Hi Naveen, A few things come to mind: - Do an openstack application credential show on the AC to verify it picked up any necessary roles. Also check the --role option when creating the AC. - Try adding an additional rule similar to the first but with "path": "/v2.1/servers/detail". The openstack server list command seems to use the detail endpoint; it failed for my AC until the extra rule was added. - The nova-api service for your openstack cloud needs to have service_type set before access rules will be understood. This is documented at https://docs.openstack.org/keystone/latest/user/application_credentials.html.... If you don't have admin access to your cloud, you may need to raise a support ticket with your service provider and ask them to check that this has been done. Cheers, Tim On Thursday, 25 July 2024 at 14:16, Naveen Anbarasu <nawin8056@gmail.com> wrote:
Hi team,
I have created an application credential for the compute service and successfully obtained a token. Access rule: "service": "compute", "method": "GET", "path": "/v2.1/servers"
However, when using the token to retrieve the server list, I receive a Error 403 Forbidden error with the message: 'Policy doesn't allow os_compute_api:servers to be performed.
But i have a necessary permission within the respective project (member role)
How can I solve this problem?
Thanks in advance