[keystone][policy] user read-only role not working
Ben Nemec
openstack at nemebean.com
Fri Sep 25 14:25:26 UTC 2020
I don't believe that the reader role was respected by most projects in
Train. Moving every project to support it is still a work in progress.
On 9/24/20 11:58 PM, its-openstack at zohocorp.com wrote:
> Dear Openstack,
>
> We have deployed openstack train branch.
>
> This mail is in regards to the default role in openstack. we are trying
> to create a read-only user i.e, the said user can only view in the web
> portal(horizon)/using cli commands.
> the user cannot create an instance or delete an instance , the same with
> any resource.
>
> we created a user in a project test with reader role, but in horizon/cli
> able to create and delete instance and similar to other access also
> if you so kindly help us fix this issue would be grateful.
>
> the commands used for creation
>
>
>
> $ openstack user create --domain default --password-prompt
> test-reader at test.com <mailto:test-reader at test.com>
> $ openstack role add --project test --user test-reader at test.com
> <mailto:gowtham.sankar at zohocorp.com> reader
>
>
>
> Thanks and Regards
> sysadmin
>
>
>
>
>
More information about the openstack-discuss
mailing list