Hi,

I can only hint you towards this spec for the domain-scoped manager: https://review.opendev.org/c/openstack/keystone-specs/+/903172

greetings
Josephine (Luzi)

Am 12.04.24 um 10:35 schrieb Sławek Kapłoński:

Hi,

I started looking at the S-RBAC today and for the phase 3 [1] especially. My question is - do we have agreement how this MANAGER will look like? In the linked document there is only info that keystone's spec [2] will have to be changed but I'm not sure if this is final now and if we can/should start thinking and implementing policies for the MANAGER role or not yet.

[1] https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#phase-3

[2] https://review.opendev.org/c/openstack/keystone-specs/+/818603

--

Slawek Kaplonski

Principal Software Engineer

Red Hat