Open Stack

I would suggest domain admin [1] to create another users rather then
granting any regular user to create another ones. As you would need not
only create the user, but also be able to assign appropriate role to it,
which should not be granted for members for sure.

I'm not actually sure about your usecase, but what regular _member_ can do,
is to create application credentials [2], that can be used for
authentication in keystone by clients (including usage of
openrc/clouds.yaml files), but that will basically shadow user that has
created these credentials. Though they can't be used to auth in Horizon if
I'm not mistaken.

[1]
https://docs.openstack.org/keystone/latest/admin/service-api-protection.html#domain-administrators
[2]
https://docs.openstack.org/keystone/latest/user/application_credentials.html

вс, 2 апр. 2023 г., 01:33 James Leong <jamesleong123098 at gmail.com>:

> Hi all,
> I have deploy openstack in yoga version using kolla-ansible. I noticed
> that only admin role can create a new user. Would it be possible to also
> allow user with __member__ role to create user in the respective project.
>
> Best,
> James
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20230402/4cd6bebd/attachment.htm>