thanks On 15/11/2012 15:50, Dolph Mathews wrote: > The first role is colloquially referred to as a "global role" / > "tenant-less role", which is a use case that our API supports (hence the > example) but that keystone does not implement today (it requires a > user-tenant pair in order to grant a role). > > -Dolph > > > On Wed, Nov 14, 2012 at 1:32 PM, David Chadwick <d.w.chadwick at kent.ac.uk > <mailto:d.w.chadwick at kent.ac.uk>> wrote: > > What is the difference between these two roles? One contains a > tenant, the other does not. > > <user id="u123" name="jqsmith"> > <roles> > <role id="100" name="compute:admin"/> > <role id="101" name="object-store:admin" tenantId="t1000"/> > </roles> > </user> > > regards > > David > > _________________________________________________ > OpenStack-dev mailing list > OpenStack-dev at lists.openstack.__org > <mailto:OpenStack-dev at lists.openstack.org> > http://lists.openstack.org/__cgi-bin/mailman/listinfo/__openstack-dev <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev> > > > > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >