[Openstack] [openstack][keystone] Service isolation?
Nguyen, Liem Manh
liem_m_nguyen at hp.com
Wed Apr 11 01:44:31 UTC 2012
Hi fellow Stackers,
I am reading http://keystone.openstack.org/configuringservices.html, and it appears that for service registration, all services (or rather service users) reside within the same tenant with the same Admin role. So, if I understand it correctly, it is then possible that a service user for Nova can actually accidentally nuke an endpoint for a Glance service, for example? Don't we want isolation among services, i.e., a user owning one service may not modify another service that he/she did not create?
Thanks,
Liem
More information about the Openstack
mailing list