[openstack-dev] [keystone] roles and tenants

David Chadwick d.w.chadwick at kent.ac.uk
Thu Nov 15 16:14:53 UTC 2012


thanks

On 15/11/2012 15:50, Dolph Mathews wrote:
> The first role is colloquially referred to as a "global role" /
> "tenant-less role", which is a use case that our API supports (hence the
> example) but that keystone does not implement today (it requires a
> user-tenant pair in order to grant a role).
>
> -Dolph
>
>
> On Wed, Nov 14, 2012 at 1:32 PM, David Chadwick <d.w.chadwick at kent.ac.uk
> <mailto:d.w.chadwick at kent.ac.uk>> wrote:
>
>     What is the difference between these two roles? One contains a
>     tenant, the other does not.
>
>     <user id="u123" name="jqsmith">
>              <roles>
>                  <role id="100" name="compute:admin"/>
>                  <role id="101" name="object-store:admin" tenantId="t1000"/>
>              </roles>
>          </user>
>
>     regards
>
>     David
>
>     _________________________________________________
>     OpenStack-dev mailing list
>     OpenStack-dev at lists.openstack.__org
>     <mailto:OpenStack-dev at lists.openstack.org>
>     http://lists.openstack.org/__cgi-bin/mailman/listinfo/__openstack-dev <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev>
>
>
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>



More information about the OpenStack-dev mailing list