Public bug reported: If I applied role inheritance to a group GR-A in scope of project PR-A:
/v3/OS- INHERIT/projects/PR-A/groups/GR-A/roles/ROLE-A/inherited_to_projects this role assignment is listed in the result of: /v3/role_assignments?scope.project.id=PR-A&group.id=GR-A but is not in the result of: /v3/role_assignments?scope.project.id=PR-A&user.id=USR-A&effective whereby USR-A is a member of the group GR-A. BUT it is part of result of the query: /v3/role_assignments?scope.project.id=SUB-PR-A&user.id=USR-A&effective whereby SUB-PR-A is a child of PR-A. I think the inherited roles assignment should be valid in the project scope of PR-A for both groups and users. ** Affects: keystone Importance: Undecided Status: New ** Tags: assignment keystone os-inherit role ** Description changed: If I applied role inheritance to a group GR-A in scope of project PR-A: - {code} - /v3/OS-INHERIT/projects/PR-A/groups/GR-A/roles/ROLE-A/inherited_to_projects - {code} + + /v3/OS- + INHERIT/projects/PR-A/groups/GR-A/roles/ROLE-A/inherited_to_projects + this role assignment is listed in the result of: - {code} + /v3/role_assignments?scope.project.id=PR-A&group.id=GR-A - {code} + but is not in the result of: - {code} + /v3/role_assignments?scope.project.id=PR-A&user.id=USR-A&effective - {code} + whereby USR-A is a member of the group GR-A. - {code} + BUT it is part of result of the query: - {code} + /v3/role_assignments?scope.project.id=SUB-PR-A&user.id=USR-A&effective - {code} + whereby SUB-PR-A is a child of PR-A. I think the inherited roles assignment should be valid in the project scope of PR-A for both groups and users. -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1583142 Title: Roles inheritance for groups is not visible in user's role assignments Status in OpenStack Identity (keystone): New Bug description: If I applied role inheritance to a group GR-A in scope of project PR-A: /v3/OS- INHERIT/projects/PR-A/groups/GR-A/roles/ROLE-A/inherited_to_projects this role assignment is listed in the result of: /v3/role_assignments?scope.project.id=PR-A&group.id=GR-A but is not in the result of: /v3/role_assignments?scope.project.id=PR-A&user.id=USR-A&effective whereby USR-A is a member of the group GR-A. BUT it is part of result of the query: /v3/role_assignments?scope.project.id=SUB-PR-A&user.id=USR-A&effective whereby SUB-PR-A is a child of PR-A. I think the inherited roles assignment should be valid in the project scope of PR-A for both groups and users. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1583142/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp