[openstack-dev] [Congress]Authorization mechanisms for each user

Masahito MUROI muroi.masahito at lab.ntt.co.jp
Fri Apr 15 07:57:08 UTC 2016


Hi Yuki,

This sounds interesting. AFAIK, there is no similar use-case you mentioned.

On 2016/04/15 10:13, Yuki Nisiwaki wrote:
> Hi openstacker working on congress.
>
> I want to implement the authorization mechanisms for each user, not role
> base.
> For example, User A can change security group, But User B can’t change
> security group like IAM feature of AWS.
>
> In order to achieve it,
> I’m considering whether can I utilize Congress feature.
> I am thinking somehow that I can achieve it by following step.
> 1. create policy for each user with datalog in congress
> 2. prepare the wsgi filter for each project that works confirming
> authorization of each user to Congress.
Could you clarify your usecase? I think it can be done by roles and 
modifying policy.json. If you assume A and B are under some conditions, 
what kind of condition do you want to use?

btw, I added [Congress] prefix in the subject.

>
> I think this use-case is very popular and there is someone who think
> same thing.
> But There is no information about it in any website (blog, presentation
> in summit).
> So why is there anyone who achieve it?
> or does this approach have anxious point?
> If you are interested in this approach or think same thing, I want to
> know it.
>
>
> Best regards
>
> Yuki Nishiwaki
> NTT Communitions
> Technology development
> Cloud Core Technology Unit
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>

best regards,
Masahito


-- 
室井 雅仁(Masahito MUROI)
Software Innovation Center, NTT
Tel: +81-422-59-4539





More information about the OpenStack-dev mailing list