Hi Reza, as Adam suggested, I have in fact, created a new lab for some of the new hire regarding this topic. Here is the public URL you can use to follow the instruction on how to do this.
http://docs.openstack.org/developer/horizon/topics/policy.html > On 04/17/2014 02:15 AM, Reza Bakhshayeshi wrote: >> Hi, >> >> I want to integrate an external service with keystone, in a way that only an >> authorized user in keystone could make access to that service. >> In the simplest form, consider it as a web service which receive the user's >> request and return a specific feature of his/her instance. >> Surely, users should be unable to see other's instance specifications, and >> must be authorized in the keystone. >> What do you think is the best way of performing this scenario? > > Use RBAC, create a Role specific to your new service, and only assign that > role to people that you trust. Create a policy file that checks for that the > calling user has that role before any operations. >> >> Thanks, >> Reza >> >> >> >> _______________________________________________ >> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> Post to : openstack@lists.openstack.org >> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > !DSPAM:1,53543175213691779914982! > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > !DSPAM:1,53543175213691779914982!
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
