openstack team mailing list archive

[Gabriel Hurley <Gabriel.Hurley@xxxxxxxxxx>]

One additional note on that, however: for legacy reasons many of the projects have hardcoded assumptions about the role named "admin". In Grizzly we'll be working to make the role-based access control truly customizable, but for now you're stuck with needing that one.


-          Gabriel

From: openstack-bounces+gabriel.hurley=nebula.com@xxxxxxxxxxxxxxxxxxx [mailto:openstack-bounces+gabriel.hurley=nebula.com@xxxxxxxxxxxxxxxxxxx] On Behalf Of Dolph Mathews
Sent: Friday, August 31, 2012 12:34 AM
To: Jack
Cc: openstack
Subject: Re: [Openstack] About the Role and User's rights

Those roles you see in keystone are merely examples, and don't have any "meaning" by themselves. You create your own roles in keystone (e.g. $ keystone role-create) and define the associated actions specific to each service via each service's own policy.json. For example, here's nova's default policy.json:

    https://github.com/openstack/nova/blob/master/etc/nova/policy.json

-Dolph

On Fri, Aug 31, 2012 at 2:21 AM, Jack <545997714@xxxxxx<mailto:545997714@xxxxxx>> wrote:
hi all,
     openstack uses a rights management system that employs a Role-Based Access Control , Roles control the actions that a user is allowed to perform .there are 5 roles in keystone ,there are admin,KeystoneAdmin,KeystoneServiceAdmin,Member,anotherrole ,but ,how openstack control every role's rights? how openstack lmits the actions of each role?

Looking forward

_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : openstack@xxxxxxxxxxxxxxxxxxx<mailto:openstack@xxxxxxxxxxxxxxxxxxx>
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp