[Openstack] [Keystone]Question: Assignment of default role
Leo Toyoda
toyoda-reo at cnt.mxw.nes.nec.co.jp
Fri Feb 22 02:39:50 UTC 2013
Hi, everyone
I'm using the master branch devstack.
I hava a question about assignment of default role (Keystone).
When I create a user to specify the tenant, '_member_' is assigned to the roles.
$ keystone user-create --name test --tenant-id e61..7f6 --pass test --email test at example.com
+----------+-------------------+
| Property | Value |
+----------+-------------------+
| email | test5 at example.com |
| enabled | True |
| id | af1..8d2 |
| name | test |
| tenantId | e61..7f6 |
+----------+-------------------+
$ keystone user-role-list --user test --tenant e61..7f6
+----------+----------+----------+-----------+
| id | name | user_id | tenant_id |
+----------+----------+----------+-----------+
| 9fe..bab | _member_ | af1..8d2 | e61..7f6 |
+----------+----------+----------+-----------+
Then, assign the "Member" role to the user.
Hitting assigned two roles of 'Member' and '_member_'.
$ keystone user-role-add --user af1..8d2 --role 57d..d1f --tenant e61..7f6
$ keystone user-role-list --user af1..8d2 --tenant e61..7f6
+----------+----------+----------+-----------+
| id | name | user_id | tenant_id |
+----------+----------+----------+-----------+
| 57d..d1f | Member | af1..8d2 | e61..7f6 |
| 9fe..bab | _member_ | af1..8d2 | e61..7f6 |
+----------+----------+----------+-----------+
When I create a user without specifying a tenant, I assign 'Member' role.
In this case, Only one role is assigned.
$ keystone user-create --name test2 --pass test --email test2 at example.com
+----------+-------------------+
| Property | Value |
+----------+-------------------+
| email | test2 at example.com |
| enabled | True |
| id | c22..a6d |
| name | test2 |
| tenantId | |
+----------+-------------------+
$ keystone user-role-add --user c22..a6d --role 57d..d1f --tenant e61..7f6
$ keystone user-role-list --user c22..a6d --tenant e61..7f6
+----------+----------+----------+-----------+
| id | name | user_id | tenant_id |
+----------+----------+----------+-----------+
| 57d..d1f | Member | c22..a6d | e61..7f6 |
+----------+----------+----------+-----------+
Is it expected behavior that two rolls are assigned?
Thanks
Leo Toyoda
More information about the Openstack
mailing list