[Openstack] [OpenStack] Limiting new roles
Dolph Mathews
dolph.mathews at gmail.com
Wed Oct 31 20:31:59 UTC 2012
With regard to keystone, the current policy implementation is entirely
binary in that a role may either have total control over keystone or none.
The implementation in Grizzly is much more granular.
-Dolph
On Wed, Oct 31, 2012 at 2:35 PM, Guillermo Alvarado <
guillermoalvarado89 at gmail.com> wrote:
> Hi everyboy,
>
> I want to create a new role, named "another-admin", so this role only can
> create tentants and roles but cannnot change quotas or modify images and
> all other actions that admin role can do.
>
> I read about create rules in the policy.json of each service (nova,
> keystone, glance, swift) but my doubt is: How can I limit the
> views/templates/urls of Horizon, I mean, I want that the role
> "another-admin" can not see templates related to glance and can not see
> that menu.
>
> Thanks in advance,
> Best Regards.
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20121031/eee0797b/attachment.html>
More information about the Openstack
mailing list