← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #22356

[Bug 1373886] [NEW] create a simple way to add/remove policies to new role

  Thread PreviousDate PreviousThread Next 
Public bug reported:

I wanted to create a unique user role and add some build in policies to it. 
I can create a new role but than discovered that instead of being able to add "storage permissions" or network permissions" for a user (so specific system functionality) I have to build my own policies. 
I opened a bug to Horizon but I think that for them to implement such a change in the UX they need keystone to do some work as well. 
what I am suggesting is that we build some default policies that would allow us to add a storage admin, a network admin, an instance admin and so on to a new created role without asking the user to edit /etc/keystone/policy.json manually. 

I think adding this functionality would not only improve keystone and
make it more agile and east to use but improve horizon as well.

*Before someone marks this as invalid I will add that I am not a coder
and based on the community decisions to add a technical design to any
blueprint opened I cannot open a blueprint my self :) *

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1373886

Title:
  create a simple way to add/remove policies to new role

Status in OpenStack Identity (Keystone):
  New

Bug description:
  I wanted to create a unique user role and add some build in policies to it. 
  I can create a new role but than discovered that instead of being able to add "storage permissions" or network permissions" for a user (so specific system functionality) I have to build my own policies. 
  I opened a bug to Horizon but I think that for them to implement such a change in the UX they need keystone to do some work as well. 
  what I am suggesting is that we build some default policies that would allow us to add a storage admin, a network admin, an instance admin and so on to a new created role without asking the user to edit /etc/keystone/policy.json manually. 

  I think adding this functionality would not only improve keystone and
  make it more agile and east to use but improve horizon as well.

  *Before someone marks this as invalid I will add that I am not a coder
  and based on the community decisions to add a technical design to any
  blueprint opened I cannot open a blueprint my self :) *

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1373886/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next