Assigning a group membership administrator through CLI

You can designate any user or group to be a group membership administrator for a group. The group membership administrator can add users to or remove users from the group. You can also assign the group to be its own administrator, in which case all members of the group can add users to or remove users from the group.

You assign the IamGroupAdmin resource role to users and groups to allow them to manage the users in a specified group.

You can use the following command to assign the IamGroupAdmin role to a user:

cdp iam assign-user-resource-role \
--user=UserCRN \
--resource-role-crn=ResourceRoleCRN \
--resource-crn=ResourceCRN

The user parameter requires the CRN of the user to whom you want to assign the IamGroupAdmin resource role.

The resource-role-crn parameter requires the CRN of the IamGroupAdmin role.

The resource-crn parameter requires the CRN of the group on which the user will have administrator permission.

To assign the IamGroupAdmin role to a group:

cdp iam assign-group-resource-role \
--group-name=GroupName \
--resource-role-crn=ResourceRoleCRN \
--resource-crn=ResourceCRN  

The group-name parameter requires the name of the group to which you want to assign the IamGroupAdmin resource role.

The resource-role-crn parameter requires the CRN of the IamGroupAdmin role.

The resource-crn parameter requires the CRN of the group on which the group specified in the group-name parameter will have administrator permission.

For example, to assign the IamGroupAdmin to GroupABC so that GroupABC can manage the users in GroupXYZ, run a command similar to the following command:

cdp iam assign-group-resource-role \
--group-name=GroupABC \
--resource-role-crn=crn:cdp:iam:us-west-1:cdp:resourceRole:IamGroupAdmin \
--resource-crn=crn:cdp:iam:us-west-1:4e9d74e5-1cad-47d8-b645-7ccf9edbb73d:group:GroupXYZ/54218ac1-187b-40f7-aadb-5ghm96c35xy4

To assign the users in a group to be the administrators of their own group, set the values of the group-name parameter and the resource-crn parameter to refer to the same group.