[Openstack-operators] Roles

J.O'Loughlin at surrey.ac.uk J.O'Loughlin at surrey.ac.uk
Wed Oct 26 13:16:49 UTC 2011


Hi All,

I'm running trunk on 10.10

I've just created a user and added to a project:

nova-manage user create tom
nova-project add project2 tom

at this stage no roles added:

my understanding is that a euca-describe-images should just show images in project? 
the new user can see all images, all instances in all projects, can start an instance from any image even if marked private, can allocate themselves an address
and can then assign that to any other user instances! 

After the above I gave tom the sysadmin role (global and then in the project). Makes no difference to what they can and cant do.

Is this normal behaviour?

Regards

John O'Loughlin
FEPS IT, Service Delivery Team Leader


More information about the Openstack-operators mailing list