openstack team mailing list archive

Thread
Date

Re: [OpenStack] Limiting new roles

To: Guillermo Alvarado <guillermoalvarado89@xxxxxxxxx>
From: Dolph Mathews <dolph.mathews@xxxxxxxxx>
Date: Wed, 31 Oct 2012 15:31:59 -0500
Cc: openstack@xxxxxxxxxxxxxxxxxxx
In-reply-to: <CAMB44WDTZoYz8UFaqEY-H1F5LnovP6JFtsQEtXX8W6uETBNpKA@mail.gmail.com>

With regard to keystone, the current policy implementation is entirely
binary in that a role may either have total control over keystone or none.
The implementation in Grizzly is much more granular.

-Dolph


On Wed, Oct 31, 2012 at 2:35 PM, Guillermo Alvarado <
guillermoalvarado89@xxxxxxxxx> wrote:

> Hi everyboy,
>
> I want to create a new role, named "another-admin", so this role only  can
> create tentants and roles but cannnot change quotas or modify images and
> all other actions that admin role can do.
>
> I read about create rules in the policy.json of each service (nova,
> keystone, glance, swift) but my doubt is: How can I limit the
> views/templates/urls of Horizon, I mean, I want that the role
> "another-admin" can not see templates related to glance and can not see
> that menu.
>
> Thanks in advance,
> Best Regards.
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>

References

[OpenStack] Limiting new roles
From: Guillermo Alvarado, 2012-10-31