← Back to team overview

openstack team mailing list archive

Re: How many Role name can be used in Keystone and what is the use of each role?

 

Keystone does not have the concept of least privilege for such operations.
The notion of roles with capabilities in Keystone is something that maybe
can be addressed in Folsom

 

Jason

 

From: openstack-bounces+jason.rouault=hp.com@xxxxxxxxxxxxxxxxxxx
[mailto:openstack-bounces+jason.rouault=hp.com@xxxxxxxxxxxxxxxxxxx] On
Behalf Of livemoon
Sent: Friday, March 16, 2012 2:46 AM
To: openstack@xxxxxxxxxxxxxxxxxxx
Subject: [Openstack] How many Role name can be used in Keystone and what is
the use of each role?

 

I find the roles ( admin, KeystoneAdmin, KeystoneServiceAdmin) are created
in devstack. I think each role has it rights to use functions or services.


 

Now I want to know how many roles in keystone can be created and what are
use of them .

 

For example, I only want a role only can create/delete users in keystone.
How to do it?

 

Thanks


-- 
非淡薄无以明志,非宁静无以致远

Attachment: smime.p7s
Description: S/MIME cryptographic signature


References