[Openstack-operators] Keystone policy.v3cloudsample.json

Jesse Pretorius jesse.pretorius at gmail.com
Wed Dec 11 07:42:32 UTC 2013


On 11 December 2013 05:03, Paul Belanger <paul.belanger at polybeacon.com>wrote:

> So, right now I have both a cloud_admin (global) and domain_admin
> working. I have a few patches up on review.o.o to get merged but I
> figure a blog posting might be a good idea.
>
> That said, is anybody else running custom policy.json files or moslty
> using stock?
>

Currently we're using stock, but we're wanting to implement custom policy
files in order to facilitate delegating authority appropriately for domains
(Domain Admin) and to introduce less privileged roles (eg someone who can
access instances, but can't build/terminate them).

A colleague of mine has been working through how to make this work.
Personally I think that the stock items should introduce a broader set of
roles as doing something like what I've mentioned above is a fairly common
requirement in Private Cloud environments.

It'd be great if you could share your work - via blog post would be great!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20131211/9a3d3517/attachment.html>


More information about the OpenStack-operators mailing list