openstack team mailing list archive

Thread
Date

Re: About the Role and User's rights

To: Jack <545997714@xxxxxx>
From: Dolph Mathews <dolph.mathews@xxxxxxxxx>
Date: Fri, 31 Aug 2012 02:34:25 -0500
Cc: openstack <openstack@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <tencent_2393C2BB23F6D3A36117C40E@qq.com>

Those roles you see in keystone are merely examples, and don't have any
"meaning" by themselves. You create your own roles in keystone (e.g. $
keystone role-create) and define the associated actions specific to each
service via each service's own policy.json. For example, here's nova's
default policy.json:

    https://github.com/openstack/nova/blob/master/etc/nova/policy.json

-Dolph


On Fri, Aug 31, 2012 at 2:21 AM, Jack <545997714@xxxxxx> wrote:

> hi all,
>      openstack uses a rights management system that employs a Role-Based
> Access Control , Roles control the actions that a user is allowed to
> perform .there are 5 roles in keystone ,there are
> admin,KeystoneAdmin,KeystoneServiceAdmin,Member,anotherrole ,but ,how
> openstack control every role's rights? how openstack lmits the actions of
> each role?
>
> Looking forward
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>

Follow ups

Re: About the Role and User's rights
From: Gabriel Hurley, 2012-08-31

References

About the Role and User's rights
From: Jack, 2012-08-31