<div dir="ltr"><div><font size="2"><span style="font-family:arial,helvetica,sans-serif">Yea so I was able to get the list of users as the cloud admin using the "<span style="color:rgb(34,34,34);font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;display:inline!important;float:none;background-color:rgb(255,255,255)">openstack user list --project proj --domain domain"</span><span style="color:rgb(34,34,34);font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;display:inline!important;float:none;background-color:rgb(255,255,255)"> command.<br><br></span></span></font></div><font size="2"><span style="font-family:arial,helvetica,sans-serif"><span style="color:rgb(34,34,34);font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;display:inline!important;float:none;background-color:rgb(255,255,255)">However, I can't seem to do this as the domain admin (admin on both domain and project):<br></span><br>--<br></span></font><div style="color:rgb(34,34,34);font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-family:monospace,monospace"><font size="2">$ openstack user list --project proj --domain domain</font></span></div><div style="color:rgb(34,34,34);font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-family:monospace,monospace"><font size="2">You are not authorized to perform the requested action: identity:list_role_assignments (HTTP 403) (Request-ID: req-74e1a7e9-e0c3-4163-b803-</font></span><font size="2"><span style="font-family:arial,helvetica,sans-serif"><span style="font-family:monospace,monospace">8cd647a62511)</span><br>--<br><br></span></font></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><font size="2"><span style="font-family:arial,helvetica,sans-serif">But looks I should based on:<br><br>--<br></span></font><div style="color:rgb(34,34,34);font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-family:monospace,monospace"><font size="2">$ sudo grep -i list_role_assignment /etc/keystone/policy.json</font></span></div><div style="color:rgb(34,34,34);font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-family:monospace,monospace"><font size="2"> "identity:list_role_</font></span><font size="2"><span style="font-family:arial,helvetica,sans-serif"><span style="font-family:monospace,monospace">assignments": "rule:admin_on_domain_filter or rule:admin_on_project_filter",</span><br>--<br><br></span></font></div><div style="color:rgb(34,34,34);font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><font size="2"><span style="font-family:arial,helvetica,sans-serif">Any idea what I am missing here. Based on the above rule I should be able to get that list of users in a specific project. Here is proof that I am a admin on the domain:<br><br>--<br></span></font><div style="color:rgb(34,34,34);font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-family:monospace,monospace"><font size="2">$ openstack user show user1 --domain domain | grep -i id | grep -v dom</font></span></div><div style="color:rgb(34,34,34);font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-family:monospace,monospace"><font size="2">| id | 436bd5d0a67ba371e603b9b023acd6</font></span><span style="font-family:monospace,monospace"><font size="2">6542cfcdf2e7ec4221fcfd69c2e661</font></span><span style="font-family:monospace,monospace"><font size="2">02ff |</font></span></div><div style="color:rgb(34,34,34);font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-family:monospace,monospace"><font size="2"><br></font></span></div><div style="color:rgb(34,34,34);font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-family:monospace,monospace"><font size="2">$ openstack role list --user 436bd5d0a67ba371e603b9b023acd6</font></span><span style="font-family:monospace,monospace"><font size="2">6542cfcdf2e7ec4221fcfd69c2e661</font></span><span style="font-family:monospace,monospace"><font size="2">02ff --domain domain | grep -i user1</font></span></div><div style="color:rgb(34,34,34);font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-family:monospace,monospace"><font size="2">| 530dbdae538e4faa8f37dab516669e</font></span><span style="font-family:monospace,monospace"><font size="2">74 |<span class=""> </span>admin<span class=""> </span>| domain | user1 |</font></span></div><font size="2"><span style="font-family:arial,helvetica,sans-serif">--<br></span></font></div><br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)">Thanks.<br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Apr 20, 2016 at 7:15 PM, Remo Mattei <span dir="ltr"><<a href="mailto:remo@italy1.com" target="_blank">remo@italy1.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">you should really move to the openstack command like openstack user list (example) <div><br></div><div>Remo <br><div><blockquote type="cite"><span class=""><div>On Apr 20, 2016, at 16:40, Steve Heyman <<a href="mailto:steve.heyman@rackspace.com" target="_blank">steve.heyman@RACKSPACE.COM</a>> wrote:</div><br></span><div>
<div style="word-wrap:break-word;font-size:14px;font-family:Calibri,sans-serif">
<div>
<div><span class="">
<div>I think keystone user-list does this. See <a href="http://docs.openstack.org/developer/keystone/cli_examples.html#user-list" target="_blank">http://docs.openstack.org/developer/keystone/cli_examples.html#user-list</a></div>
</span><div>
<div><br>
</div>
<span><signature-with-mafia[2][14].png></span></div>
</div>
</div><span class="">
<div><br>
</div>
<span>
<div style="font-family:Calibri;font-size:11pt;text-align:left;border-width:1pt medium medium;border-style:solid none none;padding:3pt 0in 0in;border-top-color:rgb(181,196,223)">
<span style="font-weight:bold">From: </span>Jagga Soorma <<a href="mailto:jagga13@gmail.com" target="_blank">jagga13@gmail.com</a>><br>
<span style="font-weight:bold">Date: </span>Wednesday, April 20, 2016 at 6:20 PM<br>
<span style="font-weight:bold">To: </span>openstack <<a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a>><br>
<span style="font-weight:bold">Subject: </span>[Openstack] list members of a project<br>
</div>
<div><br>
</div>
<div>
<div>
<div dir="ltr">Hi Guys,
<div><br>
</div>
<div>So I am able to find out what role a user has for a specific project, but have not been able to find a way to list all members in a given project. Is this doable? Is there a way I can get all members of a existing project from cli? Don't think horizon
exposes this information either.</div>
<div><br>
</div>
<div>Thanks!</div>
</div>
</div>
</div>
</span></span>
!DSPAM:1,571814d8173809009228068!
</div>
_______________________________________________<br>Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>Post to : <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br><br><br>!DSPAM:1,571814d8173809009228068!<br></div></blockquote></div><br></div></div></blockquote></div><br></div>