5.4. Managing domain users

5.4.1. vinfra domain user list-available-roles

List available user roles:

usage: vinfra domain user list-available-roles [--long]
--long
Enable access and listing of all fields of objects.

Example:

#  vinfra domain user list-available-roles
+---------------+---------------+--------------------------------------------+-----------+
| id            | name          | description                                | scope     |
+---------------+---------------+--------------------------------------------+-----------+
| abgw          | ABGW          | Can create and manage Acronis Backup       | - system  |
|               |               | Gateway.                                   |           |
| admin         | Administrator | Can perform all management operations.     | - system  |
| cluster       | Cluster       | Can create cluster, join nodes to cluster, | - system  |
|               |               | and manage (assign and release) disks.     |           |
| compute       | Compute       | Can create and manage compute cluster.     | - system  |
| domain_admin  | Domain Admin  | Can manage users, projects and all         | - domain  |
|               |               | resources in a domain.                     |           |
| image_upload  | Image Upload  | Can manage compute images.                 | - domain  |
| iscsi         | Block Storage | Can create and manage iSCSI targets, LUNs  | - system  |
|               |               | and CHAP users.                            |           |
| login         | Login         | Can login in web UI.                       | []        |
| network       | Network       | Can modify network settings and roles.     | - system  |
| nfs           | NFS           | Can create and manage NFS.                 | - system  |
| project_admin | Project Admin | Can manage virtual objects inside a        | - project |
|               |               | project.                                   |           |
| s3            | S3            | Can create and manage S3 cluster.          | - system  |
| ssh           | SSH           | Can add and remove SSH keys for cluster    | - system  |
|               |               | nodes access.                              |           |
| updates       | Updates       | Can install updates.                       | - system  |
| viewer        | Viewer        | Viewer role (read only)                    | - system  |
+---------------+---------------+--------------------------------------------+-----------+

This command lists all available user roles.

5.4.2. vinfra domain user create

Create a new domain user:

usage: vinfra domain user create [--email <email>] [--description <description>]
                                 [--assign <project> <role>]
                                 [--assign-domain <domain> <roles>]
                                 [--domain-permissions <domain_permissions>]
                                 [--system-permissions <system_permissions>]
                                 [--enable | --disable] --domain <domain> <name>
--email <email>
User email
--description <description>
User description
--assign <project> <role>

Assign a user to a project with one or more permission sets. Specify this option multiple times to assign the user to multiple projects.

  • <project>: project ID or name
  • <role>: user role in the project (project_admin)
--assign-domain <domain> <roles>

Assign a user to a domain with one or more permission sets. Specify this option multiple times to assign the user to multiple domains. This option is only valid for service accounts.

  • <domain>: domain ID or name
  • <roles>: a comma-separated list of service account roles (compute)
--domain-permissions <domain_permissions>
A comma-separated list of domain permissions. View the list of available domain permissions using vinfra domain user list-available-roles | grep domain.
--system-permissions <system_permissions>
A comma-separated list of system permissions. View the list of available system permissions using vinfra domain user list-available-roles | grep system.
--enable
Enable user
--disable
Disable user
--domain <domain>
Domain name or ID
<name>
User name

Example:

#  vinfra domain user create --domain mydomain --name myuser \
--domain-permissions domain_admin
Password:
+--------------------+----------------------------------+
| Field              | Value                            |
+--------------------+----------------------------------+
| assigned_domains   | []                               |
| assigned_projects  | []                               |
| description        |                                  |
| domain_id          | 2929ff42b1e64884a05dea3011862aed |
| domain_permissions | - domain_admin                   |
| email              |                                  |
| enabled            | True                             |
| id                 | a9c67c6acf1f4df1818fdeeee0b4bd5e |
| name               | myuser                           |
| role               | domain_admin                     |
| system_permissions | []                               |
+--------------------+----------------------------------+

This command creates and enables a new administrator account myuser within the domain mydomain. It also sets password for the new user.

5.4.3. vinfra domain user list

List all users in a domain:

usage: vinfra domain user list [--long] --domain <domain>
                               [--limit <num>] [--marker <user>]
                               [--name <name>] [--id <id>]
                               [--tags <tag>[,<tag>,...]]
--long
Enable access and listing of all fields of objects.
--domain <domain>
Domain name or ID
--limit <num>
The maximum number of users to list. To list all users, set the option to -1.
--marker <user>
List users after the marker.
--name <name>
List users with the specified name or use a filter. Supported filter operator: contains. The filter format is <operator>:<value1>[,<value2>,...].
--id <id>
Show a user with the specified ID or list users using a filter. Supported filter operator: in. The filter format is <operator>:<value1>[,<value2>,...].
--tags <tag>[,<tag>,...]
List projects with the specified tags (comma-separated) or use a filter. Supported filter operators: any, not_any. The filter format is <operator>:<value1>[,<value2>,...].

Example:

# vinfra domain user list --domain mydomain -c id -c name -c enabled \
-c domain_permissions -c assigned_projects
+-----------+--------+---------+-------------------+-------------------+
| id        | name   | enabled |domain_permissions | assigned_projects |
+-----------+--------+---------+-------------------+-------------------+
| a9c6<...> | myuser | True    |- domain_admin     | []                |
+-----------+--------+---------+-------------------+-------------------+

This command lists users in the domain mydomain. (The output is abridged to fit on page.)

5.4.4. vinfra domain user show

Display information about a domain user:

usage: vinfra domain user show --domain <domain> <user>
--domain <domain>
Domain ID or name
<user>
User ID or name

Example:

# vinfra domain user show myuser --domain mydomain
+--------------------+----------------------------------+
| Field              | Value                            |
+--------------------+----------------------------------+
| assigned_domains   | []                               |
| assigned_projects  | []                               |
| description        |                                  |
| domain_id          | 2929ff42b1e64884a05dea3011862aed |
| domain_permissions | - domain_admin                   |
| email              |                                  |
| enabled            | True                             |
| id                 | a9c67c6acf1f4df1818fdeeee0b4bd5e |
| name               | myuser                           |
| role               | domain_admin                     |
| system_permissions | []                               |
+--------------------+----------------------------------+

This command shows the details of the user myuser from the domain mydomain.

5.4.5. vinfra domain user set

Modify the parameters of a domain user:

usage: vinfra domain user set [--password] [--email <email>]
                              [--description <description>]
                              [--assign <project> <role>]
                              [--assign-domain <domain> <roles>]
                              [--unassign-domain <domain>]
                              [--domain-permissions <domain_permissions>]
                              [--system-permissions <system_permissions>]
                              [--enable | --disable] [--name <name>]
                              --domain <domain> <user>
--password
Request the password from stdin
--email <email>
User email
--description <description>
User description
--assign <project> <role>

Assign a user to a project with one or more permission sets. Specify this option multiple times to assign the user to multiple projects.

  • <project>: project ID or name
  • <role>: user role in the project (project_admin)
--assign-domain <domain> <roles>

Assign a user to a domain with one or more permission sets. Specify this option multiple times to assign the user to multiple domains. This option is only valid for service accounts.

  • <domain>: domain ID or name
  • <roles>: a comma-separated list of service account roles (compute)
--unassign-domain <domain>

Unassign a user from a domain. Specify this option multiple times to unassign the user from multiple domains. This option is only valid for service accounts.

  • <domain>: domain ID or name
--domain-permissions <domain_permissions>
A comma-separated list of domain permissions. View the list of available domain permissions using vinfra domain user list-available-roles | grep domain.
--system-permissions <system_permissions>
A comma-separated list of system permissions. View the list of available system permissions using vinfra domain user list-available-roles | grep system.
--enable
Enable user
--disable
Disable user
--name <name>
User name
--domain <domain>
Domain name or ID
<user>
User ID or name

Example:

# vinfra domain user set myuser --domain mydomain \
--assign myproject project_admin
+--------------------+----------------------------------+
| Field              | Value                            |
+--------------------+----------------------------------+
| assigned_domains   | []                               |
| assigned_projects  | []                               |
| description        |                                  |
| domain_id          | 2929ff42b1e64884a05dea3011862aed |
| domain_permissions | - domain_admin                   |
| email              |                                  |
| enabled            | True                             |
| id                 | a9c67c6acf1f4df1818fdeeee0b4bd5e |
| name               | myuser                           |
| role               | domain_admin                     |
| system_permissions | []                               |
+--------------------+----------------------------------+

This command assigns the user myuser from the domain mydomain to the project myproject as a project administrator.

5.4.6. vinfra domain user delete

Remove a domain user:

usage: vinfra domain user delete --domain <domain> <user>
--domain <domain>
Domain ID or name
<user>
User ID or name

Example:

# vinfra domain user delete myuser --domain mydomain
Operation successful

This command deletes the user myuser from the domain mydomain.