openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #12450
Re: Identity API v3 - Why allow multi-tenant users?
Hi Caitlin,
A user is able to be associated with multiple tenants in the current API as well - this API just attempt to make is significantly more clear what you're asking for and what you're getting back. It was one of the earliest requests and requirements of the auth system.
For the back-ends of Keystone that allow resetting of passwords, it would generally be an administrator of Keystone (as it is today) that would be required to reset a user's password, but with the additional domain model, it's possible to expand that a bit if a local implementation wanted to allow a domain admin to reset a user's password as well.
-joe
On May 29, 2012, at 10:18 AM, Caitlin Bestler wrote:
> One of the major complication I see in the API is that users can be associated with multiple tenants.
>
> What is the benefit of this? What functionality would be lost if a human user merely had to use a different account with each tenant?
>
> There are numerous issues with multi-tenant users. For example, if a user is associated with multiple tenants, who resets the user’s password?
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
References