Ask Your Question
0

How to delete all user-tenant/project/domain-role mapping from keystone ?

asked 2015-04-13 01:57:58 -0600

deeghuge gravatar image

Hello, I want to delete all user-tenant/project/domain-role mapping(assignment) from keystone. I want to keep user, tenant/domain/project and role as it is but want to cleanup the assignment details. Are these mapping stored in single table(assignment Table) which I can delete directly ?
Also is there any openstack utility which help me in doing this.

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
1

answered 2015-04-13 13:45:59 -0600

Yes, All of them are stored in assignment table. This is why it is always better to add role assignments using group. If you had used group, then it is as simple as removing user from that group

edit flag offensive delete link more
0

answered 2015-04-13 09:57:22 -0600

# keystone help user-role-remove
 usage: keystone user-role-remove --user <user> --role <role>
                                 [--tenant <tenant>]

Remove role from user

Arguments:
  --user <user>, --user-id <user>, --user_id <user>
                        Name or ID of user
  --role <role>, --role-id <role>, --role_id <role>
                        Name or ID of role
  --tenant <tenant>, --tenant-id <tenant>
                        Name or ID of tenant
edit flag offensive delete link more

Comments

Thanks for the answer but In this particular case, I should know all the users, tenants and role mapping or i have to iteratively delete it one by one. I want to blindly delete all the mapping irrespective of any current mapping.

deeghuge gravatar imagedeeghuge ( 2015-04-15 00:45:39 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-04-13 01:57:58 -0600

Seen: 1,282 times

Last updated: Apr 13 '15