Version: 8.10 (unreleased)

Identity management

Alpha feature

c8ctl is in alpha and not intended for production use. Commands and flags may change between releases. See Getting started for details.

c8ctl provides commands to manage identity resources through the Orchestration Cluster API. You can list, search, get, create, and delete users, roles, groups, tenants, authorizations, and mapping rules. Membership management is handled with the assign and unassign verbs.

Resource	Alias	Available verbs
`user(s)`	—	`list`, `search`, `get`, `create`, `delete`
`role(s)`	—	`list`, `search`, `get`, `create`, `delete`
`group(s)`	—	`list`, `search`, `get`, `create`, `delete`
`tenant(s)`	—	`list`, `search`, `get`, `create`, `delete`
`authorization(s)`	`auth`	`list`, `search`, `get`, `create`, `delete`
`mapping-rule(s)`	`mr`	`list`, `search`, `get`, `create`, `delete`

tip

All commands respect the active profile and tenant. Pass --profile to override the profile for a single command:

c8 list users --profile=prod
c8 search roles --profile=staging

Users

List users

c8 list users

Search users

c8 search users --name=John
c8 search users --email='john@example.com'
c8 search users --name=John --email='john@example.com'

Get a user

c8 get user john

Create a user

c8 create user --username=john --name='John Doe' --email=john@example.com --password=changeme

Delete a user

c8 delete user john

Roles

List roles

c8 list roles

Search roles

c8 search roles --name=admin

Get a role

c8 get role admin

Create a role

c8 create role --name=my-role

Delete a role

c8 delete role my-role

Groups

List groups

c8 list groups

Search groups

c8 search groups --name=developers

Get a group

c8 get group developers

Create a group

c8 create group --groupId=developers --name=Developers

Delete a group

c8 delete group developers

Tenants

List tenants

c8 list tenants

Search tenants

c8 search tenants --name=Production

Get a tenant

c8 get tenant prod

Create a tenant

c8 create tenant --tenantId=prod --name='Production'

Delete a tenant

c8 delete tenant prod

Authorizations

List authorizations

c8 list auth
c8 list authorizations

Search authorizations

c8 search auth --ownerId=john --resourceType=process-definition

Create an authorization

c8 create auth --ownerId=john --ownerType=USER --resourceType=process-definition --resourceId='*' --permissions=READ,CREATE

Delete an authorization

c8 delete auth 2251799813685260

Mapping rules

List mapping rules

c8 list mr
c8 list mapping-rules

Search mapping rules

c8 search mr --name=my-rule

Create a mapping rule

c8 create mr --mappingRuleId=my-rule --name='My Rule'

Delete a mapping rule

c8 delete mr my-rule

Assign and unassign

The assign and unassign verbs manage membership between identity resources. You can assign users to roles, groups, or tenants, and assign groups to tenants.

Assign a user to a role

c8 assign role admin --to-user=john

Unassign a user from a role

c8 unassign role admin --from-user=john

Assign a user to a group

c8 assign user john --to-group=developers

Unassign a user from a group

c8 unassign user john --from-group=developers

Assign a group to a tenant

c8 assign group developers --to-tenant=prod

Unassign a group from a tenant

c8 unassign group developers --from-tenant=prod

Users​

List users​

Search users​

Get a user​

Create a user​

Delete a user​

Roles​

List roles​

Search roles​

Get a role​

Create a role​

Delete a role​

Groups​

List groups​

Search groups​

Get a group​

Create a group​

Delete a group​

Tenants​

List tenants​

Search tenants​

Get a tenant​

Create a tenant​

Delete a tenant​

Authorizations​

List authorizations​

Search authorizations​

Create an authorization​

Delete an authorization​

Mapping rules​

List mapping rules​

Search mapping rules​

Create a mapping rule​

Delete a mapping rule​

Assign and unassign​

Assign a user to a role​

Unassign a user from a role​

Assign a user to a group​

Unassign a user from a group​

Assign a group to a tenant​

Unassign a group from a tenant​