In OpenStack we can create groups of users with a common role or privilege across projects.
#Let’s try to create a new user group by the name firstGroup in the domain ‘firstDomain’
cumulus@server01:~$ openstack group create –domain firstDomain firstGroup
+————-+———————————-+
| Field | Value |
+————-+———————————-+
| description | |
| domain_id | 3126fcd5e04149bbb4a367bbbe278c6e |
| id | 3a61bc2a12c545faa0e5e1bfcd5e9772 |
| name | firstGroup |
+————-+———————————-+
to check the list of groups
cumulus@server01:~$ openstack group list
+———————————-+————+
| ID | Name |
+———————————-+————+
| 3a61bc2a12c545faa0e5e1bfcd5e9772 | firstGroup |
+———————————-+————+
#now let’s add the user ‘firstUser’ in the group ‘firstGroup’ belonging to the domain ‘firstDomain’
cumulus@server01:~$ openstack group add user –group-domain firstDomain firstGroup firstUser
#to verify if the user was added to the group properly
cumulus@server01:~$ openstack group contains user –group-domain firstDomain firstGroup firstUser
firstUser in group firstGroup
the text in blue refers to the output
let’s assign a role, example user, to this newly created group
cumulus@server01:~$ openstack role add –project-domain firstDomain –project firstProject –group firstGroup user
cumulus@server01:~$ openstack role assignment list –group firstGroup –names
+——+——+————————+————————–+——–+———–+
| Role | User | Group | Project| Domain | Inherited |
+——+——+————————+————————–+——–+———–+
| user | | firstGroup@firstDomain | firstProject@firstDomain | | False |
+——+——+————————+————————–+——–+———–+
cumulus@server01:~$
–end-of-post–
network blog 