[Openstack] project read-only role or create role with specific capabilities

Yaguang Tang heut2008 at gmail.com
Sat Oct 21 03:26:05 UTC 2017


you can archive what you want by modifying the policy.json of Nova and
other projects to define readonly role, and create that role in keystone,
then assign to users you want.

On Thu, Oct 19, 2017 at 3:15 PM, Chengwei Yang <chengwei.yang.cn at gmail.com>
wrote:

> Hi list,
>
> As I understand, keystone only defined two roles:
>
>   - admin
>   - non-admin, but can be any role name you want, role1, role2, user,
> _member_, whatever
>
> say there are quite few people in the same project, so far, the users
> assigned with the same role has exactly the same right to a project.
>
> Is it possible to create a role with read-only capabilities with all
> resources in a project?
>
> If so, any hints?
>
> In addition, I'd like to create a role which isn't admin but can manage
> projects(create project, delete his project, manage project members and
> etc.)
>
> thanks in advance!
>
> --
> Thanks,
> Chengwei
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/
> openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/
> openstack
>
>


-- 
Tang Yaguang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20171021/42c5d19d/attachment.html>


More information about the Openstack mailing list