On 09/06/2018 06:31 AM, Ignazio Cassano wrote:
I installed openstack ocata on centos and I saw /etc/nova/policy.json
coontains the following:
{
}
I created an instance in a a project "admin" with user admin that
belogns to admin project
I created a demo project with a user demo with "user" role.
Using command lines (openstack server list --all-projects) the user demo
can list the admin instances and can also delete one of them.
I think this is a bug and a nova policy.json must be created with some
rules for avoiding the above.
See
https://specs.openstack.org/openstack/nova-specs/specs/newton/implemented/policy-in-code.html
You have something else going on ...
~iain
_______________________________________________
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
