Managing user permissions to organizations and spaces
After you create users, you can grant them permission to access your organizations and spaces.
Before you grant users permissions to an organization or space, take the following actions:
- Create the users. See Configure authentication for IBM® Cloud Private Cloud Foundry.
- Ensure that the object you plan to grant access to exists. Run
cf orgs
orcf spaces
and confirm that the organization or space exists. (requirescf target -o ORG
) - Ensure that the user has logged in to IBM Cloud Private Cloud Foundry. If they have not, you cannot grant them access to an organization or space.
Granting access to an organization
To grant a user access to an organization, run this command:
cf set-org-role <username> <org> <role>
Where <username>
is the user name, <org>
is the Cloud Foundry organization, and <role>
is one of the following roles:
- OrgManager: The user can invite and manage users, select and change plans, and set spending limits.
- BillingManager: The user can create and manage the billing account and payment information.
- OrgAuditor: The user has read-only access to organization information and reports.
Granting access to a space
Note: You must run the following commands by using Cloud Foundry CLI version 6.13 or earlier.
To grant a user access to a space, run this command:
cf set-space-role <username> <org> <space> <role>
Where <username>
is the user name, <org>
is the Cloud Foundry organization, and <role>
is one of the following roles:
- SpaceManager: The user can invite and manage users, and enable features for the space.
- SpaceDeveloper: The user can create and manage apps and services, and view logs and reports.
- SpaceAuditor: The user can view logs, reports, and settings for the space.
Removing permissions to organizations and spaces
To remove a user's permissions to an organization, run the following command:
cf unset-org-role <username> <org> <role>
To remove a user's permissions to a space, run the following command:
cf unset-space-role <username> <org> <space> <role>