forked from cloudfoundry/docs-cf-admin
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcli-user-management.html.md.erb
115 lines (96 loc) · 3.9 KB
/
cli-user-management.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
---
title: Creating and Managing Users with the cf CLI
---
_This page assumes you are using cf v6._
Using the `cf` Command Line Interface (CLI), an administrator can create users
and manage user roles.
Cloud Foundry uses role-based access control, with each role granting
permissions in either an organization or an application space.
For more information, see [Organizations, Spaces, Roles, and Permissions](../concepts/roles.html).
<p class="note"><strong>Note</strong>: To manage users, organizations, and roles with the <code>cf</code> CLI, you must
log in with <strong>UAA Administrator user credentials</strong>. <%=vars.info_loc%>, <%=vars.uaa_cred%> for the UAA admin name and password.</p>
## <a id='create-user'></a>Creating and Deleting Users ##
<table border="1" class="nice" >
<tr>
<th><strong>FUNCTION</strong></th>
<th><strong>COMMAND</strong></th>
<th><strong>EXAMPLE</strong></th>
</tr>
<tr>
<td>Create a new user</td>
<td>cf create-user USERNAME PASSWORD</td>
<td><code>cf create-user Alice pa55w0rd</code></td>
</tr>
<tr>
<td>Delete a user</td>
<td>cf delete-user USERNAME</td>
<td><code>cf delete-user Alice</code></td>
</tr>
</table>
### <a id='create-admin'></a>Creating Administrator Accounts ###
To create a new administrator account, use the [UAA CLI](./uaa-user-management.html#creating-admin-users).
<p class="note"><strong>Note</strong>: The <code>cf</code> CLI cannot create new administrator accounts.</p>
## <a id='orgs-spaces'></a>Org and App Space Roles ##
A user can have one or more roles.
The combination of these roles defines the user’s overall permissions in the org
and within specific app spaces in that org.
### <a id='org-roles'></a>Org Roles ###
Valid [org roles](../concepts/roles.html#org-roles) are OrgManager, BillingManager, and OrgAuditor.
<table border="1" class="nice" >
<tr>
<th><strong>FUNCTION</strong></th>
<th><strong>COMMAND</strong></th>
<th><strong>EXAMPLE</strong></th>
</tr>
<tr>
<td>View the organizations belonging to an account</td>
<td>cf orgs</td>
<td><code>cf orgs</code></td>
</tr>
<tr>
<td>View all users in an organization by role</td>
<td>cf org-users ORGANIZATION_NAME</td>
<td><code>cf org-users my-example-org</code></td>
</tr>
<tr>
<td>Assign an org role to a user</td>
<td>cf set-org-role USERNAME ORGANIZATION_NAME ROLE</td>
<td><code>cf set-org-role Alice my-example-org OrgManager</code></td>
</tr>
<tr>
<td>Remove an org role from a user</td>
<td>cf unset-org-role USERNAME ORGANIZATION_NAME ROLE</td>
<td><code>cf unset-org-role Alice myexample-org OrgManager</code></td>
</tr>
</table>
### <a id='space-roles'></a>App Space Roles ###
Each app space role applies to a specific app space.
<p class="note"><strong>Note</strong>: By default, the org manager has app space manager permissions for all spaces within the organization.</p>
Valid [app space roles](../concepts/roles.html#space-roles) are SpaceManager, SpaceDeveloper, and SpaceAuditor.
<table border="1" class="nice" >
<tr>
<th><strong>FUNCTION</strong></th>
<th><strong>COMMAND</strong></th>
<th><strong>EXAMPLE</strong></th>
</tr>
<tr>
<td>View the spaces in an org</td>
<td>cf spaces</td>
<td><code>cf spaces</code></td>
</tr>
<tr>
<td>View all users in a space by role</td>
<td>cf space-users ORGANIZATION_NAME SPACE_NAME</td>
<td><code>cf space-users my-example-org development</code></td>
</tr>
<tr>
<td>Assign a space role to a user</td>
<td>cf set-space-role USERNAME ORGANIZATION_NAME SPACE_NAME ROLE</td>
<td><code>cf set-space-role Alice my-example-org development SpaceAuditor</code></td>
</tr>
<tr>
<td>Remove a space role from a user</td>
<td>cf unset-space-role USERNAME ORGANIZATION_NAME SPACE_NAME ROLE</td>
<td><code>cf unset-space-role Alice my-example-org development SpaceAuditor</code></td>
</tr>
</table>