<div dir="ltr"><div class="markdown-here-wrapper" style=""><blockquote style="margin:1.2em 0px;border-left:4px solid rgb(221,221,221);padding:0px 1em;color:rgb(119,119,119);quotes:none">
<p style="margin:0px 0px 1.2em!important">What is “role”? It is little bit confusing because it has name “admin”. Which roles we can use except admin? What permissions they can give to the user?</p>
</blockquote>
<p style="margin:0px 0px 1.2em!important">role is an identical mark of the user. It can associate with projects(tenants) with different roles. As for the permission of different user-role-tenant mapping in each service, it’s been defined in the authorization middleware in the OpenStack services’s pipeline. </p>
<p style="margin:0px 0px 1.2em!important">Basically, the role means nothing until you define it in the authorization middleware (Keystone Auth in case of Keystone) . And the authorization middleware of OpenStack components are almost independent for each service. </p>
<p style="margin:0px 0px 1.2em!important"><img src="cid:ii_1575228a49d3757b" alt="內置圖片 1" width="206" height="94" style="margin-right: 0px;"></p>
<p style="margin:0px 0px 1.2em!important">Since you are asking about the Swift & Keystone integration. Here’s how things work. </p>
<p style="margin:0px 0px 1.2em!important">User get token and Swift storage endpoint from Keystone. Then uses the token to access it’s associated account in Swift. The mapping of Swift account and Keystone is  . Like <code style="font-size:0.85em;font-family:Consolas,Inconsolata,Courier,monospace;margin:0px 0.15em;padding:0px 0.3em;white-space:pre-wrap;border:1px solid rgb(234,234,234);background-color:rgb(248,248,248);border-radius:3px;display:inline">AUTH_b1234567890</code> . The request routes to keystone middleware for validating the existence of the incoming token from Keystone server. If exist, pull the full info of this token. The info includes user-role-tenant mapping. After that, the Swift auth middleware determine what kind of permission to the requested resource the token has.</p>
<p style="margin:0px 0px 1.2em!important">In Keystone, you can specify two type of roles only. The operator or reseller<em>admin. If the user has a operator role of a project, the user can do anything to the relevant Swift Account.  As for the reseller_admin, the user can access any account that prefix with `KEY</em>` in swift cluster. </p>
<p style="margin:0px 0px 1.2em!important">For your scenario </p>
<blockquote style="margin:1.2em 0px;border-left:4px solid rgb(221,221,221);padding:0px 1em;color:rgb(119,119,119);quotes:none">
<p style="margin:0px 0px 1.2em!important">reader - can read from the next containers: “video”, “audio”, “subtitles”, “photos”</p>
</blockquote>
<p style="margin:0px 0px 1.2em!important">The user should not have any role in operator or reseller list. This requires additional logic to do containers/account ACL for keystone users </p>
<blockquote style="margin:1.2em 0px;border-left:4px solid rgb(221,221,221);padding:0px 1em;color:rgb(119,119,119);quotes:none">
<p style="margin:0px 0px 1.2em!important">media_manager - can do anything in the next containers: “video”, “audio”, “subtitles”, “photos”</p>
</blockquote>
<p style="margin:0px 0px 1.2em!important">The user must have operator role.</p>
<blockquote style="margin:1.2em 0px;border-left:4px solid rgb(221,221,221);padding:0px 1em;color:rgb(119,119,119);quotes:none">
<p style="margin:0px 0px 1.2em!important">crypt_manager - can not do anything in Swift but can get tokens directly from keystone (it is for other usage).</p>
</blockquote>
<p style="margin:0px 0px 1.2em!important">no any available roles reflect to operator/reseller_admin in the keystone middleware. </p>
<blockquote style="margin:1.2em 0px;border-left:4px solid rgb(221,221,221);padding:0px 1em;color:rgb(119,119,119);quotes:none">
<p style="margin:0px 0px 1.2em!important">But what this role mean? How to set some permissions on this role (i.e. if I want to set readonly permission for all in swift but write only for some containers?)</p>
<p style="margin:0px 0px 1.2em!important">What we should specify in a region-id?</p>
</blockquote>
<p style="margin:0px 0px 1.2em!important">Which Keystone version are you using ? If the region ID is available in your version, you can query it from API or DB. If you are not going to have multiple regions, you can try to ignore it by using the default one. </p>
<blockquote style="margin:1.2em 0px;border-left:4px solid rgb(221,221,221);padding:0px 1em;color:rgb(119,119,119);quotes:none">
<p style="margin:0px 0px 1.2em!important">What we should specify in admin,public,internal url? What they mean?</p>
</blockquote>
<p style="margin:0px 0px 1.2em!important">You can configure 3 set of service endpoints for a single keystone endpoint. They are admin/public/internal. All three will be returned to client and client can pickup the one it want to access to. This concept is design for users from different scope. Internal might be the IP in the DMZ. Public would be the normal one for the network where end-user can hit your service. You can defined admin for other network segment or FQDN. It’s flexible design. </p>
<p style="margin:0px 0px 1.2em!important">Most of client tools grab the public one as I know. </p>
<p style="margin:0px 0px 1.2em!important">Regards // Hugo </p>
<div title="MDH:PGRpdiBzdHlsZT0iZm9udC1zaXplOiAxNHB4OyI+Jmd0O1doYXQgaXMgInJvbGUiPyBJdCBpcyBs
aXR0bGUgYml0IGNvbmZ1c2luZyBiZWNhdXNlIGl0IGhhcyBuYW1lICJhZG1pbiIuIFdoaWNoIHJv
bGVzIHdlIGNhbiB1c2UgZXhjZXB0IGFkbWluPyBXaGF0IHBlcm1pc3Npb25zIHRoZXkgY2FuIGdp
dmUgdG8gdGhlIHVzZXI/PC9kaXY+PGRpdiBzdHlsZT0iZm9udC1zaXplOiAxNHB4OyI+PGJyPjwv
ZGl2PjxkaXYgc3R5bGU9ImZvbnQtc2l6ZTogMTRweDsiPnJvbGUgaXMgYW4gaWRlbnRpY2FsIG1h
cmsgb2YgdGhlIHVzZXIuIEl0IGNhbiBhc3NvY2lhdGUgd2l0aCBwcm9qZWN0cyh0ZW5hbnRzKSB3
aXRoIGRpZmZlcmVudCByb2xlcy4gQXMgZm9yIHRoZSBwZXJtaXNzaW9uIG9mIGRpZmZlcmVudCB1
c2VyLXJvbGUtdGVuYW50IG1hcHBpbmcgaW4gZWFjaCBzZXJ2aWNlLCBpdCdzIGJlZW4gZGVmaW5l
ZCBpbiB0aGUgYXV0aG9yaXphdGlvbiBtaWRkbGV3YXJlIGluIHRoZSBPcGVuU3RhY2sgc2Vydmlj
ZXMncyBwaXBlbGluZS4mbmJzcDs8L2Rpdj48ZGl2IHN0eWxlPSJmb250LXNpemU6IDE0cHg7Ij48
YnI+PC9kaXY+PGRpdiBzdHlsZT0iZm9udC1zaXplOiAxNHB4OyI+QmFzaWNhbGx5LCB0aGUgcm9s
ZSBtZWFucyBub3RoaW5nIHVudGlsIHlvdSBkZWZpbmUgaXQgaW4gdGhlIGF1dGhvcml6YXRpb24g
bWlkZGxld2FyZSAoS2V5c3RvbmUgQXV0aCBpbiBjYXNlIG9mIEtleXN0b25lKSAuIEFuZCB0aGUg
YXV0aG9yaXphdGlvbiBtaWRkbGV3YXJlIG9mIE9wZW5TdGFjayBjb21wb25lbnRzIGFyZSBhbG1v
c3QgaW5kZXBlbmRlbnQgZm9yIGVhY2ggc2VydmljZS4mbmJzcDs8L2Rpdj48ZGl2IHN0eWxlPSJm
b250LXNpemU6IDE0cHg7Ij48YnI+PC9kaXY+PGRpdiBzdHlsZT0iZm9udC1zaXplOiAxNHB4OyI+
PGltZyBzcmM9Imh0dHBzOi8vbWFpbC5nb29nbGUuY29tL21haWwvY2EvdS8wLz91aT0yJmFtcDtp
az1kNmY2NDQ2YmM5JmFtcDt2aWV3PWZpbWcmYW1wO3RoPTE1NzUyMjhhNDlkMzc1N2ImYW1wO2F0
dGlkPTAuMSZhbXA7ZGlzcD1lbWImYW1wO3JlYWxhdHRpZD1paV8xNTc1MjI4YTQ5ZDM3NTdiJmFt
cDthdHRiaWQ9QU5HamRKX2ZoNGQ1OFMzUmNSWlcyckJSMlJHNjlzZmxTOEk5ZlozX1pqZkYteURF
ay1tZnVlUWlMSTNKeWRYSUpnVmRkcUtNemdoenBTcFZSbkVvQmxpcVIyTTkyUmRiMVRMNGMyWldX
VjVWOEdRU2ZCU2R1S0haTDJWUTFNYyZhbXA7c3o9czAtbDc1JmFtcDthdHM9MTQ3NDU1MjE3ODIw
NCZhbXA7cm09MTU3NTIyOGE0OWQzNzU3YiZhbXA7enciIGFsdD0i5YWn572u5ZyW54mHIDEiIHdp
ZHRoPSIyMDYiIGhlaWdodD0iOTQiIHN0eWxlPSJtYXJnaW4tcmlnaHQ6IDBweDsiIGRhdGEtc3Vy
bD0iaHR0cHM6Ly9tYWlsLmdvb2dsZS5jb20vbWFpbC9jYS91LzAvP3VpPTImYW1wO2lrPWQ2ZjY0
NDZiYzkmYW1wO3ZpZXc9ZmltZyZhbXA7dGg9MTU3NTIzM2VkOGE2ZGFjYiZhbXA7YXR0aWQ9MC4x
JmFtcDtkaXNwPWVtYiZhbXA7cmVhbGF0dGlkPWlpXzE1NzUyMjhhNDlkMzc1N2ImYW1wO2F0dGJp
ZD1BTkdqZEpfWDRzc2NJV1BPM2gzSll2aGNfYVFpLTRLYVV6MFp0REI1LVRjRnNXZEpCMGJiME56
empVYWFOVXBUdXFsbmdoNGQ4a2NuQTlJcUtqQ0NMbEJWdTF0TEthU1d2ZThMenZjZHpac2xGY2Rh
cFJ4TUc1ZzFaZExmeUZnJmFtcDtzej1zMC1sNzUmYW1wO2F0cz0xNDc0NTUyOTE3ODUyJmFtcDty
bT0xNTc1MjMzZWQ4YTZkYWNiJmFtcDt6dyI+PGJyPjwvZGl2PjxkaXYgc3R5bGU9ImZvbnQtc2l6
ZTogMTRweDsiPjxicj48L2Rpdj48ZGl2IHN0eWxlPSJmb250LXNpemU6IDE0cHg7Ij5TaW5jZSB5
b3UgYXJlIGFza2luZyBhYm91dCB0aGUgU3dpZnQgJmFtcDsgS2V5c3RvbmUgaW50ZWdyYXRpb24u
IEhlcmUncyBob3cgdGhpbmdzIHdvcmsuJm5ic3A7PC9kaXY+PGRpdiBzdHlsZT0iZm9udC1zaXpl
OiAxNHB4OyI+PGJyPjwvZGl2PjxkaXYgc3R5bGU9ImZvbnQtc2l6ZTogMTRweDsiPlVzZXIgZ2V0
IHRva2VuIGFuZCBTd2lmdCBzdG9yYWdlIGVuZHBvaW50IGZyb20gS2V5c3RvbmUuIFRoZW4gdXNl
cyB0aGUgdG9rZW4gdG8gYWNjZXNzIGl0J3MgYXNzb2NpYXRlZCBhY2NvdW50IGluIFN3aWZ0LiBU
aGUgbWFwcGluZyBvZiBTd2lmdCBhY2NvdW50IGFuZCBLZXlzdG9uZSBpcyAmbHQ7UHJlZml4X1VV
SUQtb2YtUHJvamVjdCZndDsgLiBMaWtlIGBBVVRIX2IxMjM0NTY3ODkwYCAuIFRoZSByZXF1ZXN0
IHJvdXRlcyB0byBrZXlzdG9uZSBtaWRkbGV3YXJlIGZvciB2YWxpZGF0aW5nIHRoZSBleGlzdGVu
Y2Ugb2YgdGhlIGluY29taW5nIHRva2VuIGZyb20gS2V5c3RvbmUgc2VydmVyLiBJZiBleGlzdCwg
cHVsbCB0aGUgZnVsbCBpbmZvIG9mIHRoaXMgdG9rZW4uIFRoZSBpbmZvIGluY2x1ZGVzIHVzZXIt
cm9sZS10ZW5hbnQgbWFwcGluZy4gQWZ0ZXIgdGhhdCwgdGhlIFN3aWZ0IGF1dGggbWlkZGxld2Fy
ZSBkZXRlcm1pbmUgd2hhdCBraW5kIG9mIHBlcm1pc3Npb24gdG8gdGhlIHJlcXVlc3RlZCByZXNv
dXJjZSB0aGUgdG9rZW4gaGFzLjwvZGl2PjxkaXYgc3R5bGU9ImZvbnQtc2l6ZTogMTRweDsiPjxi
cj48L2Rpdj48ZGl2IHN0eWxlPSJmb250LXNpemU6IDE0cHg7Ij5JbiBLZXlzdG9uZSwgeW91IGNh
biBzcGVjaWZ5IHR3byB0eXBlIG9mIHJvbGVzIG9ubHkuIFRoZSBvcGVyYXRvciBvciByZXNlbGxl
cl9hZG1pbi4gSWYgdGhlIHVzZXIgaGFzIGEgb3BlcmF0b3Igcm9sZSBvZiBhIHByb2plY3QsIHRo
ZSB1c2VyIGNhbiBkbyBhbnl0aGluZyB0byB0aGUgcmVsZXZhbnQgU3dpZnQgQWNjb3VudC4gJm5i
c3A7QXMgZm9yIHRoZSByZXNlbGxlcl9hZG1pbiwgdGhlIHVzZXIgY2FuIGFjY2VzcyBhbnkgYWNj
b3VudCB0aGF0IHByZWZpeCB3aXRoIGBLRVlfYCBpbiBzd2lmdCBjbHVzdGVyLiZuYnNwOzwvZGl2
PjxkaXYgc3R5bGU9ImZvbnQtc2l6ZTogMTRweDsiPjxicj48L2Rpdj48ZGl2IHN0eWxlPSJmb250
LXNpemU6IDE0cHg7Ij5Gb3IgeW91ciBzY2VuYXJpbyZuYnNwOzwvZGl2PjxkaXYgc3R5bGU9ImZv
bnQtc2l6ZTogMTRweDsiPjxicj48L2Rpdj48ZGl2IHN0eWxlPSJmb250LXNpemU6IDE0cHg7Ij48
ZGl2PiZndDsgcmVhZGVyIC0gY2FuIHJlYWQgZnJvbSB0aGUgbmV4dCBjb250YWluZXJzOiAidmlk
ZW8iLCAiYXVkaW8iLCAic3VidGl0bGVzIiwgInBob3RvcyI8L2Rpdj48ZGl2Pjxicj48L2Rpdj48
ZGl2PlRoZSB1c2VyIHNob3VsZCBub3QgaGF2ZSBhbnkgcm9sZSBpbiBvcGVyYXRvciBvciByZXNl
bGxlciBsaXN0LiBUaGlzIHJlcXVpcmVzIGFkZGl0aW9uYWwgbG9naWMgdG8gZG8gY29udGFpbmVy
cy9hY2NvdW50IEFDTCBmb3Iga2V5c3RvbmUgdXNlcnMmbmJzcDs8L2Rpdj48ZGl2Pjxicj48L2Rp
dj48ZGl2PiZndDsgbWVkaWFfbWFuYWdlciAtIGNhbiBkbyBhbnl0aGluZyBpbiB0aGUgbmV4dCBj
b250YWluZXJzOiAidmlkZW8iLCAiYXVkaW8iLCAic3VidGl0bGVzIiwgInBob3RvcyI8L2Rpdj48
ZGl2Pjxicj48L2Rpdj48ZGl2PlRoZSB1c2VyIG11c3QgaGF2ZSBvcGVyYXRvciByb2xlLjwvZGl2
PjxkaXY+PGJyPjwvZGl2PjxkaXY+Jmd0OyBjcnlwdF9tYW5hZ2VyIC0gY2FuIG5vdCBkbyBhbnl0
aGluZyBpbiBTd2lmdCBidXQgY2FuIGdldCB0b2tlbnMgZGlyZWN0bHkgZnJvbSBrZXlzdG9uZSAo
aXQgaXMgZm9yIG90aGVyIHVzYWdlKS48L2Rpdj48L2Rpdj48ZGl2IHN0eWxlPSJmb250LXNpemU6
IDE0cHg7Ij48YnI+PC9kaXY+PGRpdiBzdHlsZT0iZm9udC1zaXplOiAxNHB4OyI+bm8gYW55IGF2
YWlsYWJsZSByb2xlcyByZWZsZWN0IHRvIG9wZXJhdG9yL3Jlc2VsbGVyX2FkbWluIGluIHRoZSBr
ZXlzdG9uZSBtaWRkbGV3YXJlLiZuYnNwOzxicj48L2Rpdj48ZGl2IHN0eWxlPSJmb250LXNpemU6
IDE0cHg7Ij48YnI+PC9kaXY+PGRpdiBzdHlsZT0iZm9udC1zaXplOiAxNHB4OyI+Jmd0O0J1dCB3
aGF0IHRoaXMgcm9sZSBtZWFuPyBIb3cgdG8gc2V0IHNvbWUgcGVybWlzc2lvbnMgb24gdGhpcyBy
b2xlIChpLmUuIGlmIEkgd2FudCB0byBzZXQgcmVhZG9ubHkgcGVybWlzc2lvbiBmb3IgYWxsIGlu
IHN3aWZ0IGJ1dCB3cml0ZSBvbmx5IGZvciBzb21lIGNvbnRhaW5lcnM/KTwvZGl2PjxkaXYgc3R5
bGU9ImZvbnQtc2l6ZTogMTRweDsiPjxicj48L2Rpdj48ZGl2IHN0eWxlPSJmb250LXNpemU6IDE0
cHg7Ij4mZ3Q7V2hhdCB3ZSBzaG91bGQgc3BlY2lmeSBpbiBhIHJlZ2lvbi1pZD88L2Rpdj48ZGl2
IHN0eWxlPSJmb250LXNpemU6IDE0cHg7Ij48YnI+PC9kaXY+PGRpdiBzdHlsZT0iZm9udC1zaXpl
OiAxNHB4OyI+V2hpY2ggS2V5c3RvbmUgdmVyc2lvbiBhcmUgeW91IHVzaW5nID8gSWYgdGhlIHJl
Z2lvbiBJRCBpcyBhdmFpbGFibGUgaW4geW91ciB2ZXJzaW9uLCB5b3UgY2FuIHF1ZXJ5IGl0IGZy
b20gQVBJIG9yIERCLiBJZiB5b3UgYXJlIG5vdCBnb2luZyB0byBoYXZlIG11bHRpcGxlIHJlZ2lv
bnMsIHlvdSBjYW4gdHJ5IHRvIGlnbm9yZSBpdCBieSB1c2luZyB0aGUgZGVmYXVsdCBvbmUuJm5i
c3A7PC9kaXY+PGRpdiBzdHlsZT0iZm9udC1zaXplOiAxNHB4OyI+PGJyPjwvZGl2PjxkaXYgc3R5
bGU9ImZvbnQtc2l6ZTogMTRweDsiPiZndDtXaGF0IHdlIHNob3VsZCBzcGVjaWZ5IGluIGFkbWlu
LHB1YmxpYyxpbnRlcm5hbCB1cmw/IFdoYXQgdGhleSBtZWFuPzwvZGl2PjxkaXYgc3R5bGU9ImZv
bnQtc2l6ZTogMTRweDsiPjxicj48L2Rpdj48ZGl2IHN0eWxlPSJmb250LXNpemU6IDE0cHg7Ij5Z
b3UgY2FuIGNvbmZpZ3VyZSAzIHNldCBvZiBzZXJ2aWNlIGVuZHBvaW50cyBmb3IgYSBzaW5nbGUg
a2V5c3RvbmUgZW5kcG9pbnQuIFRoZXkgYXJlIGFkbWluL3B1YmxpYy9pbnRlcm5hbC4gQWxsIHRo
cmVlIHdpbGwgYmUgcmV0dXJuZWQgdG8gY2xpZW50IGFuZCBjbGllbnQgY2FuIHBpY2t1cCB0aGUg
b25lIGl0IHdhbnQgdG8gYWNjZXNzIHRvLiBUaGlzIGNvbmNlcHQgaXMgZGVzaWduIGZvciB1c2Vy
cyBmcm9tIGRpZmZlcmVudCBzY29wZS4gSW50ZXJuYWwgbWlnaHQgYmUgdGhlIElQIGluIHRoZSBE
TVouIFB1YmxpYyB3b3VsZCBiZSB0aGUgbm9ybWFsIG9uZSBmb3IgdGhlIG5ldHdvcmsgd2hlcmUg
ZW5kLXVzZXIgY2FuIGhpdCB5b3VyIHNlcnZpY2UuIFlvdSBjYW4gZGVmaW5lZCBhZG1pbiBmb3Ig
b3RoZXIgbmV0d29yayBzZWdtZW50IG9yIEZRRE4uIEl0J3MgZmxleGlibGUgZGVzaWduLiZuYnNw
OzwvZGl2PjxkaXYgc3R5bGU9ImZvbnQtc2l6ZTogMTRweDsiPjxicj48L2Rpdj48ZGl2IHN0eWxl
PSJmb250LXNpemU6IDE0cHg7Ij5Nb3N0IG9mIGNsaWVudCB0b29scyBncmFiIHRoZSBwdWJsaWMg
b25lIGFzIEkga25vdy4mbmJzcDs8L2Rpdj48ZGl2IHN0eWxlPSJmb250LXNpemU6IDE0cHg7Ij48
YnI+PC9kaXY+PGRpdiBzdHlsZT0iZm9udC1zaXplOiAxNHB4OyI+UmVnYXJkcyAvLyBIdWdvJm5i
c3A7PC9kaXY+PGRpdiBzdHlsZT0iZm9udC1zaXplOiAxNHB4OyI+PGJyPjwvZGl2PjxkaXY+PGJy
PjwvZGl2Pg==" style="height:0;width:0;max-height:0;max-width:0;overflow:hidden;font-size:0em;padding:0;margin:0">​</div></div></div><div class="gmail_extra"><br><div class="gmail_quote">2016-09-22 18:28 GMT+08:00 Alexandr Porunov <span dir="ltr"><<a href="mailto:alexandr.porunov@gmail.com" target="_blank">alexandr.porunov@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Hello,<br></div><div><br></div><div>I have installed Swift and Keystone. Now I want to create several users with different permissions:</div><div><br></div><div>reader - can read from the next containers: "video", "audio", "subtitles", "photos"</div><div>media_manager - can do anything in the next containers: "video", "audio", "subtitles", "photos"</div><div>crypt_manager - can not do anything in Swift but can get tokens directly from keystone (it is for other usage).</div><div><br></div><div>There are a lot of things in keystone (user, role, project, service, endpoint, region-id, admin-url, public-url, internal-url) and it is little bit confusing. Can somebody explain me how to configure such users with those roles?</div><div><br></div><div>I haven't bootstrap the keystone, so I haven't the admin role yet. I am worried about security with an administrator user. Do we need to define it? I have read examples which says that firstly you have to bootstrap your keystone and it will create the admin user with the admin role:</div><div><br></div><div>keystone-manage bootstrap --bootstrap-password s3cr3t</div><div><br></div><div>Also the full command for define all things is:</div><div><br></div><div>keystone-manage bootstrap \</div><div>    --bootstrap-password s3cr3t \</div><div>    --bootstrap-username admin \</div><div>    --bootstrap-project-name admin \</div><div>    --bootstrap-role-name admin \</div><div>    --bootstrap-service-name keystone \</div><div>    --bootstrap-region-id RegionOne \</div><div>    --bootstrap-admin-url <a href="http://localhost:35357" target="_blank">http://localhost:35357</a> \</div><div>    --bootstrap-public-url <a href="http://localhost:5000" target="_blank">http://localhost:5000</a> \</div><div>    --bootstrap-internal-url <a href="http://localhost:5000" target="_blank">http://localhost:5000</a></div><div><br></div><div>What is "role"? It is little bit confusing because it has name "admin". Which roles we can use except admin? What permissions they can give to the user?</div><div>Also we can create additional roles:</div><div>keystone role-create --name my_new_role</div><div><br></div><div>But what this role mean? How to set some permissions on this role (i.e. if I want to set readonly permission for all in swift but write only for some containers?)</div><div><br></div><div>What we should specify in a region-id?</div><div><br></div><div>What we should specify in admin,public,internal url? What they mean?</div><div><br></div><div>Sorry for a lot of questions</div><div><br></div><div>Sincerely,</div><div>Alexandr</div></div>
<br>______________________________<wbr>_________________<br>
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/<wbr>cgi-bin/mailman/listinfo/<wbr>openstack</a><br>
Post to     : <a href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a><br>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/<wbr>cgi-bin/mailman/listinfo/<wbr>openstack</a><br>
<br></blockquote></div><br></div>