5.4. Managing domain users¶
5.4.1. vinfra domain user list-available-roles¶
List available user roles:
usage: vinfra domain user list-available-roles [--long]
--long- Enable access and listing of all fields of objects.
Example:
# vinfra domain user list-available-roles
+---------------+---------------+--------------------------------------------+-----------+
| id | name | description | scope |
+---------------+---------------+--------------------------------------------+-----------+
| abgw | ABGW | Can create and manage Acronis Backup | - system |
| | | Gateway. | |
| admin | Administrator | Can perform all management operations. | - system |
| cluster | Cluster | Can create cluster, join nodes to cluster, | - system |
| | | and manage (assign and release) disks. | |
| compute | Compute | Can create and manage compute cluster. | - system |
| domain_admin | Domain Admin | Can manage users, projects and all | - domain |
| | | resources in a domain. | |
| image_upload | Image Upload | Can manage compute images. | - domain |
| iscsi | Block Storage | Can create and manage iSCSI targets, LUNs | - system |
| | | and CHAP users. | |
| login | Login | Can login in web UI. | [] |
| network | Network | Can modify network settings and roles. | - system |
| nfs | NFS | Can create and manage NFS. | - system |
| project_admin | Project Admin | Can manage virtual objects inside a | - project |
| | | project. | |
| s3 | S3 | Can create and manage S3 cluster. | - system |
| ssh | SSH | Can add and remove SSH keys for cluster | - system |
| | | nodes access. | |
| updates | Updates | Can install updates. | - system |
| viewer | Viewer | Viewer role (read only) | - system |
+---------------+---------------+--------------------------------------------+-----------+
This command lists all available user roles.
5.4.2. vinfra domain user create¶
Create a new domain user:
usage: vinfra domain user create [--email <email>] [--description <description>]
[--assign <project> <role>]
[--assign-domain <domain> <roles>]
[--domain-permissions <domain_permissions>]
[--system-permissions <system_permissions>]
[--enable | --disable] --domain <domain> <name>
--email <email>- User email
--description <description>- User description
--assign <project> <role>Assign a user to a project with one or more permission sets. Specify this option multiple times to assign the user to multiple projects.
<project>: project ID or name<role>: user role in the project (project_admin)
--assign-domain <domain> <roles>Assign a user to a domain with one or more permission sets. Specify this option multiple times to assign the user to multiple domains. This option is only valid for service accounts.
<domain>: domain ID or name<roles>: a comma-separated list of service account roles (compute)
--domain-permissions <domain_permissions>- A comma-separated list of domain permissions. View the list of available domain permissions using
vinfra domain user list-available-roles | grep domain. --system-permissions <system_permissions>- A comma-separated list of system permissions. View the list of available system permissions using
vinfra domain user list-available-roles | grep system. --enable- Enable user
--disable- Disable user
--domain <domain>- Domain name or ID
<name>- User name
Example:
# vinfra domain user create --domain mydomain --name myuser \
--domain-permissions domain_admin
Password:
+--------------------+----------------------------------+
| Field | Value |
+--------------------+----------------------------------+
| assigned_domains | [] |
| assigned_projects | [] |
| description | |
| domain_id | 2929ff42b1e64884a05dea3011862aed |
| domain_permissions | - domain_admin |
| email | |
| enabled | True |
| id | a9c67c6acf1f4df1818fdeeee0b4bd5e |
| name | myuser |
| role | domain_admin |
| system_permissions | [] |
+--------------------+----------------------------------+
This command creates and enables a new administrator account myuser within the domain mydomain. It also sets password for the new user.
5.4.3. vinfra domain user list¶
List all users in a domain:
usage: vinfra domain user list [--long] --domain <domain>
[--limit <num>] [--marker <user>]
[--name <name>] [--id <id>]
[--tags <tag>[,<tag>,...]]
--long- Enable access and listing of all fields of objects.
--domain <domain>- Domain name or ID
--limit <num>- The maximum number of users to list. To list all users, set the option to -1.
--marker <user>- List users after the marker.
--name <name>- List users with the specified name or use a filter. Supported filter operator:
contains. The filter format is<operator>:<value1>[,<value2>,...]. --id <id>- Show a user with the specified ID or list users using a filter. Supported filter operator:
in. The filter format is<operator>:<value1>[,<value2>,...]. --tags <tag>[,<tag>,...]- List projects with the specified tags (comma-separated) or use a filter. Supported filter operators:
any,not_any. The filter format is<operator>:<value1>[,<value2>,...].
Example:
# vinfra domain user list --domain mydomain -c id -c name -c enabled \
-c domain_permissions -c assigned_projects
+-----------+--------+---------+-------------------+-------------------+
| id | name | enabled |domain_permissions | assigned_projects |
+-----------+--------+---------+-------------------+-------------------+
| a9c6<...> | myuser | True |- domain_admin | [] |
+-----------+--------+---------+-------------------+-------------------+
This command lists users in the domain mydomain. (The output is abridged to fit on page.)
5.4.4. vinfra domain user show¶
Display information about a domain user:
usage: vinfra domain user show --domain <domain> <user>
--domain <domain>- Domain ID or name
<user>- User ID or name
Example:
# vinfra domain user show myuser --domain mydomain
+--------------------+----------------------------------+
| Field | Value |
+--------------------+----------------------------------+
| assigned_domains | [] |
| assigned_projects | [] |
| description | |
| domain_id | 2929ff42b1e64884a05dea3011862aed |
| domain_permissions | - domain_admin |
| email | |
| enabled | True |
| id | a9c67c6acf1f4df1818fdeeee0b4bd5e |
| name | myuser |
| role | domain_admin |
| system_permissions | [] |
+--------------------+----------------------------------+
This command shows the details of the user myuser from the domain mydomain.
5.4.5. vinfra domain user set¶
Modify the parameters of a domain user:
usage: vinfra domain user set [--password] [--email <email>]
[--description <description>]
[--assign <project> <role>]
[--assign-domain <domain> <roles>]
[--unassign-domain <domain>]
[--domain-permissions <domain_permissions>]
[--system-permissions <system_permissions>]
[--enable | --disable] [--name <name>]
--domain <domain> <user>
--password- Request the password from stdin
--email <email>- User email
--description <description>- User description
--assign <project> <role>Assign a user to a project with one or more permission sets. Specify this option multiple times to assign the user to multiple projects.
<project>: project ID or name<role>: user role in the project (project_admin)
--assign-domain <domain> <roles>Assign a user to a domain with one or more permission sets. Specify this option multiple times to assign the user to multiple domains. This option is only valid for service accounts.
<domain>: domain ID or name<roles>: a comma-separated list of service account roles (compute)
--unassign-domain <domain>Unassign a user from a domain. Specify this option multiple times to unassign the user from multiple domains. This option is only valid for service accounts.
<domain>: domain ID or name
--domain-permissions <domain_permissions>- A comma-separated list of domain permissions. View the list of available domain permissions using
vinfra domain user list-available-roles | grep domain. --system-permissions <system_permissions>- A comma-separated list of system permissions. View the list of available system permissions using
vinfra domain user list-available-roles | grep system. --enable- Enable user
--disable- Disable user
--name <name>- User name
--domain <domain>- Domain name or ID
<user>- User ID or name
Example:
# vinfra domain user set myuser --domain mydomain \
--assign myproject project_admin
+--------------------+----------------------------------+
| Field | Value |
+--------------------+----------------------------------+
| assigned_domains | [] |
| assigned_projects | [] |
| description | |
| domain_id | 2929ff42b1e64884a05dea3011862aed |
| domain_permissions | - domain_admin |
| email | |
| enabled | True |
| id | a9c67c6acf1f4df1818fdeeee0b4bd5e |
| name | myuser |
| role | domain_admin |
| system_permissions | [] |
+--------------------+----------------------------------+
This command assigns the user myuser from the domain mydomain to the project myproject as a project administrator.
5.4.6. vinfra domain user delete¶
Remove a domain user:
usage: vinfra domain user delete --domain <domain> <user>
--domain <domain>- Domain ID or name
<user>- User ID or name
Example:
# vinfra domain user delete myuser --domain mydomain
Operation successful
This command deletes the user myuser from the domain mydomain.
Oct 06, 2020