[keystone] Re: Meaning of role name: auditor versus reader

Colleen Murphy colleen at gazlene.net
Thu Dec 13 14:25:27 UTC 2018 

Tagging keystone

On Thu, Dec 13, 2018, at 3:18 PM, cristian.calin at orange.com wrote:
> As operators, we have a need for both cases and actually a 3rd one as 
> well which should be domain scoped.
> I think the definition of reader should also include a scope (cloud-
> wide, domain specific or project specific) so that we don’t need 
> different roles.
> This might be a more fundamental change though as the scoping is static 
> today, I mean defined in the policy files/code.
> 
> Cristian Calin
> 
> From: Adam Young [mailto:ayoung at redhat.com] 
> Sent: Thursday, December 13, 2018 3:09 AM
> To: List, OpenStack
> Subject: Meaning of role name: auditor versus reader
> 
> We've recently come to accept reader as one of the default roles.  
> However, one thing that is not clear to me is the intention:  is this 
> designed to be the readonly set of operations that an admin can do, or 
> the read only set of operations that a member can do?
> 
> Should we really have two read-only roles, one for each case?  Perhaps 
> the admin-read-only should be called auditor, and then reader is for 
> member only operations?
> 
> _________________________________________________________________________________________________________________________
> 
> Ce message et ses pieces jointes peuvent contenir des informations 
> confidentielles ou privilegiees et ne doivent donc
> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez 
> recu ce message par erreur, veuillez le signaler
> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages 
> electroniques etant susceptibles d'alteration,
> Orange decline toute responsabilite si ce message a ete altere, deforme 
> ou falsifie. Merci.
> 
> This message and its attachments may contain confidential or privileged 
> information that may be protected by law;
> they should not be distributed, used or copied without authorisation.
> If you have received this email in error, please notify the sender and 
> delete this message and its attachments.
> As emails may be altered, Orange is not liable for messages that have 
> been modified, changed or falsified.
> Thank you.
>

More information about the openstack-discuss mailing list