roles definitions page<\/a>.<\/p>\n\n\n\nCreate User Account in OpenStack<\/h3>\n\n\n\nCreate User Account via Horizon<\/h4>\n\n\n\n If you want to add additional users into OpenStack for the management of various tasks, you can create their accounts either from command line or from the OpenStack horizon.<\/p>\n\n\n\n
To create user account in OpenStack from the horizon, simply navigate to Horizon > Identity > Users > Create User<\/strong>.<\/p>\n\n\n\nSome of the details required for the user account include the username, description of the user, email address, the user password, the primary project to assign a user to, the role a user has on assigned project, account status (enabled or disabled), password state (lock\/unlock). The details marked with * are required, the rest are optional.<\/p>\n\n\n\nClick Create User<\/strong> to create the account.<\/p>\n\n\n\nOnce done, you should see the user listed under users page.<\/p>\n\n\n\n
Create User Account via Command Line<\/h4>\n\n\n\n For the CLI centric admins, you can use the openstack user create<\/code><\/strong> command.<\/p>\n\n\n\nopenstack user create -h<\/code><\/pre>\n\n\n\nFor example;<\/p>\n\n\n\n
openstack user create --project poc \\\n\t--email pocuser@kifarunix.com \\\n\t--description \"Kifarunix POC User\" \\\n\t--password-prompt \\\n\t--enable \\\n\tkifarunix-poc\n<\/code><\/pre>\n\n\n\nThe command doesn’t assign roles to the user automatically. See below on how to assign user some roles.<\/p>\n\n\n\n
Update User Account on OpenStack<\/h3>\n\n\n\n You can modify a number of things on the user account either from the horizon or from command line.<\/p>\n\n\n\n
On the horizon, you can update user details by navigating to Identity > Users<\/strong> > Select specific user to update and click edit<\/strong> to make updates.<\/p>\n\n\n\nFrom command line, you can use the command openstack user set<\/code><\/strong>. Read more on;<\/p>\n\n\n\nopenstack user set -h<\/code><\/pre>\n\n\n\nDelete User Account on OpenStack<\/h3>\n\n\n\n If you want to delete user account on OpenStack, you can do it from the command line or from horizon.<\/p>\n\n\n\n
To delete user from horizon, login as administrator and navigate to Identity > Users > Select User > Under Actions column, click drop down > Delete User<\/strong>.<\/p>\n\n\n\nYou can as well use command line with the command, openstack user delete<\/code><\/strong>.<\/p>\n\n\n\nopenstack user delete -h<\/code><\/pre>\n\n\n\nAssign Roles to a User on OpenStack<\/h3>\n\n\n\n When you create a user from Horizon, you will get an option to assign them some roles. However, when you create a user from the command line, you have to run a seperate command to add them some roles.<\/p>\n\n\n\n
So, for examole, once you have created a user account, you need to assign them some role using the openstack role add<\/code><\/strong> command.<\/p>\n\n\n\nopenstack role add -h<\/code><\/pre>\n\n\n\nFor example;<\/p>\n\n\n\n
openstack role add --user kifarunix-poc --project poc reader<\/code><\/pre>\n\n\n\nList Assigned User Roles on OpenStack<\/h3>\n\n\n\n How can you verify roles assigned to a user? You can verify user roles from the horizon or from command line.<\/p>\n\n\n\n
To verify user roles from the command line, simply navigate to Identity<\/strong> page > Users<\/strong> > Click on the respective username<\/strong> > Role assignments<\/strong>.<\/p>\n\n\n\nTo verify user assigned roles from the command line, use the command, openstack role assignment list<\/code>.<\/p>\n\n\n\nopenstack role assignment list -h<\/code><\/pre>\n\n\n\nFor example;<\/p>\n\n\n\n
openstack role assignment list --user kifarunix-demo<\/code><\/pre>\n\n\n\n+----------------------------------+----------------------------------+-------+----------------------------------+--------+--------+-----------+\n| Role | User | Group | Project | Domain | System | Inherited |\n+----------------------------------+----------------------------------+-------+----------------------------------+--------+--------+-----------+\n| b8bceeaf45c2489fb1195989904f7ba7 | 5579e7303f164ae8b1a76b6781845b3a | | 18914ea6f4014305818cdb1ec8df8daf | | | False |\n+----------------------------------+----------------------------------+-------+----------------------------------+--------+--------+-----------+\n<\/code><\/pre>\n\n\n\nShow more details about the role, use the openstack role show<\/code><\/strong> command;<\/p>\n\n\n\nopenstack role show -h<\/code><\/pre>\n\n\n\nFor example, find out more about the role above;<\/p>\n\n\n\n
openstack role show b8bceeaf45c2489fb1195989904f7ba7<\/code><\/pre>\n\n\n\n+-------------+----------------------------------+\n| Field | Value |\n+-------------+----------------------------------+\n| description | None |\n| domain_id | None |\n| id | b8bceeaf45c2489fb1195989904f7ba7 |\n| name | reader |\n| options | {'immutable': True} |\n+-------------+----------------------------------+\n<\/code><\/pre>\n\n\n\nYou can see it is reader role.<\/p>\n\n\n\n
Remove User Roles on OpenStack<\/h3>\n\n\n\n You can update a user and remove their roles using the command, openstack role remove<\/strong>.<\/p>\n\n\n\nopenstack role remove -h<\/code><\/pre>\n\n\n\nFor example, to remove the reader role from the user kifarunix-poc<\/code><\/strong> in the poc<\/strong> project.<\/p>\n\n\n\nopenstack role remove --user kifarunix-poc --project poc reader<\/code><\/pre>\n\n\n\nCreate Custom Roles in OpenStack<\/h3>\n\n\n\n Well, it is also possible to create custom roles in OpenStack. You can use the command, openstack role create<\/code><\/strong>.<\/p>\n\n\n\nopenstack role create -h<\/code><\/pre>\n\n\n\nusage: openstack role create [-h] [-f {json,shell,table,value,yaml}] [-c COLUMN] [--noindent] [--prefix PREFIX] [--max-width ] [--fit-width]\n [--print-empty] [--description ] [--domain ] [--or-show] [--immutable | --no-immutable]\n \n\nCreate new role\n\npositional arguments:\n New role name\n\noptions:\n -h, --help show this help message and exit\n --description \n Add description about the role\n --domain \n Domain the role belongs to (name or ID)\n --or-show Return existing role\n --immutable Make resource immutable. An immutable project may not be deleted or modified except to remove the immutable flag\n --no-immutable Make resource mutable (default)\n\noutput formatters:\n output formatter options\n\n -f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}\n the output format, defaults to table\n -c COLUMN, --column COLUMN\n specify the column(s) to include, can be repeated to show multiple columns\n\njson formatter:\n --noindent whether to disable indenting the JSON\n\nshell formatter:\n a format a UNIX shell can parse (variable=\"value\")\n\n --prefix PREFIX\n add a prefix to all variable names\n\ntable formatter:\n --max-width \n Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.\n --fit-width Fit the table to the display width. Implied if --max-width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable\n --print-empty Print empty table if there is no data to show.\n<\/code><\/pre>\n\n\n\nYou can then assign the users a role.<\/p>\n\n\n\n
OpenStack Implied Roles<\/h3>\n\n\n\n In OpenStack, implied roles refer to a concept where certain roles automatically grant the permissions associated with other roles without explicitly assigning them. This is a way to simplify role management and ensure that users with specific roles also inherit the capabilities of related roles.<\/p>\n\n\n\n
Take for example, the admin<\/code> role implies the member<\/code> role, and the member<\/code> role implies the reader<\/code> role. These implications mean users with the admin<\/code> role automatically have the member<\/code> and reader<\/code> roles. Additionally, users with the member<\/code> role automatically have the reader<\/code> role.<\/p>\n\n\n\nRole implications only go one way, from a \u201cprior\u201d role to an \u201cimplied\u201d role. Therefore assigning a user the member<\/code> will not grant them the admin<\/code> role.<\/p>\n\n\n\nListing Implied roles;<\/p>\n\n\n\n
openstack implied role list<\/code><\/pre>\n\n\n\n+----------------------------------+-----------------+----------------------------------+-------------------+\n| Prior Role ID | Prior Role Name | Implied Role ID | Implied Role Name |\n+----------------------------------+-----------------+----------------------------------+-------------------+\n| e59baa553db042db9303cb80c33b2b55 | admin | ed97cdde758d41708528617e6579973f | member |\n| ed97cdde758d41708528617e6579973f | member | b8bceeaf45c2489fb1195989904f7ba7 | reader |\n+----------------------------------+-----------------+----------------------------------+-------------------+\n<\/code><\/pre>\n\n\n\nTo create an implied role, use the command, openstack implied role create<\/code><\/strong>.<\/p>\n\n\n\nopenstack implied role create -h<\/code><\/pre>\n\n\n\nThat marks the end of our guide on creating users and user roles in OpenStack.<\/p>\n","protected":false},"excerpt":{"rendered":"
In this tutorial, we’ll guide you through how to create users and user roles in OpenStack. User accounts are crucial for effective cloud management, allowing<\/p>\n","protected":false},"author":10,"featured_media":19270,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[121,1885,1886],"tags":[7301,7302,7303],"class_list":["post-19257","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-howtos","category-cloud-compute","category-openstack","tag-add-openstack-user-roles","tag-create-opentack-users","tag-openstack-implied-roles","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/19257"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=19257"}],"version-history":[{"count":11,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/19257\/revisions"}],"predecessor-version":[{"id":20880,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/19257\/revisions\/20880"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/19270"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=19257"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=19257"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=19257"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}