`orca role`¶

Manage Keystone roles and assignments.

The reference below is generated from the live CLI by mkdocs-click. It always reflects the version installed.

orca role¶

Manage roles and assignments (Keystone v3).

Usage:

orca role [OPTIONS] COMMAND [ARGS]...

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

Subcommands

add: Grant a role to a user or group on a project or domain.
assignment: Inspect role assignments (user/group on project/domain).
assignment-list: [deprecated, use 'role assignment list' instead]
create: Create a role.
delete: Delete a role.
implied: Manage role inference (one role implies another).
implied-create: [deprecated, use 'role implied create' instead]
implied-delete: [deprecated, use 'role implied delete' instead]
implied-list: [deprecated, use 'role implied list' instead]
list: List roles.
remove: Revoke a role from a user or group.
set: Set role properties (rename or update description).
show: Show role details.

orca role add¶

Grant a role to a user or group on a project or domain.

Examples: orca role add --user --project orca role add --group --domain

Usage:

orca role add [OPTIONS] ROLE_ID

Options:

Name	Type	Description	Default
`--user`	text	User ID.	None
`--group`	text	Group ID.	None
`--project`	text	Project ID.	None
`--domain`	text	Domain ID.	None
`--help`	boolean	Show this message and exit.	`False`

orca role assignment¶

Inspect role assignments (user/group on project/domain).

Usage:

orca role assignment [OPTIONS] COMMAND [ARGS]...

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

Subcommands

list: List role assignments.

orca role assignment list¶

List role assignments.

Usage:

orca role assignment list [OPTIONS]

Options:

Name	Type	Description	Default
`--user`	text	N/A	None
`--group`	text	N/A	None
`--project`	text	N/A	None
`--domain`	text	N/A	None
`--role`	text	N/A	None
`--effective`	boolean	Include inherited/effective assignments.	`False`
`--noindent`	boolean	Disable JSON indentation.	`False`
`--max-width`	integer	Maximum table width (0 = unlimited).	None
`--fit-width`	boolean	Fit table to terminal width.	`False`
`--column`, `-c`	text	Column to include (repeatable). Shows all if omitted.	`Sentinel.UNSET`
`--format`, `-f`	choice (`table` \| `json` \| `value`)	Output format.	`table`
`--help`	boolean	Show this message and exit.	`False`

orca role assignment-list¶

List role assignments.

Usage:

orca role assignment-list [OPTIONS]

Options:

Name	Type	Description	Default
`--user`	text	N/A	None
`--group`	text	N/A	None
`--project`	text	N/A	None
`--domain`	text	N/A	None
`--role`	text	N/A	None
`--effective`	boolean	Include inherited/effective assignments.	`False`
`--noindent`	boolean	Disable JSON indentation.	`False`
`--max-width`	integer	Maximum table width (0 = unlimited).	None
`--fit-width`	boolean	Fit table to terminal width.	`False`
`--column`, `-c`	text	Column to include (repeatable). Shows all if omitted.	`Sentinel.UNSET`
`--format`, `-f`	choice (`table` \| `json` \| `value`)	Output format.	`table`
`--help`	boolean	Show this message and exit.	`False`

orca role create¶

Create a role.

Usage:

orca role create [OPTIONS] NAME

Options:

Name	Type	Description	Default
`--description`	text	N/A	None
`--domain`	text	N/A	None
`--help`	boolean	Show this message and exit.	`False`

orca role delete¶

Delete a role.

Usage:

orca role delete [OPTIONS] ROLE_ID

Options:

Name	Type	Description	Default
`--yes`, `-y`	boolean	N/A	`False`
`--help`	boolean	Show this message and exit.	`False`

orca role implied¶

Manage role inference (one role implies another).

Usage:

orca role implied [OPTIONS] COMMAND [ARGS]...

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

Subcommands

create: Create an implied role (prior implies implied).
delete: Delete an implied role relationship.
list: List all implied role relationships.

orca role implied create¶

Create an implied role (prior implies implied).

Usage:

orca role implied create [OPTIONS] PRIOR_ROLE_ID IMPLIED_ROLE_ID

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

orca role implied delete¶

Delete an implied role relationship.

Usage:

orca role implied delete [OPTIONS] PRIOR_ROLE_ID IMPLIED_ROLE_ID

Options:

Name	Type	Description	Default
`--yes`, `-y`	boolean	Skip the interactive confirmation.	`False`
`--help`	boolean	Show this message and exit.	`False`

orca role implied list¶

List all implied role relationships.

Usage:

orca role implied list [OPTIONS]

Options:

Name	Type	Description	Default
`--noindent`	boolean	Disable JSON indentation.	`False`
`--max-width`	integer	Maximum table width (0 = unlimited).	None
`--fit-width`	boolean	Fit table to terminal width.	`False`
`--column`, `-c`	text	Column to include (repeatable). Shows all if omitted.	`Sentinel.UNSET`
`--format`, `-f`	choice (`table` \| `json` \| `value`)	Output format.	`table`
`--help`	boolean	Show this message and exit.	`False`

orca role implied-create¶

Create an implied role (prior implies implied).

Usage:

orca role implied-create [OPTIONS] PRIOR_ROLE_ID IMPLIED_ROLE_ID

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

orca role implied-delete¶

Delete an implied role relationship.

Usage:

orca role implied-delete [OPTIONS] PRIOR_ROLE_ID IMPLIED_ROLE_ID

Options:

Name	Type	Description	Default
`--yes`, `-y`	boolean	Skip the interactive confirmation.	`False`
`--help`	boolean	Show this message and exit.	`False`

orca role implied-list¶

List all implied role relationships.

Usage:

orca role implied-list [OPTIONS]

Options:

Name	Type	Description	Default
`--noindent`	boolean	Disable JSON indentation.	`False`
`--max-width`	integer	Maximum table width (0 = unlimited).	None
`--fit-width`	boolean	Fit table to terminal width.	`False`
`--column`, `-c`	text	Column to include (repeatable). Shows all if omitted.	`Sentinel.UNSET`
`--format`, `-f`	choice (`table` \| `json` \| `value`)	Output format.	`table`
`--help`	boolean	Show this message and exit.	`False`

orca role list¶

List roles.

Usage:

orca role list [OPTIONS]

Options:

Name	Type	Description	Default
`--domain`	text	Filter by domain ID.	None
`--noindent`	boolean	Disable JSON indentation.	`False`
`--max-width`	integer	Maximum table width (0 = unlimited).	None
`--fit-width`	boolean	Fit table to terminal width.	`False`
`--column`, `-c`	text	Column to include (repeatable). Shows all if omitted.	`Sentinel.UNSET`
`--format`, `-f`	choice (`table` \| `json` \| `value`)	Output format.	`table`
`--help`	boolean	Show this message and exit.	`False`

orca role remove¶

Revoke a role from a user or group.

Usage:

orca role remove [OPTIONS] ROLE_ID

Options:

Name	Type	Description	Default
`--user`	text	User ID.	None
`--group`	text	Group ID.	None
`--project`	text	Project ID.	None
`--domain`	text	Domain ID.	None
`--help`	boolean	Show this message and exit.	`False`

orca role set¶

Set role properties (rename or update description).

Examples: orca role set --name new-name orca role set --description "My role"

Usage:

orca role set [OPTIONS] ROLE_ID

Options:

Name	Type	Description	Default
`--name`	text	New role name.	None
`--description`	text	New description.	None
`--help`	boolean	Show this message and exit.	`False`

orca role show¶

Show role details.

Usage:

orca role show [OPTIONS] ROLE_ID

Options:

Name	Type	Description	Default
`--noindent`	boolean	Disable JSON indentation.	`False`
`--max-width`	integer	Maximum table width (0 = unlimited).	None
`--fit-width`	boolean	Fit table to terminal width.	`False`
`--column`, `-c`	text	Column to include (repeatable). Shows all if omitted.	`Sentinel.UNSET`
`--format`, `-f`	choice (`table` \| `json` \| `value`)	Output format.	`table`
`--help`	boolean	Show this message and exit.	`False`