Hello.

I'm trying to allow a user with special role to see all instances of all tenants without giving him admin privileges.

My initial attempt was to change policy.json for nova to "compute:get_all_tenants": "role:special_role or is_admin:True".

But it didn't work well.

The command (nova list --all-tenants) is not failing anymore (no 'ERROR (Forbidden): Policy doesn't allow compute:get_all_tenants to be performed.'), but the returned list is empty:

nova list  --all-tenants
+----+------+--------+------------+-------------+----------+
| ID | Name | Status | Task State | Power State | Networks |
+----+------+--------+------------+-------------+----------+
+----+------+--------+------------+-------------+----------+


Any ideas how to allow a user without admin privileges to see all instances?



_______________________________________________
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

Reply via email to