<div><br></div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Jun 7, 2022 at 8:10 PM Ghanshyam Mann <<a href="mailto:gmann@ghanshyammann.com">gmann@ghanshyammann.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello Everyone,<br>
<br>
As you might know, we are redesigning the OpenStack default RBAC. The new design target two things:<br>
<br>
1. 'new defaults (reader role)'<br>
2. "Scope" concept<br>
<br>
It is hard to explain the details in email but the below doc is a good place to start understanding this:<br>
- <a href="https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html" rel="noreferrer" target="_blank">https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html</a><br>
<br>
We as a community think 1st target (reader role) is a good thing to do and it will definitely be useful<br>
in many cases.<br>
<br>
But we need feedback on the "Scope" concept. To understand what it is and how it can impact your existing<br>
use case/deployment, please ref the documentation mentioned in the etherpad[1] (if there is any question<br>
about its design/usage we are planning, feel free to reply here or contact us in #openstack-tc IRC channel).<br>
<br>
* If you are an operator, we really need your feedback if the 'Scope' concept is a useful thing for your deployment/use-case<br>
or not.<br>
<br>
* If you are attending events have operators also attending (for example, project operator feedback (like nova[2]), forum sessions<br>
in berlin summit, ops meetup or any local operator event), please communicate about the required feedback.<br>
<br>
* Due to various reasons, many of us involved in RBAC work are not travelling to Berlin and<br>
we have this topic to be discussed in Berlin ops meetup[3] but we require someone knowing RBAC new design moderate<br>
this topic. Please reach out to us if you would like to help.</blockquote><div dir="auto"><br></div><div dir="auto">I previously volunteered to facilitate this at the operators meet up and given others have had to drop out, I discussed it with the ops meetup leaders and will be facilitating a session with the interested operators on Friday.</div><div dir="auto"><br></div><div dir="auto">I know from previous discussions I’ve had, there was quite an interest in the system level of scope access to be able to see everything across a system, so I suspect there is tons of value there, but our developer perception is obvious different if we’re questioning it at this point. </div><div dir="auto"><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex" dir="auto"><br>
<br>
Central Etherpad to collect feedback (this can be used to collect from various forums/places):<br>
<br>
* <a href="https://etherpad.opendev.org/p/rbac-operator-feedback" rel="noreferrer" target="_blank">https://etherpad.opendev.org/p/rbac-operator-feedback</a><br>
<br>
<br>
[1] <a href="https://etherpad.opendev.org/p/rbac-operator-feedback" rel="noreferrer" target="_blank">https://etherpad.opendev.org/p/rbac-operator-feedback</a><br>
[2] <a href="https://etherpad.opendev.org/p/nova-berlin-meet-and-greet" rel="noreferrer" target="_blank">https://etherpad.opendev.org/p/nova-berlin-meet-and-greet</a><br>
[3]<a href="https://etherpad.opendev.org/p/ops-meetup-berlin-2022-planning#L74" rel="noreferrer" target="_blank">https://etherpad.opendev.org/p/ops-meetup-berlin-2022-planning#L74</a><br>
<br>
<br>
-gmann<br>
<br>
</blockquote></div></div>