<div dir="ltr"><span style="color:rgb(0,0,0);font-family:Helvetica;font-size:medium">Hi Folks,</span><div style="color:rgb(0,0,0);font-family:Helvetica;font-size:medium"><br></div><div style="color:rgb(0,0,0);font-family:Helvetica;font-size:medium">
I'm trying to understand the quantum security model. I've OVS plugin configured with VLAN isolation. </div><div style="color:rgb(0,0,0);font-family:Helvetica;font-size:medium"><br></div><div style="color:rgb(0,0,0);font-family:Helvetica;font-size:medium">
I've a tenant project (alt_demo)</div><div style="color:rgb(0,0,0);font-family:Helvetica;font-size:medium"><br></div><blockquote style="color:rgb(0,0,0);font-family:Helvetica;font-size:medium;margin:0px 0px 0px 40px;border:none;padding:0px">
<div><b>(admin) > keystone tenant-list</b></div><div>+----------------------------------+----------+---------+</div><div>|                id                |   name   | enabled |</div><div>+----------------------------------+----------+---------+</div>
<div>| c19f9a2d16b74c3c971dbfbc1afdc687 |  admin   |   True  |</div><div>| a37209139af44a8a8a2a8e519e3f8478 | alt_demo |   True  |</div><div>| 70e910a7296d4a19be4b32d5bcaf3996 | services |   True  |</div><div>+----------------------------------+----------+---------+</div>
</blockquote><div style="color:rgb(0,0,0);font-family:Helvetica;font-size:medium"><br></div><div style="color:rgb(0,0,0);font-family:Helvetica;font-size:medium">I've a user (alt_demo) who is a 'member' of project alt_demo. (alt_demo is not an admin)</div>
<div style="color:rgb(0,0,0);font-family:Helvetica;font-size:medium"><br></div><blockquote style="color:rgb(0,0,0);font-family:Helvetica;font-size:medium;margin:0px 0px 0px 40px;border:none;padding:0px"><div><b>(admin > keystone user-list</b></div>
<div>+----------------------------------+----------+---------+-------------------+</div><div>|                id                |   name   | enabled |       email       |</div><div>+----------------------------------+----------+---------+-------------------+</div>
<div>| 338a1897720a4be48023a6987c76191d |  admin   |   True  |   <a href="mailto:test@test.com">test@test.com</a>   |</div><div>| c2dc7ac0e8bf4628bc7d3b2fe285793a | alt_demo |   True  | <a href="mailto:alt_demo@demo.com">alt_demo@demo.com</a> |</div>
<div>| 94936f26d48e481dadacda322fc51858 |  cinder  |   True  |  cinder@localhost |</div><div>| b7db5ef2f2d849b1a8dfc7f043bf4289 |  glance  |   True  |  glance@localhost |</div><div>| a42b0ca85f914cf88dc6361da5e08a0c |   nova   |   True  |   nova@localhost  |</div>
<div>| 2f0f85cb85f242c7b9c5f620886b9537 | quantum  |   True  | quantum@localhost |</div><div>+----------------------------------+----------+---------+-------------------+</div></blockquote><div style="color:rgb(0,0,0);font-family:Helvetica;font-size:medium">
<br></div><div style="color:rgb(0,0,0);font-family:Helvetica;font-size:medium">As <b>alt_demo</b>, try to create a network</div><div style="color:rgb(0,0,0);font-family:Helvetica;font-size:medium"><br></div><blockquote style="color:rgb(0,0,0);font-family:Helvetica;font-size:medium;margin:0px 0px 0px 40px;border:none;padding:0px">
<div><b>(alt_demo) > quantum net-create alt-net</b></div><div>Created a new network:</div><div>+-----------------+--------------------------------------+</div><div>| Field           | Value                                |</div>
<div>+-----------------+--------------------------------------+</div><div>| admin_state_up  | True                                 |</div><div>| id              | c1629dac-91dd-424a-bc82-8b97323f5059 |</div><div>| name            | alt-net                              |</div>
<div>| router:external | False                                |</div><div>| shared          | False                                |</div><div>| status          | ACTIVE                               |</div><div>| subnets         |                                      |</div>
<div>| tenant_id       | a37209139af44a8a8a2a8e519e3f8478     |</div><div>+-----------------+--------------------------------------+</div></blockquote><div style="color:rgb(0,0,0);font-family:Helvetica;font-size:medium"><br>
</div><div style="color:rgb(0,0,0);font-family:Helvetica;font-size:medium">Now, the question I've is the user "alt_demo" cannot see the VLAN/provider-network and other details which is very confusing (when the user was able to create the network, he should be able to see details of the network he just created).</div>
<div style="color:rgb(0,0,0);font-family:Helvetica;font-size:medium"><br></div><blockquote style="color:rgb(0,0,0);font-family:Helvetica;font-size:medium;margin:0px 0px 0px 40px;border:none;padding:0px"><div><b>(alt_demo) > quantum net-show alt-net</b></div>
<div>+-----------------+--------------------------------------+</div><div>| Field           | Value                                |</div><div>+-----------------+--------------------------------------+</div><div>| admin_state_up  | True                                 |</div>
<div>| id              | c1629dac-91dd-424a-bc82-8b97323f5059 |</div><div>| name            | alt-net                              |</div><div>| router:external | False                                |</div><div>| shared          | False                                |</div>
<div>| status          | ACTIVE                               |</div><div>| subnets         |                                      |</div><div>| tenant_id       | a37209139af44a8a8a2a8e519e3f8478     |</div><div>+-----------------+--------------------------------------+</div>
</blockquote><div style="color:rgb(0,0,0);font-family:Helvetica;font-size:medium"><br></div><div style="color:rgb(0,0,0);font-family:Helvetica;font-size:medium">Here's what an "admin" user sees :</div><div style="color:rgb(0,0,0);font-family:Helvetica;font-size:medium">
<br></div><blockquote style="color:rgb(0,0,0);font-family:Helvetica;font-size:medium;margin:0px 0px 0px 40px;border:none;padding:0px"><div><b>(admin) > quantum net-show alt-net</b></div><div>+---------------------------+--------------------------------------+</div>
<div>| Field                     | Value                                |</div><div>+---------------------------+--------------------------------------+</div><div>| admin_state_up            | True                                 |</div>
<div>| id                        | c1629dac-91dd-424a-bc82-8b97323f5059 |</div><div>| name                      | alt-net                              |</div><div>| <b>provider:network_type     | vlan</b>                                 |</div>
<div>| <b>provider:physical_network | physnet1</b>                             |</div><div>| <b>provider:segmentation_id  | 46                                   </b>|</div><div>| router:external           | False                                |</div>
<div>| shared                    | False                                |</div><div>| status                    | ACTIVE                               |</div><div>| subnets                   |                                      |</div>
<div>| tenant_id                 | a37209139af44a8a8a2a8e519e3f8478     |</div><div>+---------------------------+--------------------------------------+</div></blockquote><div style="color:rgb(0,0,0);font-family:Helvetica;font-size:medium">
<br></div><div style="color:rgb(0,0,0);font-family:Helvetica;font-size:medium">Thanks !</div><div style="color:rgb(0,0,0);font-family:Helvetica;font-size:medium">Prashanth</div></div>