Overview
The openstack identity commands manage projects, users, roles, groups, domains, application credentials, and authentication tokens. Admin-scoped commands require the admin role.
Prerequisites
- CLI installed and authenticated — see CLI Setup
- Admin role required for user, project, role, and domain management
- Source your
admin-openrc.sh before running admin commands
Projects
openstack project list
openstack project list --domain Default
Users
openstack user list
openstack user list --domain Default
Before deleting a user account, remove all role assignments for that user. A user with active role assignments cannot be deleted.
Roles
Role Assignments
openstack role add \
--user john.doe \
--project my-project \
member
Implied Roles (Role Hierarchies)
Implied roles let a “prior” role automatically grant an “implied” role. Assignment is one-directional — prior → implied only.
openstack implied role create admin --implied-role member
Domains
Groups
Application Credentials
openstack application credential list
Tokens
Service Catalog & Endpoints
Next Steps
Roles & Role Assignments Guide
Create custom roles, build role hierarchies, and manage role assignments
Application Credentials Guide
Create and manage non-interactive credentials for automation and CI/CD
Projects Guide
Manage projects, quotas, and membership
Policy Management
Define per-service policy rules for custom roles
