Hello.
I'm trying to allow a user with special role to see all instances of all
tenants without giving him admin privileges.
My initial attempt was to change policy.json for nova to
"compute:get_all_tenants": "role:special_role or is_admin:True".
But it didn't work well.
The command (nova list --all-tenants) is not failing anymore (no 'ERROR
(Forbidden): Policy doesn't allow compute:get_all_tenants to be
performed.'), but the returned list is empty:
nova list --all-tenants
+----+------+--------+------------+-------------+----------+
| ID | Name | Status | Task State | Power State | Networks |
+----+------+--------+------------+-------------+----------+
+----+------+--------+------------+-------------+----------+
Any ideas how to allow a user without admin privileges to see all instances?
_______________________________________________
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
