Thanks but I made a mistake because I forgot to change user variables before deleting the instance. User belonging to user role cannot delete instances of other projects. Sorry for my mistake Regards Ignazio Il giorno gio 6 set 2018 alle ore 16:41 iain MacDonnell < iain.macdonnell at oracle.com> ha scritto: > > > On 09/06/2018 06:31 AM, Ignazio Cassano wrote: > > I installed openstack ocata on centos and I saw /etc/nova/policy.json > > coontains the following: > > { > > } > > > > I created an instance in a a project "admin" with user admin that > > belogns to admin project > > > > I created a demo project with a user demo with "user" role. > > > > Using command lines (openstack server list --all-projects) the user demo > > can list the admin instances and can also delete one of them. > > > > I think this is a bug and a nova policy.json must be created with some > > rules for avoiding the above. > > See > > https://specs.openstack.org/openstack/nova-specs/specs/newton/implemented/policy-in-code.html > > You have something else going on ... > > ~iain > > > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20180906/47d17649/attachment.html>