Keystone does not have the concept of least privilege for such operations. The notion of roles with capabilities in Keystone is something that maybe can be addressed in Folsom
Jason From: openstack-bounces+jason.rouault=hp....@lists.launchpad.net [mailto:openstack-bounces+jason.rouault=hp....@lists.launchpad.net] On Behalf Of livemoon Sent: Friday, March 16, 2012 2:46 AM To: openstack@lists.launchpad.net Subject: [Openstack] How many Role name can be used in Keystone and what is the use of each role? I find the roles ( admin, KeystoneAdmin, KeystoneServiceAdmin) are created in devstack. I think each role has it rights to use functions or services. Now I want to know how many roles in keystone can be created and what are use of them . For example, I only want a role only can create/delete users in keystone. How to do it? Thanks -- 非淡薄无以明志,非宁静无以致远
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
