN]
                           [--noindent] [--prefix PREFIX]
                           [--max-width <integer>] [--fit-width]
                           [--print-empty] [--domain <domain>]
                           <role>

Table 68.25. Positional Arguments

ValueSummary

<role>

Role to display (name or id)

Table 68.26. Optional Arguments

ValueSummary

-h, --help

Show this help message and exit

--domain <domain>

Domain the role belongs to (name or id)

Table 68.27. Output Formatters

ValueSummary

output formatter options-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

Table 68.28. JSON Formatter

ValueSummary

--noindent

Whether to disable indenting the json

Table 68.29. Shell Formatter

ValueSummary

a format a UNIX shell can parse (variable="value")--prefix PREFIX

Add a prefix to all variable names

Table 68.30. Table Formatter

ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.