Those roles you see in keystone are merely examples, and don't have any
"meaning" by themselves. You create your own roles in keystone (e.g. $
keystone role-create) and define the associated actions specific to each
service via each service's own policy.json. For example, here's nova's
default policy.json:
https://github.com/openstack/nova/blob/master/etc/nova/policy.json
-Dolph
On Fri, Aug 31, 2012 at 2:21 AM, Jack <545997...@qq.com> wrote:
> hi all,
> openstack uses a rights management system that employs a Role-Based
> Access Control , Roles control the actions that a user is allowed to
> perform .there are 5 roles in keystone ,there are
> admin,KeystoneAdmin,KeystoneServiceAdmin,Member,anotherrole ,but ,how
> openstack control every role's rights? how openstack lmits the actions of
> each role?
>
> Looking forward
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
>
>
_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
