<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hi Chengwei,<br>
<br>
You can create as much roles as you want and create/modify rules in
policy.json (can be found in /etc/keystone and other configuration
directories of Openstack modules) to put these roles into reality<br>
<br>
And there is no notion 'project admin'. Unfortunately, in Keystone
everybody who has role 'admin' is entire Openstack admin, not
project's. Be aware :)<br>
<br>
<div class="moz-cite-prefix">On 10/19/17 8:22 AM, Chengwei Yang
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:20171019052228.dw6lqzwcw54ricpn@chengwei-debian.qiyi.com">
<pre wrap="">Hi list,
I'm recently learn keystone and got some questions below, thanks any reply in advance!
1. It seems that there are only 2 kinds of roles, regardless how many
roles you created, all of them should be non-admin or admin, am I right?
2. If I was wrong, how to create a role with specific capabilities?
3. Is it possible to assign some project admin privileges to user or group?
so far I see only the admin created by keystone-bootstrap with
capabilities to manage project(create, delete and etc.)
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Mailing list: <a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
Post to : <a class="moz-txt-link-abbreviated" href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a>
Unsubscribe : <a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Volodymyr Litovka
"Vision without Execution is Hallucination." -- Thomas Edison</pre>
</body>
</html>