[Openstack-security] Roles and group access in openstack

m.channappa.negalur at accenture.com m.channappa.negalur at accenture.com
Tue Apr 29 13:25:58 UTC 2014


Hi Team,

I would like to configure below security settings on my multimode  cloud setup ( Havana, Ubuntu 12.04 LTS-already installed)


1.       I have created DBusers as a tenant , DBAdmin as a role , db1(Role-DBdmin, belongs to DBgrpup) & db2(normal member role, group not assigned) are 2 users.

2.       I have created Appusers as a tenant, Appadmin as a role , app1(Role-DBdmin, belongs to AppGroup) & app2 (normal member role, , group not assigned) & are 2 users.

Now I want to set security  in such a way that db2 user shouldnot be able to attach a volumes as he is  not a part of DBgroup  , but db1 should be able to do it ( as he is a part of DBAdmin role+ DBgrpup).

Also Appuseres should not be able to delete db2 users instance /reboot /attaching..etc......


How can I set this in ..? Do I need to set this in policy.json. if yes...please give some examples .

Your assistance is much appreciated ...

Regards,
Malleshi CN

________________________________

This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.
______________________________________________________________________________________

www.accenture.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20140429/c55bdcdf/attachment.html>


More information about the Openstack-security mailing list