Creating domain groups

Admin panel

1. On the Settings > Projects and users screen, click a domain within which a domain group will be created.
2. Go to the Domain groups tab, and then click Create domain group.

3. In the Create domain group window, specify the group name and optionally description. The group name must be unique within a domain.

   A description should not contain any personally identifiable information or sensitive business data.

4. Select the user role:

   • To create a group of domain administrators

     1. Select the Domain administrator role.

     2. Enable Image uploading to allow the user to upload images and configure this permission for other domain users.

     3. Enable Project and quota management to allow the user to manage projects and quotas, as well as configure this permission for other domain administrators.

     

   • To create a group of system administrators

     1. Select the System administrator role.

     2. Select the permissions to be granted to the user account from the System permission set section:

        • Full (System administrator): has all permissions and can perform all management operations, including creating projects and managing other users.
        • Compute: can create and manage the compute cluster.
        • ISCSI: can create and manage iSCSI targets, LUNs, and CHAP users.
        • S3: can create and manage the S3 cluster.
        • ABGW: can create and manage the Backup Gateway cluster.
        • NFS: can create and manage NFS shares and exports.
        • Cluster: can create the storage cluster, join nodes to it, and manage (assign and release) disks.
        • Network: can modify networks and traffic types.
        • Update: can install updates.
        • SSH: can add and remove SSH keys for cluster nodes access.

        The view permission is always enabled.

     3. Enable the full Domain permissions set to allow the user to manage virtual objects in all projects within the Default domain and other users in the self-service panel.

     4. Enable Image uploading to allow the user to upload images.

     

   • To create a group of project administrators

     1. Select the Project member role.

     2. Enable Image uploading to allow the user to upload images.

     3. Click Manage in the Projects section and select a project to assign the user to. Then, click Save.

     

5. Click Create.

Command-line interface

Use the following command:

vinfra domain group create [--description <description>] [--assign <project> <role>]
                           [--domain-permissions <domain_permissions>]
                           [--system-permissions <system_permissions>]
                           --domain <domain> <name>

--description <description>

Group description

A description should not contain any personally identifiable information or sensitive business data.

--assign <project> <role>

Assign a group to a project with one or more permission sets. Specify this option multiple times to assign the group to multiple projects.

• <project>: project ID or name
• <role>: group role in the project (project_admin)

--domain-permissions <domain_permissions>

A comma-separated list of domain permissions. View the list of available domain permissions using vinfra domain user list-available-roles | grep domain.

--system-permissions <system_permissions>

A comma-separated list of system permissions. View the list of available system permissions using vinfra domain user list-available-roles | grep system.

--domain <domain>

Domain name or ID

<name>

Group name

Example 1. To create a group of domain administrators called domain_admins within the domain mydomain, run:

# vinfra domain group create domain_admins --domain mydomain --domain-permissions domain_admin

Example 2. To create a group of system administrators called sys_admins within the domain Default, to manage the compute cluster, run:

# vinfra domain group create mysysadmin --domain Default --system-permissions compute

Example 3. To create a group of project members called users for the project myproject within the domain mydomain and grant this user group the permission to upload images, run:

# vinfra domain group create myusers --domain mydomain --assign myproject project_admin --domain-permissions image_upload

The created groups will appear in the vinfra domain group list output:

# vinfra domain group list --domain mydomain
+-------------+---------------+-------------+--------------------+---------------------------+
| id          | name          | description | domain_permissions | assigned_projects         |
+-------------+---------------+-------------+--------------------+---------------------------+
| 1670fbc6<…> | domain_admins |             | - domain_admin     | []                        |
| d2fb8a2d<…> | myusers       |             | - image_upload     | - project_id: db49fd71<…> |
|             |               |             |                    |   role: project_admin     |
+-------------+---------------+-------------+--------------------+---------------------------+