do
Cc: openstack
Subject: Re: [Openstack] [OpenStack] Limiting new roles
I'm specifically referring to keystone, because you mention "...this role only
can create tentants and roles..." If you can create tenants and roles in
keystone, you also have the power to create new user
I'm specifically referring to keystone, because you mention "...this role
only can create tentants and roles..." If you can create tenants and roles
in keystone, you also have the power to create new users and grant yourself
additional roles in keystone, due to the binary nature of the policy
impl
With regard to keystone, the current policy implementation is entirely
binary in that a role may either have total control over keystone or none.
The implementation in Grizzly is much more granular.
-Dolph
On Wed, Oct 31, 2012 at 2:35 PM, Guillermo Alvarado <
guillermoalvarad...@gmail.com> wrote
Hi everyboy,
I want to create a new role, named "another-admin", so this role only can
create tentants and roles but cannnot change quotas or modify images and
all other actions that admin role can do.
I read about create rules in the policy.json of each service (nova,
keystone, glance, swift) b
4 matches
Mail list logo
