Open Stack

Hi Rick,

In Keystone, Domains are the container of users, so a user belongs to a
domain and you can grant role assignments for projects.

With this call that you made, you will set the project default to this
user, after that you need to grant a role for this user in this project.

So, you can do:* openstack role add --user USER_NAME --project TENANT_ID
ROLE_NAME*

and after that, you can verify if the assignment works doing:* openstack
role list --user USER_NAME --projec TENANT_ID*

You can find more information about this here:
http://docs.openstack.org/user-guide-admin/manage_projects_users_and_roles.html
or
find us on #openstack-keystone

Cheers,

Raildo Mascena


On Tue, Jun 16, 2015 at 1:52 PM Rich Megginson <rmeggins at redhat.com> wrote:

> Using admin token credentials with the Keystone v2.0 API and the
> openstackclient, doing this:
>
> # openstack project create bar --enable
> # openstack user create foo --project bar --enable ...
>
> The user will be added to the project.
>
> Using admin token credentials with the Keystone v3 API and the
> openstackclient, using the v3 policy file with is_admin:1 added just
> about everywhere, doing this:
>
> # openstack project create bar --domain Default --enable
> # openstack user create foo --domain Default --enable --project
> $project_id_of_bar ...
>
> The user will NOT be added to the project.
>
> Is this intentional?  Am I missing some sort of policy to allow user
> create to add the user to the given project?
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150618/574148c8/attachment.html>