[Keystone]Question about access rules for identity API

Rikimaru Honjo honjo.rikimaru at ntt-tx.co.jp
Tue Dec 8 09:36:39 UTC 2020


Are the access rules not applied for identity API?

I created an application credential with a access rule that allows
only project list API.
But the application credential allows all identity APIs.

Is this correct? Are there any documents that explains about this?

By the way, the application credential denied all other service's
APIs. I think this behavior is correct.

I use OpenStack Ubuntu.

Best regards,
Rikimaru Honjo
E-mail:honjo.rikimaru at ntt-tx.co.jp

More information about the openstack-discuss mailing list