Creating and Managing Users with the cf CLI
Page last updated: October 28, 2015
This page assumes you are using cf CLI v6.
Using the cf Command Line Interface (CLI), an administrator can create users and manage user roles. Cloud Foundry uses role-based access control, with each role granting permissions in either an organization or an application space.
For more information, see Organizations, Spaces, Roles, and Permissions.
Note: To manage users, organizations, and roles with the cf CLI, you must log in with UAA Administrator user credentials. In your Cloud Foundry deployment manifest, refer to the uaa scim section for the UAA admin name and password.
Creating and Deleting Users
| FUNCTION | COMMAND | EXAMPLE |
|---|---|---|
| Create a new user | cf create-user USERNAME PASSWORD | cf create-user Alice pa55w0rd |
| Delete a user | cf delete-user USERNAME | cf delete-user Alice |
Creating Administrator Accounts
To create a new administrator account, use the UAA CLI.
Note: The cf CLI cannot create new administrator accounts.
Org and App Space Roles
A user can have one or more roles. The combination of these roles defines the user’s overall permissions in the org and within specific app spaces in that org.
Org Roles
Valid org roles are OrgManager, BillingManager, and OrgAuditor.
| FUNCTION | COMMAND | EXAMPLE |
|---|---|---|
| View the organizations belonging to an account | cf orgs | cf orgs |
| View all users in an organization by role | cf org-users ORGANIZATION_NAME | cf org-users my-example-org |
| Assign an org role to a user | cf set-org-role USERNAME ORGANIZATION_NAME ROLE | cf set-org-role Alice my-example-org OrgManager |
| Remove an org role from a user | cf unset-org-role USERNAME ORGANIZATION_NAME ROLE | cf unset-org-role Alice my-example-org OrgManager |
App Space Roles
Each app space role applies to a specific app space.
Note: By default, the org manager has app space manager permissions for all spaces within the organization.
Valid app space roles are SpaceManager, SpaceDeveloper, and SpaceAuditor.
| FUNCTION | COMMAND | EXAMPLE |
|---|---|---|
| View the spaces in an org | cf spaces | cf spaces |
| View all users in a space by role | cf space-users ORGANIZATION_NAME SPACE_NAME | cf space-users my-example-org development |
| Assign a space role to a user | cf set-space-role USERNAME ORGANIZATION_NAME SPACE_NAME ROLE | cf set-space-role Alice my-example-org development SpaceAuditor |
| Remove a space role from a user | cf unset-space-role USERNAME ORGANIZATION_NAME SPACE_NAME ROLE | cf unset-space-role Alice my-example-org development SpaceAuditor |