[Openstack-operators] Allow user to see instances of other users
George Shuklin
george.shuklin at gmail.com
Thu Jun 11 18:06:31 UTC 2015
Hello.
I'm trying to allow a user with special role to see all instances of all
tenants without giving him admin privileges.
My initial attempt was to change policy.json for nova to
"compute:get_all_tenants": "role:special_role or is_admin:True".
But it didn't work well.
The command (nova list --all-tenants) is not failing anymore (no 'ERROR
(Forbidden): Policy doesn't allow compute:get_all_tenants to be
performed.'), but the returned list is empty:
nova list --all-tenants
+----+------+--------+------------+-------------+----------+
| ID | Name | Status | Task State | Power State | Networks |
+----+------+--------+------------+-------------+----------+
+----+------+--------+------------+-------------+----------+
Any ideas how to allow a user without admin privileges to see all instances?
More information about the OpenStack-operators
mailing list