# Revision history [back]

Firstly for the answer above, tenants/projects do not posses roles. Roles are given to users in a specific tenant/project.

If you are asking how to have user xyz be part of 7 out of 10 tenants, then you assign member/user role to the user just in the tenants you need to! (although i think you know that already)

Firstly for the answer above, tenants/projects do not posses roles. Roles are given to users in a specific tenant/project.

If you are asking how to have user xyz be part of 7 out of 10 tenants, then you assign member/user role to the user just in the tenants you need to! (although i think you know that already)

Update:

Based on your rephrase: Whne you create a user with keystone it won't automaticly assign a role into that tenant as far as i know. You must specifically assign a role for the user in a given tenant. After you create a user you assing a role to it in a given tenant like this keystone user-role-add --user=xxx --role=_member_ --tenant=xyz

As far as i know there is no way of assigning a role to multiple tenants in one command. You must issue a command for every tenant you want that user to be a part of!

What version of openstack are you using. Based on your input it must be Juno or earlier because since kilo keystone client is deprecated in favor of openstack client.

An easier way of assigning a user to multiple tenants is to use the groups future in keystone v3. So first you enable keystone v3 with v3 api, update keytone endpoints to /v3 and update services to use keystone v3 including horizon. Then you will have the option to create groups. You create a group, assign a role to as many tenants as you like to.

At this stage, for example, you have group xyz assigned the role member to 7 tenants out of 10. A group acts like a container for users. You than create a user and add it to the group.

Now the user has member role to the tenants that the group is part of!

Hope i was clear enough!