IBM Cloud Private CLI iam commands (iam)
Learn about the cloudctl iam
commands that you can run to manage your API keys, IDs, and service policies.
cloudctl iam
- cloudctl iam accounts
- cloudctl iam api-key
- cloudctl iam api-key-create
- cloudctl iam api-key-delete
- cloudctl iam api-key-update
- cloudctl iam api-keys
- cloudctl iam group-import
- cloudctl iam group-remove
- cloudctl iam groups
- cloudctl iam ldap-create
- cloudctl iam ldap-delete
- cloudctl iam ldap-get
- cloudctl iam ldaps
- cloudctl iam resource-add
- cloudctl iam resource-rm
- cloudctl iam resources
- cloudctl iam roles
- cloudctl iam saml-disable
- cloudctl iam saml-enable
- cloudctl iam saml-export-metadata
- cloudctl iam saml-status
- cloudctl iam saml-upload-metadata
- cloudctl iam service-api-key
- cloudctl iam service-api-key-create
- cloudctl iam service-api-key-delete
- cloudctl iam service-api-key-update
- cloudctl iam service-api-keys
- cloudctl iam service-id
- cloudctl iam service-id-create
- cloudctl iam service-id-delete
- cloudctl iam service-id-update
- cloudctl iam service-ids
- cloudctl iam service-policies
- cloudctl iam service-policy
- cloudctl iam service-policy-create
- cloudctl iam service-policy-delete
- cloudctl iam service-policy-update
- cloudctl iam team-add-groups
- cloudctl iam team-add-users
- cloudctl iam team-create
- cloudctl iam team-delete
- cloudctl iam team-get
- cloudctl iam team-remove-groups
- cloudctl iam team-remove-users
- cloudctl iam teams
- cloudctl iam user-import
- cloudctl iam user-remove
- cloudctl iam users
cloudctl iam accounts
List all accounts
Example
cloudctl iam accounts
cloudctl iam api-key
List details of an API key
Example
cloudctl iam api-key NAME [--uuid]
PARAMETERS:
--uuid Display only uuid
cloudctl iam api-key-create
Create an API key
Example
cloudctl iam api-key-create NAME [-d, --description DESCRIPTION] [-f, --file FILE]
PARAMETERS:
-d value, --description value Description of the API key
-f value, --file value Save API key information to specified file. If not set, the JSON content will be displayed.
cloudctl iam api-key-delete
Delete an API key
Example
cloudctl iam api-key-delete NAME [-f, --force]
PARAMETERS:
-f, --force Delete without confirmation
cloudctl iam api-key-update
Update an API key
Example
cloudctl iam api-key-update NAME [-n, --name NEW_NAME] [-d, --description DESCRIPTION] [-f, --force]
PARAMETERS:
-n value, --name value New name of the API key
-d value, --description value New description of the API key
-f, --force Update without confirmation
cloudctl iam api-keys
List all API keys
Example
cloudctl iam api-keys
PARAMETERS:
--json Display output in JSON format.
-s Do not show the column headers in the output.
cloudctl iam group-import
Import a group from an LDAP connection
Example
cloudctl iam group-import -g searchFilter
PARAMETERS:
-c value, --connection value The ID of the LDAP connection.
-g value, --group value A LDAP search filter for the groups to import
cloudctl iam group-remove
Remove one or more groups
Example
cloudctl iam group-remove groupID1,group2ID,...
PARAMETERS:
-f, --force Remove without confirmation
cloudctl iam groups
List all imported groups
Example
cloudctl iam groups
PARAMETERS:
--json Display output in JSON format.
-s Do not show the column headers in the output.
cloudctl iam ldap-create
Create new LDAP connection
Example
cloudctl iam ldap-create NAME --basedn BASEDN --server SERVER --group-filter GROUP-FILTER --group-id-map GROUP-ID-MAP --group-member-id-map GROUP-MEMBER-ID-MAP --user-filter USER-FILTER --user-id-map USER-ID-MAP [--binddn BINDDN] [--binddn-password BINDDN-PASSWORD] [-t TYPE]
PARAMETERS:
--basedn value The distinguished name of the search base
-t value, --type value Type of the LDAP server being used. Defaults to Custom
--binddn value The user who is allowed to search the base DN. If not given the LDAP connection is established without authentication.
--binddn-password value The password of the user who is mentioned in the binddn
--server value The LDAP directory URL.
--group-filter value The filter clause for searching groups.
--group-id-map value The filter to map a group name to an LDAP entry.
--group-member-id-map value The filter to map a user to a group.
--user-filter value The filter clause for searching users.
--user-id-map value The filter to map a user name to an LDAP entry.
cloudctl iam ldap-delete
Delete a LDAP connection
Example
cloudctl iam ldap-delete
PARAMETERS:
-c value, --connection value The ID of the LDAP connection.
-f, --force Delete without confirmation
cloudctl iam ldap-get
Get LDAP connection details
Example
cloudctl iam ldap-get
PARAMETERS:
-c value, --connection value The ID of the LDAP connection.
cloudctl iam ldaps
List all LDAP connections
Example
cloudctl iam ldaps
PARAMETERS:
--json Display output in JSON format.
-s Do not show the column headers in the output.
cloudctl iam resource-add
Add a resource to a team
Example
cloudctl iam resource-add <TEAM_ID> -r <RESOURCE_CRN>
PARAMETERS:
-r value, --resources value CRN of resource to add. Can be a comma separated list.
cloudctl iam resource-rm
Remove a resource from a team
Example
cloudctl iam resource-rm <TEAM_ID> -r <RESOURCE_CRN>
PARAMETERS:
-r value, --resources value CRN of resource to remove. Can be a comma separated list.
cloudctl iam resources
List resources
Example
cloudctl iam resources [-t, --team TEAM_ID] [-r, --resource-type RESOURCE_TYPE]
PARAMETERS:
-t value, --team value Team ID to list all resources for
-r value, --resource-type value Resource type filter to list of resources
--json Display output in JSON format.
-s Do not show the column headers in the output.
cloudctl iam roles
List roles
Example
cloudctl iam roles
PARAMETERS:
--json Display output in JSON format.
-s Do not show the column headers in the output.
cloudctl iam saml-disable
Disable SAML authentication
Example
cloudctl iam saml-disable
cloudctl iam saml-enable
Enable SAML authentication
Example
cloudctl iam saml-enable
cloudctl iam saml-export-metadata
Export the SAML metadata content to create a SAML integration. Requires SAML to be enabled with 'cloudctl iam saml-enable'.
Example
cloudctl iam saml-export-metadata [--file SAML_XML_FILE]
PARAMETERS:
--file value, -f value Write the SAML metadata content to file.
cloudctl iam saml-status
Get the SAML configuration status.
Example
cloudctl iam saml-status
cloudctl iam saml-upload-metadata
Upload SAML metadata content to complete the SAML integration.
Example
cloudctl iam saml-upload-metadata --file SAML_XML_FILE
PARAMETERS:
--file value, -f value Read the SAML metadata content from file.
cloudctl iam service-api-key
List details of a service API key
Example
cloudctl iam service-api-key NAME SERVICE_ID_NAME [--uuid]
PARAMETERS:
--uuid Display only uuid
cloudctl iam service-api-key-create
Create a service API key
Example
cloudctl iam service-api-key-create NAME SERVICE_ID_NAME [-d, --description DESCRIPTION] [-f, --file FILE]
PARAMETERS:
-d value, --description value Description of the API key
-f value, --file value Save API key information to specified file. If not set, the JSON content will be displayed.
cloudctl iam service-api-key-delete
Delete a service API key
Example
cloudctl iam service-api-key-delete NAME SERVICE_ID_NAME [-f, --force]
PARAMETERS:
-f, --force Delete without confirmation
cloudctl iam service-api-key-update
Update a service API key
Example
cloudctl iam service-api-key-update NAME SERVICE_ID_NAME [-n, --name NEW_NAME] [-d, --description DESCRIPTION] [-f, --force]
PARAMETERS:
-n value, --name value New name of the service API key
-d value, --description value New description of the service API key
-f, --force Update without confirmation
cloudctl iam service-api-keys
List all API keys of a service
Example
cloudctl iam service-api-keys SERVICE_ID_NAME
PARAMETERS:
--json Display output in JSON format.
-s Do not show the column headers in the output.
cloudctl iam service-id
Display details of a service ID
Example
cloudctl iam service-id NAME [--uuid]
PARAMETERS:
--uuid Display the UUID of the service ID
cloudctl iam service-id-create
Create a service ID
Example
cloudctl iam service-id-create NAME [-d, --description DESCRIPTION]
PARAMETERS:
-d value, --description value Description of the service ID
cloudctl iam service-id-delete
Delete a service ID
Example
cloudctl iam service-id-delete NAME [-f, --force]
PARAMETERS:
-f, --force Delete without confirmation
cloudctl iam service-id-update
Update a service ID
Example
cloudctl iam service-id-update NAME [-n, --name NEW_NAME] [-d, --description DESCRIPTION] [-f, --force]
PARAMETERS:
-n value, --name value New name of the service ID
-d value, --description value New description of the service ID
-f, --force Update without confirmation
cloudctl iam service-ids
List all service IDs.
Example
cloudctl iam service-ids --uuid
PARAMETERS:
--uuid Show UUID of service IDs only.
--json Display output in JSON format.
-s Do not show the column headers in the output.
cloudctl iam service-policies
List all service policies of specified service
Example
cloudctl iam service-policies SERVICE_ID_NAME [--json]
PARAMETERS:
--json Display policy in JSON format
cloudctl iam service-policy
Display details of a service policy
Example
cloudctl iam service-policy SERVICE_ID_NAME POLICY_ID [--json]
PARAMETERS:
--json Display policy in JSON format
cloudctl iam service-policy-create
Create a service policy
Example
cloudctl iam service-policy-create SERVICE_ID_NAME {-r, --roles ROLE_NAME1,ROLE_NAME2... [--service-name SERVICE_NAME]} [-f, --force]
PARAMETERS:
-r value, --roles value Role names of the policy definition. For supported roles, run cloudctl iam roles.
--service-name value Service name of the policy definition.
-f, --force Create service policy without confirmation
cloudctl iam service-policy-delete
Delete a service policy
Example
cloudctl iam service-policy-delete SERVICE_ID_NAME POLICY_ID [-f, --force]
PARAMETERS:
-f, --force Delete without confirmation
cloudctl iam service-policy-update
Update a service policy
Example
cloudctl iam service-policy-update SERVICE_ID_NAME POLICY_ID {[-r, --roles ROLE_NAME1,ROLE_NAME2...] [--service-name SERVICE_NAME]} [-f, --force]
PARAMETERS:
-r value, --roles value Role names of the policy definition. For supported roles, run cloudctl iam roles.
--service-name value Service name of the policy definition.
-f, --force Update service policy without confirmation
cloudctl iam team-add-groups
Add groups to a team with the defined role
Example
cloudctl iam team-add-groups TEAM_ID ROLE -g group1ID,group2ID,...]
PARAMETERS:
-g value, --groups value Groups to add to the team
cloudctl iam team-add-users
Add users to a team with the defined role
Example
cloudctl iam team-add-users TEAM_ID ROLE -u user1ID,user2ID,...
PARAMETERS:
-u value, --users value Users to add to the team
cloudctl iam team-create
Create a team
Example
cloudctl iam team-create NAME
cloudctl iam team-delete
Delete a team
Example
cloudctl iam team-delete TEAM_ID [-f, --force]
PARAMETERS:
-f, --force Delete without confirmation
cloudctl iam team-get
View users and groups for a team
Example
cloudctl iam team-get TEAM_ID
PARAMETERS:
--TEAM_ID value ID of team
--json Display output in JSON format.
-s Do not show the column headers in the output.
cloudctl iam team-remove-groups
Remove groups from a team
Example
cloudctl iam team-remove-groups TEAM_ID -g group1ID,group2ID,...
PARAMETERS:
-g value, --groups value Groups to remove from the team
-f, --force Remove without confirmation
cloudctl iam team-remove-users
Remove users from a team
Example
cloudctl iam team-remove-users TEAM_ID -u user1ID,user2ID,...
PARAMETERS:
-u value, --users value Users to remove from the team
-f, --force Remove without confirmation
cloudctl iam teams
List all teams
Example
cloudctl iam teams
PARAMETERS:
--json Display output in JSON format.
-s Do not show the column headers in the output.
-u value, --user value Return only the teams that contain this user
cloudctl iam user-import
Import a user from an LDAP connection
Example
cloudctl iam user-import -u searchFilter
PARAMETERS:
-c value, --connection value The ID of the LDAP connection.
-u value, --user value A LDAP search filter for the users to import
cloudctl iam user-remove
Remove one or more users
Example
cloudctl iam user-remove user1ID,user2ID,...
PARAMETERS:
-f, --force Remove without confirmation
cloudctl iam users
List all imported users
Example
cloudctl iam users
PARAMETERS:
--json Display output in JSON format.
-s Do not show the column headers in the output.