IBM Cloud Private CLI iam commands (iam)

Learn about the cloudctl iam commands that you can run to manage your API keys, IDs, and service policies.

cloudctl iam

• cloudctl iam accounts
• cloudctl iam api-key
• cloudctl iam api-key-create
• cloudctl iam api-key-delete
• cloudctl iam api-key-update
• cloudctl iam api-keys
• cloudctl iam group-import
• cloudctl iam group-remove
• cloudctl iam groups
• cloudctl iam ldap-create
• cloudctl iam ldap-delete
• cloudctl iam ldap-get
• cloudctl iam ldaps
• cloudctl iam resource-add
• cloudctl iam resource-rm
• cloudctl iam resources
• cloudctl iam roles
• cloudctl iam saml-disable
• cloudctl iam saml-enable
• cloudctl iam saml-export-metadata
• cloudctl iam saml-status
• cloudctl iam saml-upload-metadata
• cloudctl iam service-api-key
• cloudctl iam service-api-key-create
• cloudctl iam service-api-key-delete
• cloudctl iam service-api-key-update
• cloudctl iam service-api-keys
• cloudctl iam service-id
• cloudctl iam service-id-create
• cloudctl iam service-id-delete
• cloudctl iam service-id-update
• cloudctl iam service-ids
• cloudctl iam service-policies
• cloudctl iam service-policy
• cloudctl iam service-policy-create
• cloudctl iam service-policy-delete
• cloudctl iam service-policy-update
• cloudctl iam team-add-groups
• cloudctl iam team-add-users
• cloudctl iam team-create
• cloudctl iam team-delete
• cloudctl iam team-get
• cloudctl iam team-remove-groups
• cloudctl iam team-remove-users
• cloudctl iam teams
• cloudctl iam user-import
• cloudctl iam user-remove
• cloudctl iam users

cloudctl iam accounts

List all accounts

Example

cloudctl iam accounts

cloudctl iam api-key

List details of an API key

Example

cloudctl iam api-key NAME  [--uuid]

PARAMETERS:
   --uuid  Display only uuid

cloudctl iam api-key-create

Create an API key

Example

cloudctl iam api-key-create NAME  [-d, --description DESCRIPTION] [-f, --file FILE]

PARAMETERS:
   -d value, --description value  Description of the API key
   -f value, --file value         Save API key information to specified file. If not set, the JSON content will be displayed.

cloudctl iam api-key-delete

Delete an API key

Example

cloudctl iam api-key-delete NAME [-f, --force]

PARAMETERS:
   -f, --force  Delete without confirmation

cloudctl iam api-key-update

Update an API key

Example

cloudctl iam api-key-update NAME [-n, --name NEW_NAME] [-d, --description DESCRIPTION] [-f, --force]

PARAMETERS:
   -n value, --name value         New name of the API key
   -d value, --description value  New description of the API key
   -f, --force                    Update without confirmation

cloudctl iam api-keys

List all API keys

Example

cloudctl iam api-keys

PARAMETERS:
   --json  Display output in JSON format.
   -s      Do not show the column headers in the output.

cloudctl iam group-import

Import a group from an LDAP connection

Example

cloudctl iam group-import -g searchFilter

PARAMETERS:
   -c value, --connection value  The ID of the LDAP connection.
   -g value, --group value       A LDAP search filter for the groups to import

cloudctl iam group-remove

Remove one or more groups

Example

cloudctl iam group-remove groupID1,group2ID,...

PARAMETERS:
   -f, --force  Remove without confirmation

cloudctl iam groups

List all imported groups

Example

cloudctl iam groups

PARAMETERS:
   --json  Display output in JSON format.
   -s      Do not show the column headers in the output.

cloudctl iam ldap-create

Create new LDAP connection

Example

cloudctl iam ldap-create NAME --basedn BASEDN --server SERVER --group-filter GROUP-FILTER --group-id-map GROUP-ID-MAP --group-member-id-map GROUP-MEMBER-ID-MAP --user-filter USER-FILTER --user-id-map USER-ID-MAP [--binddn BINDDN] [--binddn-password BINDDN-PASSWORD] [-t TYPE]

PARAMETERS:
   --basedn value               The distinguished name of the search base
   -t value, --type value       Type of the LDAP server being used. Defaults to Custom
   --binddn value               The user who is allowed to search the base DN. If not given the LDAP connection is established without authentication.
   --binddn-password value      The password of the user who is mentioned in the binddn
   --server value               The LDAP directory URL.
   --group-filter value         The filter clause for searching groups.
   --group-id-map value         The filter to map a group name to an LDAP entry.
   --group-member-id-map value  The filter to map a user to a group.
   --user-filter value          The filter clause for searching users.
   --user-id-map value          The filter to map a user name to an LDAP entry.

cloudctl iam ldap-delete

Delete a LDAP connection

Example

cloudctl iam ldap-delete

PARAMETERS:
   -c value, --connection value  The ID of the LDAP connection.
   -f, --force                   Delete without confirmation

cloudctl iam ldap-get

Get LDAP connection details

Example

cloudctl iam ldap-get

PARAMETERS:
   -c value, --connection value  The ID of the LDAP connection.

cloudctl iam ldaps

List all LDAP connections

Example

cloudctl iam ldaps

PARAMETERS:
   --json  Display output in JSON format.
   -s      Do not show the column headers in the output.

cloudctl iam resource-add

Add a resource to a team

Example

cloudctl iam resource-add <TEAM_ID> -r <RESOURCE_CRN>

PARAMETERS:
   -r value, --resources value  CRN of resource to add. Can be a comma separated list.

cloudctl iam resource-rm

Remove a resource from a team

Example

cloudctl iam resource-rm <TEAM_ID> -r <RESOURCE_CRN>

PARAMETERS:
   -r value, --resources value  CRN of resource to remove. Can be a comma separated list.

cloudctl iam resources

List resources

Example

cloudctl iam resources [-t, --team TEAM_ID] [-r, --resource-type RESOURCE_TYPE]

PARAMETERS:
   -t value, --team value           Team ID to list all resources for
   -r value, --resource-type value  Resource type filter to list of resources
   --json                           Display output in JSON format.
   -s                               Do not show the column headers in the output.

cloudctl iam roles

List roles

Example

cloudctl iam roles

PARAMETERS:
   --json  Display output in JSON format.
   -s      Do not show the column headers in the output.

cloudctl iam saml-disable

Disable SAML authentication

Example

cloudctl iam saml-disable

cloudctl iam saml-enable

Enable SAML authentication

Example

cloudctl iam saml-enable

cloudctl iam saml-export-metadata

Export the SAML metadata content to create a SAML integration. Requires SAML to be enabled with 'cloudctl iam saml-enable'.

Example

cloudctl iam saml-export-metadata [--file SAML_XML_FILE]

PARAMETERS:
   --file value, -f value  Write the SAML metadata content to file.

cloudctl iam saml-status

Get the SAML configuration status.

Example

cloudctl iam saml-status

cloudctl iam saml-upload-metadata

Upload SAML metadata content to complete the SAML integration.

Example

cloudctl iam saml-upload-metadata --file SAML_XML_FILE

PARAMETERS:
   --file value, -f value  Read the SAML metadata content from file.

cloudctl iam service-api-key

List details of a service API key

Example

cloudctl iam service-api-key NAME SERVICE_ID_NAME [--uuid]

PARAMETERS:
   --uuid  Display only uuid

cloudctl iam service-api-key-create

Create a service API key

Example

cloudctl iam service-api-key-create NAME SERVICE_ID_NAME [-d, --description DESCRIPTION] [-f, --file FILE]

PARAMETERS:
   -d value, --description value  Description of the API key
   -f value, --file value         Save API key information to specified file. If not set, the JSON content will be displayed.

cloudctl iam service-api-key-delete

Delete a service API key

Example

cloudctl iam service-api-key-delete NAME SERVICE_ID_NAME [-f, --force]

PARAMETERS:
   -f, --force  Delete without confirmation

cloudctl iam service-api-key-update

Update a service API key

Example

cloudctl iam service-api-key-update NAME SERVICE_ID_NAME  [-n, --name NEW_NAME] [-d, --description DESCRIPTION] [-f, --force]

PARAMETERS:
   -n value, --name value         New name of the service API key
   -d value, --description value  New description of the service API key
   -f, --force                    Update without confirmation

cloudctl iam service-api-keys

List all API keys of a service

Example

cloudctl iam service-api-keys SERVICE_ID_NAME

PARAMETERS:
   --json  Display output in JSON format.
   -s      Do not show the column headers in the output.

cloudctl iam service-id

Display details of a service ID

Example

cloudctl iam service-id NAME [--uuid]

PARAMETERS:
   --uuid  Display the UUID of the service ID

cloudctl iam service-id-create

Create a service ID

Example

cloudctl iam service-id-create NAME [-d, --description DESCRIPTION]

PARAMETERS:
   -d value, --description value  Description of the service ID

cloudctl iam service-id-delete

Delete a service ID

Example

cloudctl iam service-id-delete NAME [-f, --force]

PARAMETERS:
   -f, --force  Delete without confirmation

cloudctl iam service-id-update

Update a service ID

Example

cloudctl iam service-id-update NAME [-n, --name NEW_NAME] [-d, --description DESCRIPTION] [-f, --force]

PARAMETERS:
   -n value, --name value         New name of the service ID
   -d value, --description value  New description of the service ID
   -f, --force                    Update without confirmation

cloudctl iam service-ids

List all service IDs.

Example

cloudctl iam service-ids --uuid

PARAMETERS:
   --uuid  Show UUID of service IDs only.
   --json  Display output in JSON format.
   -s      Do not show the column headers in the output.

cloudctl iam service-policies

List all service policies of specified service

Example

cloudctl iam service-policies SERVICE_ID_NAME [--json]

PARAMETERS:
   --json  Display policy in JSON format

cloudctl iam service-policy

Display details of a service policy

Example

cloudctl iam service-policy SERVICE_ID_NAME POLICY_ID [--json]

PARAMETERS:
   --json  Display policy in JSON format

cloudctl iam service-policy-create

Create a service policy

Example

cloudctl iam service-policy-create SERVICE_ID_NAME {-r, --roles ROLE_NAME1,ROLE_NAME2... [--service-name SERVICE_NAME]} [-f, --force]

PARAMETERS:
   -r value, --roles value  Role names of the policy definition. For supported roles, run cloudctl iam roles.
   --service-name value     Service name of the policy definition.
   -f, --force              Create service policy without confirmation

cloudctl iam service-policy-delete

Delete a service policy

Example

cloudctl iam service-policy-delete SERVICE_ID_NAME POLICY_ID [-f, --force]

PARAMETERS:
   -f, --force  Delete without confirmation

cloudctl iam service-policy-update

Update a service policy

Example

cloudctl iam service-policy-update SERVICE_ID_NAME POLICY_ID {[-r, --roles ROLE_NAME1,ROLE_NAME2...] [--service-name SERVICE_NAME]} [-f, --force]

PARAMETERS:
   -r value, --roles value  Role names of the policy definition. For supported roles, run cloudctl iam roles.
   --service-name value     Service name of the policy definition.
   -f, --force              Update service policy without confirmation

cloudctl iam team-add-groups

Add groups to a team with the defined role

Example

cloudctl iam team-add-groups TEAM_ID ROLE -g group1ID,group2ID,...]

PARAMETERS:
   -g value, --groups value  Groups to add to the team

cloudctl iam team-add-users

Add users to a team with the defined role

Example

cloudctl iam team-add-users TEAM_ID ROLE -u user1ID,user2ID,...

PARAMETERS:
   -u value, --users value  Users to add to the team

cloudctl iam team-create

Create a team

Example

cloudctl iam team-create NAME

cloudctl iam team-delete

Delete a team

Example

cloudctl iam team-delete TEAM_ID [-f, --force]

PARAMETERS:
   -f, --force  Delete without confirmation

cloudctl iam team-get

View users and groups for a team

Example

cloudctl iam team-get TEAM_ID

PARAMETERS:
   --TEAM_ID value  ID of team
   --json           Display output in JSON format.
   -s               Do not show the column headers in the output.

cloudctl iam team-remove-groups

Remove groups from a team

Example

cloudctl iam team-remove-groups TEAM_ID -g group1ID,group2ID,...

PARAMETERS:
   -g value, --groups value  Groups to remove from the team
   -f, --force               Remove without confirmation

cloudctl iam team-remove-users

Remove users from a team

Example

cloudctl iam team-remove-users TEAM_ID -u user1ID,user2ID,...

PARAMETERS:
   -u value, --users value  Users to remove from the team
   -f, --force              Remove without confirmation

cloudctl iam teams

List all teams

Example

cloudctl iam teams

PARAMETERS:
   --json                  Display output in JSON format.
   -s                      Do not show the column headers in the output.
   -u value, --user value  Return only the teams that contain this user

cloudctl iam user-import

Import a user from an LDAP connection

Example

cloudctl iam user-import -u searchFilter

PARAMETERS:
   -c value, --connection value  The ID of the LDAP connection.
   -u value, --user value        A LDAP search filter for the users to import

cloudctl iam user-remove

Remove one or more users

Example

cloudctl iam user-remove user1ID,user2ID,...

PARAMETERS:
   -f, --force  Remove without confirmation

cloudctl iam users

List all imported users

Example

cloudctl iam users

PARAMETERS:
   --json  Display output in JSON format.
   -s      Do not show the column headers in the output.