[Openstack] [openstack][keystone] Creating a "project admin" rule for keystone

Craig Jellick cjellick at godaddy.com
Fri Jun 13 20:47:32 UTC 2014


Answering my own question. Looks like this will walk me through exactly
what I want:
http://adam.younglogic.com/2013/11/policy-enforcement-openstack/


/Craig J




On 6/13/14 11:45 AM, "Craig Jellick" <cjellick at godaddy.com> wrote:

>We use AD as the identity backend and MySQL as the assignment backend,
>but I don't see how the backends would affect what I would want to do.
>
>Sent from my iPhone
>
>> On Jun 13, 2014, at 11:22 AM, "gustavo panizzo <gfa>"
>><gfa at zumbi.com.ar> wrote:
>> 
>>> On 06/13/2014 02:57 PM, Craig Jellick wrote:
>>> Has anyone setup a "project admin" rule for keystone?
>>> Let me explain what I mean by that rule to be clear:
>>> it should allow a user to add and remove other users to projects to
>>> */which he belongs/*. Meaning, as a project admin for project foo, I
>>> should be able to add/remove users to project foo, but not to project
>>> bar, because I'm not a project admin for project bar.
>> 
>> it could be easily do if you use ldap as your backend,
>> 
>> sorry if being Off Topic
>> 
>> 
>> -- 
>> 1AE0 322E B8F7 4717 BDEA BF1D 44BB 1BA7 9F6C 6333
>
>_______________________________________________
>Mailing list: 
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>Post to     : openstack at lists.openstack.org
>Unsubscribe : 
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack





More information about the Openstack mailing list