Dear Hamza, You may contact the primary assignee to get the status of this feature: https://specs.openstack.org/openstack/nova-specs/specs/newton/implemented/user-id-based-policy-enforcement.html
Best regards, Jerome Pansanel Le 15/01/2017 à 08:44, Hamza Achi a écrit : > Hello, > > According to this Nova-spec of Newton release [1], user_id:%(user_id)s > syntax should work to constrain some operations to user_id instead of > project_id. Like deleting and rebuilding VMs. > > But it is not working, users within the same project can delete, > rebuild......the VMs of each other. i added these rules in > /etc/nova/policy.json (i used devstack stable/newton branch): > > "admin_required": "role:admin or is_admin:1", > "owner" : "user_id:%(user_id)s", > "admin_or_owner": "rule:admin_required or rule:owner", > "compute:delete": "rule:admin_or_owner", > "compute:resize": "rule:admin_or_owner", > "compute:rebuild": "rule:admin_or_owner", > "compute:reboot": "rule:admin_or_owner", > "compute:start": "rule:admin_or_owner", > "compute:stop": "rule:admin_or_owner" > > > Can you please point out what i am missing ? > > Thank you, > Hamza > > > [1] > https://specs.openstack.org/openstack/nova-specs/specs/newton/implemented/user-id-based-policy-enforcement.html > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > -- Jerome Pansanel, PhD Technical Director at France Grilles Grid & Cloud Computing Operations Manager at IPHC IPHC || GSM: +33 (0)6 25 19 24 43 23 rue du Loess, BP 28 || Tel: +33 (0)3 88 10 66 24 F-67037 STRASBOURG Cedex 2 || Fax: +33 (0)3 88 10 62 34 _______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
