[Openstack] Projects deals tricky job

Timothy Symanczyk Timothy_Symanczyk at symantec.com
Tue Jun 21 16:28:10 UTC 2016


We implemented something here at Symantec that sounds very similar to what
you¹re both talking about. We have three levels of Admin - Cloud, Domain,
and Project. If you¹re interested in checking it out, we actually
presented on this topic in Austin.

The presentation : https://www.youtube.com/watch?v=v79kNddKbLc

All the referenced files can be found in our github here :
https://github.com/Symantec/Openstack_RBAC

Specifically you may want to check out our keystone policy file that
defines cloud_admin domain_admin and project_admin :
https://github.com/Symantec/Openstack_RBAC/blob/master/keystone/policy.json

Tim

On 6/20/16, 5:17 AM, "Eugen Block" <eblock at nde.ag> wrote:

>I believe you are trying to accomplish the same configuration as I do,
>so I think domains are the answer. You can devide your cloud into
>different domains and grant admin rights to specific users, which are
>not authorized to see the other domains. Although I'm still not sure
>if I did it correctly and it's not fully resolved yet, here is a
>thread I started a few days ago:
>
>http://lists.openstack.org/pipermail/openstack/2016-June/016454.html
>
>Regards,
>Eugen
>
>Zitat von Venkatesh Kotipalli <openstackvenkatesh at gmail.com>:
>
>> Hi Folks,
>>
>> Is it possible to create a project admin in openstack.
>>
>> As we identified when ever we created a project admin it will show
>>entire
>> cloud (Like : other users and all services completely admin access).
>>but i
>> want to see the particular project users,admins and control all the
>> services.
>>
>> Guys please help me this part. I am really very confused.
>>
>> Regards,
>> Venkatesh.k
>
>
>
>-- 
>Eugen Block                             voice   : +49-40-559 51 75
>NDE Netzdesign und -entwicklung AG      fax     : +49-40-559 51 77
>Postfach 61 03 15
>D-22423 Hamburg                         e-mail  : eblock at nde.ag
>
>         Vorsitzende des Aufsichtsrates: Angelika Mozdzen
>           Sitz und Registergericht: Hamburg, HRB 90934
>                   Vorstand: Jens-U. Mozdzen
>                    USt-IdNr. DE 814 013 983
>
>
>_______________________________________________
>Mailing list: 
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>Post to     : openstack at lists.openstack.org
>Unsubscribe : 
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack





More information about the Openstack mailing list