1) This does raise a security concern. We can however cover it with a separate policy-based permission, that would check if a user can view all tenants. nova seem to do so, see: https://github.com/openstack/nova/blob/4209d0140774adf3e162b7bde3cbd6b417065dd5/etc/nova/policy.json#L13 2) Will give it some thought, but it does seem like an ok practice. -- Kirill Zaitsev Murano team Software Engineer Mirantis, Inc On 8 Jul 2015 at 14:44:51, Filip Blaha (filip.blaha at hp.com) wrote: Hi all, I started implement bp [1]. Problem is that congress needs data about environments from all tenants but murano API lists only environments of user's current tenant. We decided to ipmplement it similarly like listing servers in nova where is query parameter all_tenants=true for that (user must be admin) I have 2 questions about that: 1) Are there any security concerns about this approach? 2) Has someone better idea how to implement this? [1] https://blueprints.launchpad.net/murano/+spec/murano-api-all-tenants-search Regards Filip __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150708/5ec5c99d/attachment.html>