Creating domain groups

Limitations

  • You can only create domain groups with the role System administrator within the Default domain. For details, refer to Managing admin panel users.

Prerequisites

  • A clear understanding of user roles described in Multitenancy.

To create a domain group

Admin panel

  1. On the Settings > Projects and users screen, click a domain within which a domain group will be created.
  2. Go to the Domain groups tab, and then click Create domain group.
  3. In the Create domain group window, specify the group name and optionally description. The group name must be unique within a domain.

    A description should not contain any personally identifiable information or sensitive business data.

  4. Select the user role:

  5. Click Create.

Command-line interface

Use the following command:

vinfra domain group create [--description <description>] [--assign <project> <role>]
                           [--domain-permissions <domain_permissions>]
                           [--system-permissions <system_permissions>]
                           --domain <domain> <name>
--description <description>

Group description

A description should not contain any personally identifiable information or sensitive business data.

--assign <project> <role>

Assign a group to a project with one or more permission sets. Specify this option multiple times to assign the group to multiple projects.

  • <project>: project ID or name
  • <role>: group role in the project (project_admin)
--domain-permissions <domain_permissions>
A comma-separated list of domain permissions. View the list of available domain permissions using vinfra domain user list-available-roles | grep domain.
--system-permissions <system_permissions>
A comma-separated list of system permissions. View the list of available system permissions using vinfra domain user list-available-roles | grep system.
--domain <domain>
Domain name or ID
<name>
Group name

Example 1. To create a group of domain administrators called domain_admins within the domain mydomain, run:

# vinfra domain group create domain_admins --domain mydomain --domain-permissions domain_admin

Example 2. To create a group of system administrators called sys_admins within the domain Default, to manage the compute cluster, run:

# vinfra domain group create mysysadmin --domain Default --system-permissions compute

Example 3. To create a group of project members called users for the project myproject within the domain mydomain and grant this user group the permission to upload images, run:

# vinfra domain group create myusers --domain mydomain --assign myproject project_admin --domain-permissions image_upload

The created groups will appear in the vinfra domain group list output:

# vinfra domain group list --domain mydomain
+-------------+---------------+-------------+--------------------+---------------------------+
| id          | name          | description | domain_permissions | assigned_projects         |
+-------------+---------------+-------------+--------------------+---------------------------+
| 1670fbc6<…> | domain_admins |             | - domain_admin     | []                        |
| d2fb8a2d<…> | myusers       |             | - image_upload     | - project_id: db49fd71<…> |
|             |               |             |                    |   role: project_admin     |
+-------------+---------------+-------------+--------------------+---------------------------+