On Fri, 2024-08-09 at 04:51 +0000, abitha.ramu32@gmail.com wrote:
I have created new user with reader access, As expected it was supposed to view the resources created in openstack. but the user with reader access can create/update/modify the resource
there are two possiblites either the user also has the admin/member roles and has write acces by defautl or that simply implies that you have not enabled or more specifically the person who deployed your openstack has not enabled the new default policy required to enable SRBAC.
on a cloud that does nto have srbac enabled the roles on the user token are not check for any action othat is not admin only. so the reader role, no role or member role all have read/write access to the resouces.
this is docuemtned at a high level in https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rba...