yahoo-eng-team team mailing list archive

[Dolph Mathews <1373886@xxxxxxxxxxxxxxxxxx>]

As Lance said, there's definitely work going on in this direction
(although, there are a several separate feature requests above!), but
it's not really within scope for Keystone, as the other services own
their own default policies (and thus, default role definitions). I
completely agree though, it'd be *great* to see a community-wide effort
to establish more granular default roles (just like those that you
suggested).

** Changed in: keystone
       Status: New => Opinion

** Changed in: keystone
   Importance: Undecided => Wishlist

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1373886

Title:
  create a simple way to add/remove policies to new role

Status in OpenStack Identity (Keystone):
  Opinion

Bug description:
  I wanted to create a unique user role and add some build in policies to it. 
  I can create a new role but than discovered that instead of being able to add "storage permissions" or network permissions" for a user (so specific system functionality) I have to build my own policies. 
  I opened a bug to Horizon but I think that for them to implement such a change in the UX they need keystone to do some work as well. 
  what I am suggesting is that we build some default policies that would allow us to add a storage admin, a network admin, an instance admin and so on to a new created role without asking the user to edit /etc/keystone/policy.json manually. 

  I think adding this functionality would not only improve keystone and
  make it more agile and east to use but improve horizon as well.

  *Before someone marks this as invalid I will add that I am not a coder
  and based on the community decisions to add a technical design to any
  blueprint opened I cannot open a blueprint my self :) *

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1373886/+subscriptions