Dear Jerome and Massimo, Thank you both for your responses. I thought this feature is already implemented because its blueprint states so: https://blueprints.launchpad.net/nova/+spec/user-id-based-policy-enforcement
Regards, Hamza On 16 January 2017 at 08:26, Jerome Pansanel <jerome.pansa...@iphc.cnrs.fr> wrote: > Dear Hamza, > > You may contact the primary assignee to get the status of this feature: > https://specs.openstack.org/openstack/nova-specs/specs/ > newton/implemented/user-id-based-policy-enforcement.html > > Best regards, > > Jerome Pansanel > > Le 15/01/2017 à 08:44, Hamza Achi a écrit : > > Hello, > > > > According to this Nova-spec of Newton release [1], user_id:%(user_id)s > > syntax should work to constrain some operations to user_id instead of > > project_id. Like deleting and rebuilding VMs. > > > > But it is not working, users within the same project can delete, > > rebuild......the VMs of each other. i added these rules in > > /etc/nova/policy.json (i used devstack stable/newton branch): > > > > "admin_required": "role:admin or is_admin:1", > > "owner" : "user_id:%(user_id)s", > > "admin_or_owner": "rule:admin_required or rule:owner", > > "compute:delete": "rule:admin_or_owner", > > "compute:resize": "rule:admin_or_owner", > > "compute:rebuild": "rule:admin_or_owner", > > "compute:reboot": "rule:admin_or_owner", > > "compute:start": "rule:admin_or_owner", > > "compute:stop": "rule:admin_or_owner" > > > > > > Can you please point out what i am missing ? > > > > Thank you, > > Hamza > > > > > > [1] > > https://specs.openstack.org/openstack/nova-specs/specs/ > newton/implemented/user-id-based-policy-enforcement.html > > > > > > _______________________________________________ > > OpenStack-operators mailing list > > OpenStack-operators@lists.openstack.org > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > > > > -- > Jerome Pansanel, PhD > Technical Director at France Grilles > Grid & Cloud Computing Operations Manager at IPHC > IPHC || GSM: +33 (0)6 25 19 24 43 > 23 rue du Loess, BP 28 || Tel: +33 (0)3 88 10 66 24 > F-67037 STRASBOURG Cedex 2 || Fax: +33 (0)3 88 10 62 34 > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >
_______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
