[Openstack-operators] Allow user to see instances of other users

George Shuklin george.shuklin at gmail.com
Thu Jun 11 18:06:31 UTC 2015


I'm trying to allow a user with special role to see all instances of all 
tenants without giving him admin privileges.

My initial attempt was to change policy.json for nova to 
"compute:get_all_tenants": "role:special_role or is_admin:True".

But it didn't work well.

The command (nova list --all-tenants) is not failing anymore (no 'ERROR 
(Forbidden): Policy doesn't allow compute:get_all_tenants to be 
performed.'), but the returned list is empty:

nova list  --all-tenants
| ID | Name | Status | Task State | Power State | Networks |

Any ideas how to allow a user without admin privileges to see all instances?

More information about the OpenStack-operators mailing list