[openstack-dev] Domain ID in Policy_dict

Tiwari, Arvind arvind.tiwari at hp.com
Thu Jan 16 16:08:47 UTC 2014

I think you have to define rule as below

"domain-admin": "role:domain_admin and domain_id:%(target.domain.domain_id)s"

Associate this rule with APIS which you want to scope to domain admin.

Try and let us know.


-----Original Message-----
From: bounces at canonical.com [mailto:bounces at canonical.com] On Behalf Of Telles Mota Vidal Nóbrega
Sent: Thursday, January 16, 2014 6:30 AM
To: Tiwari, Arvind
Subject: Domain ID in Policy_dict

Hi, i'm working on some new features for openstack and this merge that
you submitted https://review.openstack.org/#/c/50488/ does most of what
I need. I updated the code here but I couldn't make it work, my idea is
to create a role called domain_admin, to check this we would need to
check if the user is admin and is owner of the domain and for that we
would need the domain_id t o be checked at the policy.json which by the
examples you posted works. Unfortunetly I wasn't able to do so, can you
help me out, give me some tips on how to get this working?

This message was sent from Launchpad by
=?utf-8?q?Telles_Mota_Vidal_N=C3=B3brega?= (https://launchpad.net/~tellesmvn)
using the "Contact this user" link on your profile page
For more information see

More information about the OpenStack-dev mailing list