Dolph: I think what Salman is looking for is some want to configure what role is used to determine admin-ness within a service. For example, Glance allows you to set a 'service_role' option. The context.is_admin checks make sure whatever role defined in service_role is found in the roles returned by Keystone rather than assuming it is 'admin'.
Salman: As for documentation, you can look to http://glance.openstack.org/policies.html for an overview of what is available in Glance. Brian On May 10, 2012, at 6:10 PM, Dolph Mathews wrote: > policy.json is entirely end-user configurable (it's not hardcoded at all): > replace every instance of "role:admin" in your policy.json (there's two by > default in nova's policy.json, for example) with "role:myadmin", create the > corresponding "myadmin" role in keystone, and grant it to the appropriate > users instead of "admin". > > You can also have multiple roles with admin-like behaviors (see nova's > admin_or_owner as an example), or roles with very limited sets of > capabilities, e.g.: > > "volume:create": [["role:custom_role_that_can_only_create_volumes"]] > > -Dolph > > On Thu, May 10, 2012 at 4:32 PM, Salman A Baset <saba...@us.ibm.com> wrote: > It seems that 'admin' role is hard-coded cross nova and horizon. As a result > if I want to define 'myadmin' role, and grant it all the admin privileges, it > does not seem possible. Is this a recognized limitation? > > Further, is there some good documentation on policy.json for nova, keystone, > and glance? > > Thanks. > > Best Regards, > > Salman A. Baset > Research Staff Member, IBM T. J. Watson Research Center > Tel: +1-914-784-6248 > > > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
