I don't believe that the reader role was respected by most projects in Train. Moving every project to support it is still a work in progress. On 9/24/20 11:58 PM, its-openstack@zohocorp.com wrote:
Dear Openstack,
We have deployed openstack train branch.
This mail is in regards to the default role in openstack. we are trying to create a read-only user i.e, the said user can only view in the web portal(horizon)/using cli commands. the user cannot create an instance or delete an instance , the same with any resource.
we created a user in a project test with reader role, but in horizon/cli able to create and delete instance and similar to other access also if you so kindly help us fix this issue would be grateful.
the commands used for creation
$ openstack user create --domain default --password-prompt test-reader@test.com <mailto:test-reader@test.com> $ openstack role add --project test --user test-reader@test.com <mailto:gowtham.sankar@zohocorp.com> reader
Thanks and Regards sysadmin