[Openstack] Help needed to understand keystone

Volodymyr Litovka doka.ua at gmx.com
Fri Dec 15 08:15:11 UTC 2017

Hi Chengwei,

You can create as much roles as you want and create/modify rules in 
policy.json (can be found in /etc/keystone and other configuration 
directories of Openstack modules) to put these roles into reality

And there is no notion 'project admin'. Unfortunately, in Keystone 
everybody who has role 'admin' is entire Openstack admin, not project's. 
Be aware :)

On 10/19/17 8:22 AM, Chengwei Yang wrote:
> Hi list,
> I'm recently learn keystone and got some questions below, thanks any reply in advance!
> 1. It seems that there are only 2 kinds of roles, regardless how many
> roles you created, all of them should be non-admin or admin, am I right?
> 2. If I was wrong, how to create a role with specific capabilities?
> 3. Is it possible to assign some project admin privileges to user or group?
> so far I see only the admin created by keystone-bootstrap with
> capabilities to manage project(create, delete and etc.)
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Volodymyr Litovka
   "Vision without Execution is Hallucination." -- Thomas Edison

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20171215/b4eda7f0/attachment.html>

More information about the Openstack mailing list