[Openstack-security] [openstack/nova-specs] SecurityImpact review request change Ie8d653eed2fea244be6fa535ed6fd003ea15c2bb
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Thu Apr 2 15:58:57 UTC 2015
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/164813
Log:
commit 15a2abca42c5d2c27370054dfa0a81fc080695a2
Author: David Hu <david.hu at hp.com>
Date: Mon Mar 16 10:44:09 2015 -0700
Nova admin role
Current “admin” role in Nova and other services are pretty static. A
user with “admin” role has the super admin privilege not only in
Nova, but other services as well. In most organizations, compute
administrators and administrators from other services are from
distinct group of administrator. If an organization does not allow
Nova administrators to make changes to say Cinder or Neutron, then
Nova administrators should only have a “Nova specific admin role”,
and not the super ”admin” role.
Enhance Nova policy to include Nova admin role, so that
administrators with Nova admin role can perform Nova administrative
tasks without having to take on the super "admin" role.
SecurityImpact
Change-Id: Ie8d653eed2fea244be6fa535ed6fd003ea15c2bb
More information about the Openstack-security
mailing list