4.3. Managing Domain Users

4.3.1. vinfra domain user create

Create a new domain user:

usage: vinfra domain user create [--email <email>] [--description <description>]
                                 [--assign <project> <role>]
                                 [--domain-permissions <domain_permissions>]
                                 [--system-permissions <system_permissions>]
                                 [--enable | --disable] --name <name> --domain <domain>
--email <email>
User email
--description <description>
User description
--assign <project> <role>

Assign a user to a project with one or more permission sets. Specify this option multiple times to assign the user to multiple projects.

  • <project>: project ID or name
  • <role>: user role in the project (project_admin)
--domain-permissions <domain_permissions>

A comma-separated list of domain permissions:

  • domain_admin: can manage virtual objects in all projects within the assigned domain as well as project and user assignment in the self-service panel.
  • image_upload: can upload images.
--system-permissions <system_permissions>

A comma-separated list of system permissions:

  • admin: has all permissions and can perform all management operations, including project creation and user management.
  • cluster: can create the storage cluster, join nodes to it, and manage (assign and release) disks.
  • ssh: can add and remove SSH keys for accessing cluster node.
  • compute: can create and manage the compute cluster.
  • network: can modify networks and traffic types.
  • updates: can install updates.
  • s3: can create and manage the S3 cluster.
  • abgw: can create and manage Backup Gateway.
  • iscsi: can create and manage iSCSI targets, LUNs, and CHAP users.
  • nfs: can create and manage NFS shares and exports.
  • viewer: can monitor cluster performance and parameters but cannot change any settings.
--enable
Enable user
--disable
Disable user
--name <name>
User name
--domain <domain>
Domain name or ID

Example:

#  vinfra domain user create --domain mydomain --name myuser \
--domain-permissions domain_admin
Password:
+--------------------+----------------------------------+
| Field              | Value                            |
+--------------------+----------------------------------+
| assigned_projects  | []                               |
| description        |                                  |
| domain_permissions | - domain_admin                   |
| email              |                                  |
| enabled            | True                             |
| id                 | a9c67c6acf1f4df1818fdeeee0b4bd5e |
| name               | myuser                           |
| role               | domain_admin                     |
| system_permissions | []                               |
+--------------------+----------------------------------+

This command creates and enables a new administrator account myuser within the domain mydomain. It also sets password for the new user.

4.3.2. vinfra domain user list

List all users in a domain:

usage: vinfra domain user list --domain <domain>
--domain <domain>
Domain name or ID

Example:

# vinfra domain user list --domain mydomain -c id -c name -c enabled \
-c domain_permissions -c assigned_projects
+-----------+--------+---------+-------------------+-------------------+
| id        | name   | enabled |domain_permissions | assigned_projects |
+-----------+--------+---------+-------------------+-------------------+
| a9c6<...> | myuser | True    |- domain_admin     | []                |
+-----------+--------+---------+-------------------+-------------------+

This command lists users in the domain mydomain. (The output is abridged to fit on page.)

4.3.3. vinfra domain user show

Display information about a domain user:

usage: vinfra domain user show --domain <domain> <user>
--domain <domain>
Domain ID or name
<user>
User ID or name

Example:

# vinfra domain user show myuser --domain mydomain
+--------------------+----------------------------------+
| Field              | Value                            |
+--------------------+----------------------------------+
| assigned_projects  | []                               |
| description        |                                  |
| domain_permissions | - domain_admin                   |
| email              |                                  |
| enabled            | True                             |
| id                 | a9c67c6acf1f4df1818fdeeee0b4bd5e |
| name               | myuser                           |
| role               | domain_admin                     |
| system_permissions | []                               |
+--------------------+----------------------------------+

This command shows the details of the user myuser from the domain mydomain.

4.3.4. vinfra domain user set

Modify the parameters of a domain user:

usage: vinfra domain user set [--password] [--email <email>]
                              [--description <description>]
                              [--assign <project> <role>]
                              [--domain-permissions <domain_permissions>]
                              [--system-permissions <system_permissions>]
                              [--enable | --disable] [--name <name>]
                              --domain <domain> <user>
--password
Request the password from stdin
--email <email>
User email
--description <description>
User description
--assign <project> <role>

Assign a user to a project with one or more permission sets. Specify this option multiple times to assign the user to multiple projects.

  • <project>: project ID or name
  • <role>: user role in the project (project_admin)
--domain-permissions <domain_permissions>

A comma-separated list of domain permissions:

  • domain_admin: can manage virtual objects in all projects within the assigned domain as well as project and user assignment in the self-service panel.
  • image_upload: can upload images.
--system-permissions <system_permissions>

A comma-separated list of system permissions:

  • admin: has all permissions and can perform all management operations, including project creation and user management.
  • cluster: can create the storage cluster, join nodes to it, and manage (assign and release) disks.
  • ssh: can add and remove SSH keys for accessing cluster nodes.
  • compute: can create and manage the compute cluster.
  • network: can modify networks and traffic types.
  • updates: can install updates.
  • s3: can create and manage the S3 cluster.
  • abgw: can create and manage Backup Gateway.
  • iscsi: can create and manage iSCSI targets, LUNs, and CHAP users.
  • nfs: can create and manage NFS shares and exports.
  • viewer: can monitor cluster performance and parameters but cannot change any settings.
--enable
Enable user
--disable
Disable user
--name <name>
User name
--domain <domain>
Domain name or ID
<user>
User ID or name

Example:

# vinfra domain user set myuser --domain mydomain \
--assign myproject project_admin
+--------------------+----------------------------------+
| Field              | Value                            |
+--------------------+----------------------------------+
| assigned_projects  | []                               |
| description        |                                  |
| domain_permissions | - domain_admin                   |
| email              |                                  |
| enabled            | True                             |
| id                 | a9c67c6acf1f4df1818fdeeee0b4bd5e |
| name               | myuser                           |
| role               | domain_admin                     |
| system_permissions | []                               |
+--------------------+----------------------------------+

This command assigns the user myuser from the domain mydomain to the project myproject as a project administrator.

4.3.5. vinfra domain user delete

Remove a domain user:

usage: vinfra domain user delete --domain <domain> <user>
--domain <domain>
Domain ID or name
<user>
User ID or name

Example:

# vinfra domain user delete myuser --domain mydomain
Operation successful

This command deletes the user myuser from the domain mydomain.