<div dir="ltr">Dear Jerome and Massimo,<div><br></div><div>Thank you both for your responses.</div><div>I thought this feature is already implemented because its blueprint states so:</div><div><a href="https://blueprints.launchpad.net/nova/+spec/user-id-based-policy-enforcement">https://blueprints.launchpad.net/nova/+spec/user-id-based-policy-enforcement</a><br></div><div><br></div><div>Regards,</div><div>Hamza</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 16 January 2017 at 08:26, Jerome Pansanel <span dir="ltr"><<a href="mailto:jerome.pansanel@iphc.cnrs.fr" target="_blank">jerome.pansanel@iphc.cnrs.fr</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Dear Hamza,<br>
<br>
You may contact the primary assignee to get the status of this feature:<br>
<a href="https://specs.openstack.org/openstack/nova-specs/specs/newton/implemented/user-id-based-policy-enforcement.html" rel="noreferrer" target="_blank">https://specs.openstack.org/<wbr>openstack/nova-specs/specs/<wbr>newton/implemented/user-id-<wbr>based-policy-enforcement.html</a><br>
<br>
Best regards,<br>
<br>
Jerome Pansanel<br>
<div class="HOEnZb"><div class="h5"><br>
Le 15/01/2017 à 08:44, Hamza Achi a écrit :<br>
> Hello,<br>
><br>
> According to this Nova-spec of Newton release [1], user_id:%(user_id)s<br>
> syntax should work to constrain some operations to user_id instead of<br>
> project_id. Like deleting and rebuilding VMs.<br>
><br>
> But it is not working, users within the same project can delete,<br>
> rebuild......the VMs of each other. i added these rules in<br>
> /etc/nova/policy.json (i used devstack stable/newton branch):<br>
><br>
>     "admin_required": "role:admin or is_admin:1",<br>
>     "owner" : "user_id:%(user_id)s",<br>
>     "admin_or_owner": "rule:admin_required or rule:owner",<br>
>     "compute:delete": "rule:admin_or_owner",<br>
>     "compute:resize": "rule:admin_or_owner",<br>
>     "compute:rebuild": "rule:admin_or_owner",<br>
>     "compute:reboot": "rule:admin_or_owner",<br>
>     "compute:start": "rule:admin_or_owner",<br>
>     "compute:stop": "rule:admin_or_owner"<br>
><br>
><br>
> Can you please point out what i am missing ?<br>
><br>
> Thank you,<br>
> Hamza<br>
><br>
><br>
> [1]<br>
> <a href="https://specs.openstack.org/openstack/nova-specs/specs/newton/implemented/user-id-based-policy-enforcement.html" rel="noreferrer" target="_blank">https://specs.openstack.org/<wbr>openstack/nova-specs/specs/<wbr>newton/implemented/user-id-<wbr>based-policy-enforcement.html</a><br>
><br>
><br>
</div></div><span class="im HOEnZb">> ______________________________<wbr>_________________<br>
> OpenStack-operators mailing list<br>
> <a href="mailto:OpenStack-operators@lists.openstack.org">OpenStack-operators@lists.<wbr>openstack.org</a><br>
> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators" rel="noreferrer" target="_blank">http://lists.openstack.org/<wbr>cgi-bin/mailman/listinfo/<wbr>openstack-operators</a><br>
><br>
<br>
<br>
</span><span class="HOEnZb"><font color="#888888">--<br>
Jerome Pansanel, PhD<br>
Technical Director at France Grilles<br>
Grid & Cloud Computing Operations Manager at IPHC<br>
IPHC                        ||  GSM: <a href="tel:%2B33%20%280%296%2025%2019%2024%2043" value="+33625192443">+33 (0)6 25 19 24 43</a><br>
23 rue du Loess, BP 28      ||  Tel: <a href="tel:%2B33%20%280%293%2088%2010%2066%2024" value="+33388106624">+33 (0)3 88 10 66 24</a><br>
F-67037 STRASBOURG Cedex 2  ||  Fax: <a href="tel:%2B33%20%280%293%2088%2010%2062%2034" value="+33388106234">+33 (0)3 88 10 62 34</a><br>
</font></span><div class="HOEnZb"><div class="h5"><br>
______________________________<wbr>_________________<br>
OpenStack-operators mailing list<br>
<a href="mailto:OpenStack-operators@lists.openstack.org">OpenStack-operators@lists.<wbr>openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators" rel="noreferrer" target="_blank">http://lists.openstack.org/<wbr>cgi-bin/mailman/listinfo/<wbr>openstack-operators</a><br>
</div></div></blockquote></div><br></div>