While debugging a token auth problem I noticed that the enforcer searches the 
role list in a token for a role called 'admin' (any case).  If it's present, 
the enforcer returns true and the acl does not set the X-Project-Id header on 
the request.

I was wondering what the reason for not setting project id is in this case.  I 
assume it is a mechanism for privilege scoping for a highly-privileged user.

Also, the name 'admin' seems like a sensible choice to denote an admin user.  
Is there any other meaning behind the role name than this?

Many thanks,
Eric
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Reply via email to