yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1924790] [NEW] default role documentation: who can assign roles?

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Andrew Bogott <1924790@xxxxxxxxxxxxxxxxxx>
Date: Fri, 16 Apr 2021 16:52:22 -0000
Reply-to: Bug 1924790 <1924790@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

I'm hoping that my cloud will soon be able to adopt the new default
scoped role model documented at

  https://docs.openstack.org/keystone/latest/admin/service-api-
protection.html

That document is good about detailing which roles can read and view
existing role assignments, but I can't tell which users can or can't
assign new roles.  For example, if I give a user the admin role in a
project, can that user add additional users to that project?

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1924790

Title:
  default role documentation: who can assign roles?

Status in OpenStack Identity (keystone):
  New

Bug description:
  I'm hoping that my cloud will soon be able to adopt the new default
  scoped role model documented at

    https://docs.openstack.org/keystone/latest/admin/service-api-
  protection.html

  That document is good about detailing which roles can read and view
  existing role assignments, but I can't tell which users can or can't
  assign new roles.  For example, if I give a user the admin role in a
  project, can that user add additional users to that project?

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1924790/+subscriptions

Follow ups

[Bug 1924790] Re: default role documentation: who can assign roles?
From: Launchpad Bug Tracker, 2021-11-28