This command queries providers and the user database for a user entry. A provider query can be aggregated across providers to yield a merged result, or it can be provider-specific. See Querying Users for more information.
You can also use this command to:
-
Attach S3 identity policies to users or remove S3 identity policies from users, and
-
Grant or remove create bucket, delete bucket and super user permissions for users on external providers.
Note
Permission allowed or denied by identity policies to create or delete buckets overrides explicit create bucket and delete bucket permission settings.
Note
To grant or remove the explicit create bucket, delete bucket and super user permissions for local provider users, use the user modify command.
Usage for Retrieving a User Entry
user query {--uid UID | --username USERNAME | --login-name LOGINNAME | --sid SID} [--context local|udb|ad|ldap|nis|aggregated] [--tenant-id ID]
Usage for Setting S3 Permissions
user query {--uid UID | --username USERNAME | --login-name LOGINNAME | --sid SID} [--allow-create-bucket|--disallow-create-bucket] [--allow-delete-bucket|--disallow-delete-bucket] [--s3-superuser|--not-s3-superuser] [--s3-policies-ids [IDs]] [--tenant-id ID]
Required Parameters
|
Identifies a user by POSIX (NFS) UID number. |
|
identifies a user by user name. |
|
Identifies a user by login name. |
|
Identifies a user by Security Identifier (SID). |
Options
Example
vcli: admin> user query --uid 1133659114 +---------------------+---------------------------------------------------------------+ | uid | 1133659114 (LOCAL) | | sid | S-1-111-1624147990-1599182510-3870292919-110815442-17 (LOCAL) | | leading_group | {'gid': '', 'sid': '', 'name': ''} | | leading_group_name | | | leading_group_gid | | | primary_group_name | | | primary_group_sid | | | name | user1 (LOCAL) | | login_name | user1 | | groups | [] ([]) | | group_count | 0 | | allow_create_bucket | True | | allow_delete_bucket | True | | s3_superuser | False | | s3_policies | [] | | s3_policies_ids | [] | | s3_remote_policies | [] | | access_keys | [['RW8X6B7ATS18XUV3AGAF', 'enabled', 'local']] | +---------------------+---------------------------------------------------------------+
-
The provider from which an attribute was retrieved is indicated in parentheses (
(LOCAL)
in the example). -
leading group is the POSIX attribute for the user's group(s). A leading group is identified with its group ID (GID).
-
primary group is an Active Directory group identified by its security identifier (SID).
Comments
0 comments
Article is closed for comments.