← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 2116750] Re: This does not work as expected with keystone 24.0.0. The 'admin' user of the project cannot assign the 'member' role to a user.

 

** Changed in: keystone
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/2116750

Title:
  This does not work as expected with keystone 24.0.0.  The 'admin' user
  of the project cannot assign the 'member' role to a user.

Status in OpenStack Identity (keystone):
  Won't Fix

Bug description:
  When a project admin attempts to either create a user with the
  'member' role or assign the 'member' role to a user, the following
  from /etc/keystone/policy.yaml is not allowing this to happen...

  # Only allow users with the admin role to assign the 'member' role
  "identity:create_grant": "role:admin and target.role.name:member"

  Instead the following error is returned:

  Jul 11 15:24:08 infra01 httpd[1485318]: [wsgi:error] [pid 1485318:tid
  1485405] [remote xx.xxx.xx.xx:52600] Recoverable error: You are not
  authorized to perform the requested action: identity:create_grant.
  (HTTP 403) (Request-ID: req-33603d33-c386-49df-8901-59f718ae8559)

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/2116750/+subscriptions



References