When successful, it results in an output as:
2. To create the Member role we repeat the step, specifying the Member role:
# Member role
keystone role-create –name Member
How it works…
Creation of the roles is simply achieved by using the keystone client, specifying the role-create option with the following syntax:
keystone role-create –name role_name
The role_name attributes can’t be arbitrary. The admin role has been set in /etc/ keystone/ policy.json has its own administrative rights. Any roles that you create must map to roles specified in the policy.json file in the configuration file directory of each OpenStack service. The default policy for most services grants administrative access to the admin role.
admin_required: [[ role:admin],
[ is_admin: 1″]]
And when we configure the OpenStack Dashboard, Horizon, it has the Member role configured as default when users are created in that interface.
On creation of the role, this returns an ID associated with it that we use when assigning roles to users. To see a list of roles and the associated IDs in our environment, we can issue the following command: