osc identity role
Identity Role commands
OpenStack services typically determine whether a user’s API request should be allowed using Role Based Access Control (RBAC). For OpenStack this means the service compares the roles that user has on the project (as indicated by the roles in the token), against the roles required for the API in question (as defined in the service’s policy file). A user obtains roles on a project by having these assigned to them via the Identity service API.
Roles must initially be created as entities via the Identity services API and, once created, can then be assigned. You can assign roles to a user or group on a project, including projects owned by other domains. You can also assign roles to a user or group on a domain, although this is only currently relevant for using a domain scoped token to execute domain-level Identity service API requests.
Usage: osc identity role <COMMAND>
Available subcommands:
osc identity role assignment— Role Assignments commandsosc identity role create— Create roleosc identity role delete— Delete roleosc identity role imply— Identity Implied Imply commandsosc identity role inference— Role Inferences commandsosc identity role list— List rolesosc identity role set— Update roleosc identity role show— Show role details