[openstack-dev] Difference between RBAC polices thats stored in policy.json and policies that can be created using openstack/identity/v3/policies
sudheesh sk
sudh03 at yahoo.com
Tue Aug 13 07:22:27 UTC 2013
Hi ,
I am trying to understand Difference between RBAC polices thats stored in policy.json and policies that can be created using openstack/identity/v3/policies.
I got answer from openstack forum that I can use both DB and policy.json based implementation for RBAC policy management.
Can you please tell me how to use DB based RBAC ? I can elaborate my question
1. In policy.json(keystone) I am able to define rule called - admin_required
2. Similarly I can define rules line custome_role_required
3. Then I can add this rule against each services (like for eg : identity:list_users = custom_role_required
How can I use this for DB based RBAC policies?
Also there are code like self.policy_api.enforce(context, creds, 'admin_required', {}) in many places (this is in wsgi.py)
How can I utilize the same code and at the same time move the policy definition to DB
Thanks a million,
Sudheesh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130813/2bea42c8/attachment.html>
More information about the OpenStack-dev
mailing list