[openstack-dev] [keystone] roles and tenants

Dolph Mathews dolph.mathews at gmail.com
Thu Nov 15 15:50:36 UTC 2012


The first role is colloquially referred to as a "global role" /
"tenant-less role", which is a use case that our API supports (hence the
example) but that keystone does not implement today (it requires a
user-tenant pair in order to grant a role).

-Dolph


On Wed, Nov 14, 2012 at 1:32 PM, David Chadwick <d.w.chadwick at kent.ac.uk>wrote:

> What is the difference between these two roles? One contains a tenant, the
> other does not.
>
> <user id="u123" name="jqsmith">
>         <roles>
>             <role id="100" name="compute:admin"/>
>             <role id="101" name="object-store:admin" tenantId="t1000"/>
>         </roles>
>     </user>
>
> regards
>
> David
>
> ______________________________**_________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.**org <OpenStack-dev at lists.openstack.org>
> http://lists.openstack.org/**cgi-bin/mailman/listinfo/**openstack-dev<http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20121115/ded2cd96/attachment.html>


More information about the OpenStack-dev mailing list