That call should return a 204. Is there any stack trace or error message? If I had to best guess, the only exceptions that raise a 403 error are pretty specific, but one is the Forbidden exception: https://github.com/openstack/keystone/blob/master/keystone/exception.py#L190-L194 Which happens when you don't have a role to perform the action. By default, in policy.json you need to have the user performing the action would need the admin role: https://github.com/openstack/keystone/blob/master/etc/policy.json#L78 Steve Ratnadeep Bhattacharjee <bhatt246 at yahoo.com> wrote on 01/06/2015 06:25:50 PM: > From: Ratnadeep Bhattacharjee <bhatt246 at yahoo.com> > To: "openstack at lists.openstack.org" <openstack at lists.openstack.org> > Date: 01/06/2015 06:32 PM > Subject: [Openstack] Cannot assign admin role to domain user > > Hi, > > I am trying to make a HTTP PUT request to assign admin role to a > given user in a given domain: > > http://host:port/keystone/v3/domains/ > 16faa0dcebc94ca0ad83807d5c628754/users/ > bd0bf9040f0a47ce9cd09610f4c7dc17/roles/52580a3e2e164aca9e46b8c013bc7e18 > as per the documentation in http://developer.openstack.org/api-ref- > identity-v3.html but I get a HTTP 403 error. I am quite sure the > domain, user and role IDs are valid. Any idea what I might be doing > wrong? Do I have to set any special flags in keystone for this to succeed? > > Regards, > -Deep. > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack at lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack/attachments/20150106/3efd9914/attachment.html>