Managing user assignment to domain groups
Once you create a domain group, you can assign users to it. You can choose from users that are added to the infrastructure either manually or automatically from external identity providers. Users assigned to a domain group inherit the role set to this domain group, regardless of their original roles. For example, if you assign a user with the role Project member to a domain group with the role Domain administrator, the user will act as the domain administrator within this domain.
Prerequisites
- Domain groups are created, as described in Creating domain groups.
- Users are created locally, as outlined in Configuring multitenancy or Managing admin panel users, or added from external identity providers, as described in Adding identity providers.
To manage users of a domain group
Admin panel
- On the Settings > Projects and users screen, click the domain, within which you want to edit a domain group.
- Go to the Domain groups tab, click the ellipsis icon next to the group, and then click Manage users.
- In the Manage users window, select users to assign to the group, or deselect them to unassign from the group, and then click Save.
Command-line interface
-
To add a user to a domain group, use the following command:
vinfra domain group user add --domain <domain> <group> <user>
--domain <domain>- Domain name or ID
<group>- Group ID or name
<user>- User ID or name
For example, to add the user
myuserto the domain groupuserswithin the domainmydomain, run:# vinfra domain group user add --domain mydomain users myuser
-
To remove a user from a domain group, use the following command:
vinfra domain group user remove --domain <domain> <group> <user>
--domain <domain>- Domain name or ID
<group>- Group ID or name
<user>- User ID or name
For example, to remove the user
myuserfrom the domain groupuserswithin the domainmydomain, run:# vinfra domain group user remove --domain mydomain users myuser
See also