On Wed, Aug 28, 2013 at 5:22 PM, Yongsheng Gong <[email protected]>wrote:
> For admin, we must use admin token. In general, the token from API > context is not of role admin. > > If this functionality is supposed to be allowed to non-admin users, wouldn't it be easier to provide access to it to non-admin users, instead of escalating permissions (maybe RBAC)? I'll admit not knowing why this needs escalation, but it stands out as an odd approach in my mind. > I think the BP can help > https://blueprints.launchpad.net/keystone/+spec/reuse-token > This isn't likely what you are looking for. It would still require lookups to the backend for a number of reasons (not listed, as I don't think it is relevant for this conversation). -- Morgan Fainberg IRC: morganfainberg
_______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
