openstack team mailing list archive

Thread
Date

openstack team
Mailing list archive
Message #04545

RBAC handled by keystone or each services ?

To: openstack@xxxxxxxxxxxxxxxxxxx
From: Kuo Hugo <tonytkdk@xxxxxxxxx>
Date: Thu, 6 Oct 2011 07:39:17 +0800

Hello folks ,

While playing with Keystone , there's four roles named
[Admin,Member,KeystoneAdmin,KeystoneServiceAdmin].
I'm confusing about that who handles these roles's permission / privileges
.... I mean RBAC include  admin, itsec, projectmanager, netadmin, developer
roles in NOVA but not Admin/Member .
is that handled by keystone or service itself ???

Is there any API to add Roles(also set permission / privileges)?

In my guess , the RBAC still on each service(nova / swift ) , but how NOVA
knows the permission of Role "Admin" ?


-- 
+Hugo Kuo+
tonytkdk@xxxxxxxxx
hugo.kuo@xxxxxxxxxxxx
+886-935-004-793

www.cloudena.com

Follow ups

Re: RBAC handled by keystone or each services ?
From: Joe Savak, 2011-10-06