Well , it looks normal in my consideration. You specify the operator must have Member or admin role for accessing swift. If there's a user associates a role which named "watcher" . It will be block in swift_auth filter . That's the function of swift_auth , right ? It looks pretty match to your expectation. <jojo_wanglin at sina.com> 於 2012年3月29日下午5:38 寫道: > Hi all: > > The story is: when i integrate keystone essex with swift 1.4.9, i use > swift_auth for authorization, the configuration is belows: > > [filter:keystone] > paste.filter_factory = keystone.middleware.swift_auth:filter_factory > operator_roles = Member,admin > > If I access the swift service using swift command with the user who has > the "Member, admin" role, it works successfully, but if i access using a > user who has another role, it get the "403 Forbidden". > > > That is why? > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack at lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > > -- +Hugo Kuo+ tonytkdk at gmail.com + <tonytkdk at gmail.com>886 935004793 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120329/5182f10e/attachment.html>