A network rbac is a Role-Based Access Control (RBAC) policy for network resources. It enables both operators and users to grant access to network resources for specific projects.
Network v2
Create network RBAC policy
openstack network rbac create
--type <type>
--action <action>
(--target-project <target-project> | --target-all-projects)
[--target-project-domain <target-project-domain>]
[--project <project>]
[--project-domain <project-domain>]
<rbac-object>
--type
<type>
¶Type of the object that RBAC policy affects (“address_scope”, “security_group”, “subnetpool”, “qos_policy” or “network”)
--action
<action>
¶Action for the RBAC policy (“access_as_external” or “access_as_shared”)
--target-project
<target-project>
¶The project to which the RBAC policy will be enforced (name or ID)
--target-all-projects
¶Allow creating RBAC policy for all projects.
--target-project-domain
<target-project-domain>
¶Domain the target project belongs to (name or ID). This can be used in case collisions between project names exist.
--project
<project>
¶The owner project (name or ID)
--project-domain
<project-domain>
¶Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.
rbac-object
¶The object to which this RBAC policy affects (name or ID)
This command is provided by the python-openstackclient plugin.
Delete network RBAC policy(s)
openstack network rbac delete <rbac-policy> [<rbac-policy> ...]
rbac-policy
¶RBAC policy(s) to delete (ID only)
This command is provided by the python-openstackclient plugin.
List network RBAC policies
openstack network rbac list
[--format-config-file FORMAT_CONFIG]
[--sort-column SORT_COLUMN]
[--type <type>]
[--action <action>]
[--long]
--format-config-file
<FORMAT_CONFIG>
¶Config file for the dict-to-csv formatter
--sort-column
SORT_COLUMN
¶specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated
--type
<type>
¶List network RBAC policies according to given object type (“address_scope”, “security_group”, “subnetpool”, “qos_policy” or “network”)
--action
<action>
¶List network RBAC policies according to given action (“access_as_external” or “access_as_shared”)
--long
¶List additional fields in output
This command is provided by the python-openstackclient plugin.
Set network RBAC policy properties
openstack network rbac set
[--target-project <target-project>]
[--target-project-domain <target-project-domain>]
<rbac-policy>
--target-project
<target-project>
¶The project to which the RBAC policy will be enforced (name or ID)
--target-project-domain
<target-project-domain>
¶Domain the target project belongs to (name or ID). This can be used in case collisions between project names exist.
rbac-policy
¶RBAC policy to be modified (ID only)
This command is provided by the python-openstackclient plugin.
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.