Ask Your Question

How to delete all user-tenant/project/domain-role mapping from keystone ?

asked 2015-04-13 01:57:58 -0500

deeghuge gravatar image

Hello, I want to delete all user-tenant/project/domain-role mapping(assignment) from keystone. I want to keep user, tenant/domain/project and role as it is but want to cleanup the assignment details. Are these mapping stored in single table(assignment Table) which I can delete directly ?
Also is there any openstack utility which help me in doing this.

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted

answered 2015-04-13 13:45:59 -0500

Yes, All of them are stored in assignment table. This is why it is always better to add role assignments using group. If you had used group, then it is as simple as removing user from that group

edit flag offensive delete link more

answered 2015-04-13 09:57:22 -0500

# keystone help user-role-remove
 usage: keystone user-role-remove --user <user> --role <role>
                                 [--tenant <tenant>]

Remove role from user

  --user <user>, --user-id <user>, --user_id <user>
                        Name or ID of user
  --role <role>, --role-id <role>, --role_id <role>
                        Name or ID of role
  --tenant <tenant>, --tenant-id <tenant>
                        Name or ID of tenant
edit flag offensive delete link more


Thanks for the answer but In this particular case, I should know all the users, tenants and role mapping or i have to iteratively delete it one by one. I want to blindly delete all the mapping irrespective of any current mapping.

deeghuge gravatar imagedeeghuge ( 2015-04-15 00:45:39 -0500 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2015-04-13 01:57:58 -0500

Seen: 1,414 times

Last updated: Apr 13 '15