Managing user assignment to domain groups

Once you create a domain group, you can assign users to it. You can choose from users that are added to the infrastructure either manually or automatically from external identity providers. Users assigned to a domain group inherit the role set to this domain group, regardless of their original roles. For example, if you assign a user with the role Project member to a domain group with the role Domain administrator, the user will act as the domain administrator within this domain.

Prerequisites

To manage users of a domain group

Admin panel

  1. On the Settings > Projects and users screen, click the domain, within which you want to edit a domain group.
  2. Go to the Domain groups tab, click the ellipsis icon next to the group, and then click Manage users.
  3. In the Manage users window, select users to assign to the group, or deselect them to unassign from the group, and then click Save.

Command-line interface

  • To add a user to a domain group, use the following command:

    vinfra domain group user add --domain <domain> <group> <user>
    --domain <domain>
    Domain name or ID
    <group>
    Group ID or name
    <user>
    User ID or name

    For example, to add the user myuser to the domain group users within the domain mydomain, run:

    # vinfra domain group user add --domain mydomain users myuser
  • To remove a user from a domain group, use the following command:

    vinfra domain group user remove --domain <domain> <group> <user>
    --domain <domain>
    Domain name or ID
    <group>
    Group ID or name
    <user>
    User ID or name

    For example, to remove the user myuser from the domain group users within the domain mydomain, run:

    # vinfra domain group user remove --domain mydomain users myuser