summaryrefslogtreecommitdiff
path: root/doc/source/cli/command-objects/network-rbac.rst
diff options
context:
space:
mode:
Diffstat (limited to 'doc/source/cli/command-objects/network-rbac.rst')
-rw-r--r--doc/source/cli/command-objects/network-rbac.rst138
1 files changed, 138 insertions, 0 deletions
diff --git a/doc/source/cli/command-objects/network-rbac.rst b/doc/source/cli/command-objects/network-rbac.rst
new file mode 100644
index 00000000..c49f29bb
--- /dev/null
+++ b/doc/source/cli/command-objects/network-rbac.rst
@@ -0,0 +1,138 @@
+============
+network rbac
+============
+
+A **network rbac** is a Role-Based Access Control (RBAC) policy for
+network resources. It enables both operators and users to grant access
+to network resources for specific projects.
+
+Network v2
+
+network rbac create
+-------------------
+
+Create network RBAC policy
+
+.. program:: network rbac create
+.. code:: bash
+
+ openstack network rbac create
+ --type <type>
+ --action <action>
+ --target-project <target-project> [--target-project-domain <target-project-domain>]
+ [--project <project> [--project-domain <project-domain>]]
+ <rbac-policy>
+
+.. option:: --type <type>
+
+ Type of the object that RBAC policy affects ("qos_policy" or "network") (required)
+
+.. option:: --action <action>
+
+ Action for the RBAC policy ("access_as_external" or "access_as_shared") (required)
+
+.. option:: --target-project <target-project>
+
+ The project to which the RBAC policy will be enforced (name or ID) (required)
+
+.. option:: --target-project-domain <target-project-domain>
+
+ Domain the target project belongs to (name or ID).
+ This can be used in case collisions between project names exist.
+
+.. option:: --project <project>
+
+ The owner project (name or ID)
+
+.. option:: --project-domain <project-domain>
+
+ Domain the project belongs to (name or ID).
+ This can be used in case collisions between project names exist.
+
+.. _network_rbac_create-rbac-policy:
+.. describe:: <rbac-object>
+
+ The object to which this RBAC policy affects (name or ID)
+
+network rbac delete
+-------------------
+
+Delete network RBAC policy(s)
+
+.. program:: network rbac delete
+.. code:: bash
+
+ openstack network rbac delete
+ <rbac-policy> [<rbac-policy> ...]
+
+.. _network_rbac_delete-rbac-policy:
+.. describe:: <rbac-policy>
+
+ RBAC policy(s) to delete (ID only)
+
+network rbac list
+-----------------
+
+List network RBAC policies
+
+.. program:: network rbac list
+.. code:: bash
+
+ openstack network rbac list
+ [--type <type>]
+ [--action <action>]
+ [--long]
+
+.. option:: --type <type>
+
+ List network RBAC policies according to given object type ("qos_policy" or "network")
+
+.. option:: --action <action>
+
+ List network RBAC policies according to given action ("access_as_external" or "access_as_shared")
+
+.. option:: --long
+
+ List additional fields in output
+
+network rbac set
+----------------
+
+Set network RBAC policy properties
+
+.. program:: network rbac set
+.. code:: bash
+
+ openstack network rbac set
+ [--target-project <target-project> [--target-project-domain <target-project-domain>]]
+ <rbac-policy>
+
+.. option:: --target-project <target-project>
+
+ The project to which the RBAC policy will be enforced (name or ID)
+
+.. option:: --target-project-domain <target-project-domain>
+
+ Domain the target project belongs to (name or ID).
+ This can be used in case collisions between project names exist.
+
+.. _network_rbac_set-rbac-policy:
+.. describe:: <rbac-policy>
+
+ RBAC policy to be modified (ID only)
+
+network rbac show
+-----------------
+
+Display network RBAC policy details
+
+.. program:: network rbac show
+.. code:: bash
+
+ openstack network rbac show
+ <rbac-policy>
+
+.. _network_rbac_show-rbac-policy:
+.. describe:: <rbac-policy>
+
+ RBAC policy (ID only)
View Lorry Controller Status