On Thu, 2013-12-05 at 19:03 -0600, Scott Devoid wrote:
> The TL;DR - We ran into problems with permissions for users within the
> same tenant. With the current access controls it is impossible to fix
> this without isolating each user in a personal project. Can we fix the
> policy.json grammar to
I think the best solution is to have a clearly defined API between the
Policy Enforcement Point (the service such glance) and the policy
decision point (keystone code) that allows the full set of user
attributes and roles to be input to the PDP. Keystone will provide a
basic PDP and policy syntax,
The TL;DR - We ran into problems with permissions for users within the same
tenant. With the current access controls it is impossible to fix this
without isolating each user in a personal project. Can we fix the
policy.json grammar to give us the access controls we want, or am I stupid
and missing
