openstack team mailing list archive

Thread
Date

Re: How many Role name can be used in Keystone and what is the use of each role?

To: livemoon <mwjpiero@xxxxxxxxx>, "openstack@xxxxxxxxxxxxxxxxxxx" <openstack@xxxxxxxxxxxxxxxxxxx>
From: "Rouault, Jason (Cloud Services)" <jason.rouault@xxxxxx>
Date: Fri, 16 Mar 2012 13:35:17 +0000
Accept-language: en-US
In-reply-to: <CAO4uuUvPsL+x1TQKCmTvDVQLtCCeVnTLrTmOffUdod9ZPPhBWQ@mail.gmail.com>
Thread-index: AQHNA1I5RNIWqQLSy0mTJTPKgTNa8ZZs7BWA
Thread-topic: [Openstack] How many Role name can be used in Keystone and what is the use of each role?

Keystone does not have the concept of least privilege for such operations.
The notion of roles with capabilities in Keystone is something that maybe
can be addressed in Folsom

 

Jason

 

From: openstack-bounces+jason.rouault=hp.com@xxxxxxxxxxxxxxxxxxx
[mailto:openstack-bounces+jason.rouault=hp.com@xxxxxxxxxxxxxxxxxxx] On
Behalf Of livemoon
Sent: Friday, March 16, 2012 2:46 AM
To: openstack@xxxxxxxxxxxxxxxxxxx
Subject: [Openstack] How many Role name can be used in Keystone and what is
the use of each role?

 

I find the roles ( admin, KeystoneAdmin, KeystoneServiceAdmin) are created
in devstack. I think each role has it rights to use functions or services.


 

Now I want to know how many roles in keystone can be created and what are
use of them .

 

For example, I only want a role only can create/delete users in keystone.
How to do it?

 

Thanks


-- 
非淡薄无以明志，非宁静无以致远

Attachment: smime.p7s
Description: S/MIME cryptographic signature

References

How many Role name can be used in Keystone and what is the use of each role?
From: livemoon, 2012-03-16