While debugging a token auth problem I noticed that the enforcer searches the role list in a token for a role called 'admin' (any case). If it's present, the enforcer returns true and the acl does not set the X-Project-Id header on the request.
I was wondering what the reason for not setting project id is in this case. I assume it is a mechanism for privilege scoping for a highly-privileged user. Also, the name 'admin' seems like a sensible choice to denote an admin user. Is there any other meaning behind the role name than this? Many thanks, Eric
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev