Hey all, To date we have two proposed solutions for tackling the admin-ness issue we have across the services. One builds on the existing scope concepts by scoping to an admin project [0]. The other introduces global role assignments [1] as a way to denote elevated privileges. I'd like to get some feedback from operators, as well as developers from other projects, on each approach. Since work is required in keystone, it would be good to get consensus before spec freeze (June 9th). If you have specific questions on either approach, feel free to ping me or drop by the weekly policy meeting [2]. Thanks! [0] http://adam.younglogic.com/2017/05/fixing-bug-96869/ [1] https://review.openstack.org/#/c/464763/ [2] http://eavesdrop.openstack.org/#Keystone_Policy_Meeting -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20170524/0a5cdb2b/attachment.html>