[Openstack] Identity API v3 - Why allow multi-tenant users?
Kevin L. Mitchell
kevin.mitchell at rackspace.com
Tue May 29 17:59:56 UTC 2012
On Tue, 2012-05-29 at 17:18 +0000, Caitlin Bestler wrote:
> One of the major complication I see in the API is that users can be
> associated with multiple tenants.
>
> What is the benefit of this? What functionality would be lost if a
> human user merely had to use a different account with each tenant?
>
> There are numerous issues with multi-tenant users. For example, if a
> user is associated with multiple tenants, who resets the user’s
> password?
The use case that immediately springs to mind is that of a consultant.
A consultant may be working for several clients that all happen to use
one OpenStack-powered provider, and it would be handy for that
consultant to only have to worry about a single set of login
credentials, but still be able to access the relevant parts of all the
tenants for which he or she is working.
I could imagine several other somewhat similar scenarios, such as the
value-added reseller; having multiple tenants allows them to ensure the
proper client is billed the proper amount, while still being able to
perform whatever their value-add is.
--
Kevin L. Mitchell <kevin.mitchell at rackspace.com>
More information about the Openstack
mailing list