Creating domain groups

Admin panel

1. On the Settings > Projects and users screen, click a domain within which a domain group will be created.
2. Go to the Domain groups tab, and then click Create domain group.
3. In the Create domain group window, specify the group name and optionally description. The group name must be unique within a domain.
4. Select the user role:
   • To create a group of domain administrators

     1. Select Domain administrator.

     2. Select the Image uploading check box. The state of this permission will be inherited by users created by this domain administrator.

        

   • To create a group of system administrators

     1. Select System administrator.

     2. Select the permissions to be granted to the user account from the System permission set section:

        • Full (System administrator): has all permissions and can perform all management operations, including creating projects and managing other users.
        • Compute: can create and manage the compute cluster.
        • ISCSI: can create and manage iSCSI targets, LUNs, and CHAP users.
        • S3: can create and manage the S3 cluster.
        • ABGW: can create and manage the Backup Gateway cluster.
        • NFS: can create and manage NFS shares and exports.
        • Cluster: can create the storage cluster, join nodes to it, and manage (assign and release) disks.
        • Network: can modify networks and traffic types.
        • Update: can install updates.
        • SSH: can add and remove SSH keys for cluster nodes access.

        The view permission is always enabled.

     3. Enable the Domain permissions set to be able to manage virtual objects in all projects within the Default domain and other users in the self-service panel.

        

   • To create a group of project administrators

     1. Select Project member.
     2. Select the Image uploading check box. If this option is disabled, this user will not be able to upload images.

     3. Click Assign and select a project the users from this group will be assigned to.

        

5. Click Create.

Command-line interface

Use the following command:

vinfra domain group create [--description <description>] [--assign <project> <role>]
                           [--domain-permissions <domain_permissions>]
                           [--system-permissions <system_permissions>]
                           [--enable | --disable] --domain <domain> <name>

--description <description>

Group description

--assign <project> <role>

Assign a group to a project with one or more permission sets. Specify this option multiple times to assign the group to multiple projects.

• <project>: project ID or name
• <role>: group role in the project (project_admin)

--domain-permissions <domain_permissions>

A comma-separated list of domain permissions. View the list of available domain permissions using vinfra domain user list-available-roles | grep domain.

--system-permissions <system_permissions>

A comma-separated list of system permissions. View the list of available system permissions using vinfra domain user list-available-roles | grep system.

--enable

Enable a group

--disable

Disable a group

--domain <domain>

Domain name or ID

<name>

Group name

Example 1. To create a group of domain administrators called domain_admins within the domain mydomain, run:

# vinfra domain group create domain_admins --domain mydomain --domain-permissions domain_admin

Example 2. To create a group of system administrators called sys_admins within the domain Default, to manage the compute cluster, run:

# vinfra domain group create mysysadmin --domain Default --system-permissions compute

Example 3. To create a group of project members called users for the project myproject within the domain mydomain and grant this user group the permission to upload images, run:

# vinfra domain group create myusers --domain mydomain --assign myproject project_admin --domain-permissions image_upload

The created users will appear in the vinfra domain group list output:

# vinfra domain group list --domain mydomain
+-------------+---------------+-------------+--------------------+---------------------------+
| id          | name          | description | domain_permissions | assigned_projects         |
+-------------+---------------+-------------+--------------------+---------------------------+
| 1670fbc6<…> | domain_admins |             | - domain_admin     | []                        |
| d2fb8a2d<…> | myusers       |             | - image_upload     | - project_id: db49fd71<…> |
|             |               |             |                    |   role: project_admin     |
+-------------+---------------+-------------+--------------------+---------------------------+