LATEST VERSION: 1.10 - CHANGELOG
Pivotal Cloud Foundry v1.9

Creating and Managing Users with the cf CLI

Page last updated:

Using the Cloud Foundry Command Line Interface (cf CLI), administrators, Org Managers, and Space Managers can manage users. Cloud Foundry uses role-based access control, with each role granting permissions in either an organization or an application space.

For more information, see Organizations, Spaces, Roles, and Permissions.

Understanding Roles

To manage all users, organizations, and roles with the cf CLI, log in with your admin credentials. In Pivotal Operations Manager, refer to Elastic Runtime > Credentials for the admin name and password.

If the feature flag set_roles_by_username is enabled, Org Managers can assign org roles to existing users in their org and Space Managers can assign space roles to existing users in their space. For more information about using feature flags, see the Feature Flags topic.

Creating and Deleting Users

FUNCTION COMMAND EXAMPLE
Create a new user cf create-user USERNAME PASSWORD cf create-user Alice pa55w0rd
Delete a user cf delete-user USERNAME cf delete-user Alice

Creating Administrator Accounts

To create a new administrator account, use the UAA CLI.

Note: The cf CLI cannot create new administrator accounts.

Org and App Space Roles

A user can have one or more roles. The combination of these roles defines the user’s overall permissions in the org and within specific app spaces in that org.

Org Roles

Valid org roles are OrgManager, BillingManager, and OrgAuditor.

FUNCTION COMMAND EXAMPLE
View the organizations belonging to an account cf orgs cf orgs
View all users in an organization by role cf org-users ORGANIZATION_NAME cf org-users my-example-org
Assign an org role to a user cf set-org-role USERNAME ORGANIZATION_NAME ROLE cf set-org-role Alice my-example-org OrgManager
Remove an org role from a user cf unset-org-role USERNAME ORGANIZATION_NAME ROLE cf unset-org-role Alice my-example-org OrgManager

App Space Roles

Each app space role applies to a specific app space.

Valid app space roles are SpaceManager, SpaceDeveloper, and SpaceAuditor.

FUNCTION COMMAND EXAMPLE
View the spaces in an org cf spaces cf spaces
View all users in a space by role cf space-users ORGANIZATION_NAME SPACE_NAME cf space-users my-example-org development
Assign a space role to a user cf set-space-role USERNAME ORGANIZATION_NAME SPACE_NAME ROLE cf set-space-role Alice my-example-org development SpaceAuditor
Remove a space role from a user cf unset-space-role USERNAME ORGANIZATION_NAME SPACE_NAME ROLE cf unset-space-role Alice my-example-org development SpaceAuditor
Create a pull request or raise an issue on the source for this page in GitHub