[Openstack] Identity API v3 - Why allow multi-tenant users?

Kevin L. Mitchell kevin.mitchell at rackspace.com
Tue May 29 17:59:56 UTC 2012


On Tue, 2012-05-29 at 17:18 +0000, Caitlin Bestler wrote:
> One of the major complication I see in the API is that users can be
> associated with multiple tenants.
>  
> What is the benefit of this? What functionality would be lost if a
> human user merely had to use a different account with each tenant?
>  
> There are numerous issues with multi-tenant users. For example, if a
> user is associated with multiple tenants, who resets the user’s
> password?

The use case that immediately springs to mind is that of a consultant.
A consultant may be working for several clients that all happen to use
one OpenStack-powered provider, and it would be handy for that
consultant to only have to worry about a single set of login
credentials, but still be able to access the relevant parts of all the
tenants for which he or she is working.

I could imagine several other somewhat similar scenarios, such as the
value-added reseller; having multiple tenants allows them to ensure the
proper client is billed the proper amount, while still being able to
perform whatever their value-add is.
-- 
Kevin L. Mitchell <kevin.mitchell at rackspace.com>





More information about the Openstack mailing list