Chapter 66. role

This chapter describes the commands under the role command.

66.1. role add

Adds a role assignment to a user or group on the system, a domain, or a project

Usage:

openstack role add [-h]
                          [--system <system> | --domain <domain> | --project <project>]
                          [--user <user> | --group <group>]
                          [--group-domain <group-domain>]
                          [--project-domain <project-domain>]
                          [--user-domain <user-domain>] [--inherited]
                          [--role-domain <role-domain>]
                          <role>

Table 66.1. Positional arguments

ValueSummary

<role>

Role to add to <user> (name or id)

Table 66.2. Command arguments

ValueSummary

-h, --help

Show this help message and exit

--system <system>

Include <system> (all)

--domain <domain>

Include <domain> (name or id)

--project <project>

Include <project> (name or id)

--user <user>

Include <user> (name or id)

--group <group>

Include <group> (name or id)

--group-domain <group-domain>

Domain the group belongs to (name or id). this can be used in case collisions between group names exist.

--project-domain <project-domain>

Domain the project belongs to (name or id). this can be used in case collisions between project names exist.

--user-domain <user-domain>

Domain the user belongs to (name or id). this can be used in case collisions between user names exist.

--inherited

Specifies if the role grant is inheritable to the sub projects

--role-domain <role-domain>

Domain the role belongs to (name or id). this must be specified when the name of a domain specific role is used.

66.2. role assignment list

List role assignments

Usage:

openstack role assignment list [-h] [-f {csv,json,table,value,yaml}]
                                      [-c COLUMN]
                                      [--quote {all,minimal,none,nonnumeric}]
                                      [--noindent] [--max-width <integer>]
                                      [--fit-width] [--print-empty]
                                      [--sort-column SORT_COLUMN]
                                      [--effective] [--role <role>]
                                      [--role-domain <role-domain>] [--names]
                                      [--user <user>]
                                      [--user-domain <user-domain>]
                                      [--group <group>]
                                      [--group-domain <group-domain>]
                                      [--domain <domain> | --project <project> | --system <system>]
                                      [--project-domain <project-domain>]
                                      [--inherited] [--auth-user]
                                      [--auth-project]

Table 66.3. Command arguments

ValueSummary

-h, --help

Show this help message and exit

--effective

Returns only effective role assignments

--role <role>

Role to filter (name or id)

--role-domain <role-domain>

Domain the role belongs to (name or id). this must be specified when the name of a domain specific role is used.

--names

Display names instead of ids

--user <user>

User to filter (name or id)

--user-domain <user-domain>

Domain the user belongs to (name or id). this can be used in case collisions between user names exist.

--group <group>

Group to filter (name or id)

--group-domain <group-domain>

Domain the group belongs to (name or id). this can be used in case collisions between group names exist.

--domain <domain>

Domain to filter (name or id)

--project <project>

Project to filter (name or id)

--system <system>

Filter based on system role assignments

--project-domain <project-domain>

Domain the project belongs to (name or id). this can be used in case collisions between project names exist.

--inherited

Specifies if the role grant is inheritable to the sub projects

--auth-user

Only list assignments for the authenticated user

--auth-project

Only list assignments for the project to which the authenticated user’s token is scoped

Table 66.4. Output formatter options

ValueSummary

-f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

--sort-column SORT_COLUMN

Specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

Table 66.5. CSV formatter options

ValueSummary

--quote {all,minimal,none,nonnumeric}

When to include quotes, defaults to nonnumeric

Table 66.6. JSON formatter options

ValueSummary

--noindent

Whether to disable indenting the json

Table 66.7. Table formatter options

ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

66.3. role create

Create new role

Usage:

openstack role create [-h] [-f {json,shell,table,value,yaml}]
                             [-c COLUMN] [--noindent] [--prefix PREFIX]
                             [--max-width <integer>] [--fit-width]
                             [--print-empty] [--domain <domain>] [--or-show]
                             <role-name>

Table 66.8. Positional arguments

ValueSummary

<role-name>

New role name

Table 66.9. Command arguments

ValueSummary

-h, --help

Show this help message and exit

--domain <domain>

Domain the role belongs to (name or id)

--or-show

Return existing role

Table 66.10. Output formatter options

ValueSummary

-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

Table 66.11. JSON formatter options

ValueSummary

--noindent

Whether to disable indenting the json

Table 66.12. Shell formatter options

ValueSummary

--prefix PREFIX

Add a prefix to all variable names

Table 66.13. Table formatter options

ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

66.4. role delete

Delete role(s)

Usage:

openstack role delete [-h] [--domain <domain>] <role> [<role> ...]

Table 66.14. Positional arguments

ValueSummary

<role>

Role(s) to delete (name or id)

Table 66.15. Command arguments

ValueSummary

-h, --help

Show this help message and exit

--domain <domain>

Domain the role belongs to (name or id)

66.5. role list

List roles

Usage:

openstack role list [-h] [-f {csv,json,table,value,yaml}] [-c COLUMN]
                           [--quote {all,minimal,none,nonnumeric}]
                           [--noindent] [--max-width <integer>] [--fit-width]
                           [--print-empty] [--sort-column SORT_COLUMN]
                           [--domain <domain>]

Table 66.16. Command arguments

ValueSummary

-h, --help

Show this help message and exit

--domain <domain>

Include <domain> (name or id)

Table 66.17. Output formatter options

ValueSummary

-f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

--sort-column SORT_COLUMN

Specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

Table 66.18. CSV formatter options

ValueSummary

--quote {all,minimal,none,nonnumeric}

When to include quotes, defaults to nonnumeric

Table 66.19. JSON formatter options

ValueSummary

--noindent

Whether to disable indenting the json

Table 66.20. Table formatter options

ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

66.6. role remove

Removes a role assignment from system/domain/project : user/group

Usage:

openstack role remove [-h]
                             [--system <system> | --domain <domain> | --project <project>]
                             [--user <user> | --group <group>]
                             [--group-domain <group-domain>]
                             [--project-domain <project-domain>]
                             [--user-domain <user-domain>] [--inherited]
                             [--role-domain <role-domain>]
                             <role>

Table 66.21. Positional arguments

ValueSummary

<role>

Role to remove (name or id)

Table 66.22. Command arguments

ValueSummary

-h, --help

Show this help message and exit

--system <system>

Include <system> (all)

--domain <domain>

Include <domain> (name or id)

--project <project>

Include <project> (name or id)

--user <user>

Include <user> (name or id)

--group <group>

Include <group> (name or id)

--group-domain <group-domain>

Domain the group belongs to (name or id). this can be used in case collisions between group names exist.

--project-domain <project-domain>

Domain the project belongs to (name or id). this can be used in case collisions between project names exist.

--user-domain <user-domain>

Domain the user belongs to (name or id). this can be used in case collisions between user names exist.

--inherited

Specifies if the role grant is inheritable to the sub projects

--role-domain <role-domain>

Domain the role belongs to (name or id). this must be specified when the name of a domain specific role is used.

66.7. role set

Set role properties

Usage:

openstack role set [-h] [--domain <domain>] [--name <name>] <role>

Table 66.23. Positional arguments

ValueSummary

<role>

Role to modify (name or id)

Table 66.24. Command arguments

ValueSummary

-h, --help

Show this help message and exit

--domain <domain>

Domain the role belongs to (name or id)

--name <name>

Set role name

66.8. role show

Display role details

Usage:

openstack role show [-h] [-f {json,shell,table,value,yaml}] [-c COLUMN]
                           [--noindent] [--prefix PREFIX]
                           [--max-width <integer>] [--fit-width]
                           [--print-empty] [--domain <domain>]
                           <role>

Table 66.25. Positional arguments

ValueSummary

<role>

Role to display (name or id)

Table 66.26. Command arguments

ValueSummary

-h, --help

Show this help message and exit

--domain <domain>

Domain the role belongs to (name or id)

Table 66.27. Output formatter options

ValueSummary

-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

Table 66.28. JSON formatter options

ValueSummary

--noindent

Whether to disable indenting the json

Table 66.29. Shell formatter options

ValueSummary

--prefix PREFIX

Add a prefix to all variable names

Table 66.30. Table formatter options

ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.