[Openstack] project read-only role or create role with specific capabilities
Chengwei Yang
chengwei.yang.cn at gmail.com
Mon Oct 23 03:47:04 UTC 2017
Thanks yaguang, I'll give a try.
On Sat, Oct 21, 2017 at 11:26:05AM +0800, Yaguang Tang wrote:
> you can archive what you want by modifying the policy.json of Nova and other projects to define readonly role, and create that role in keystone, then
> assign to users you want.
>
> On Thu, Oct 19, 2017 at 3:15 PM, Chengwei Yang <chengwei.yang.cn at gmail.com> wrote:
>
> Hi list,
>
> As I understand, keystone only defined two roles:
>
> - admin
> - non-admin, but can be any role name you want, role1, role2, user, _member_, whatever
>
> say there are quite few people in the same project, so far, the users
> assigned with the same role has exactly the same right to a project.
>
> Is it possible to create a role with read-only capabilities with all
> resources in a project?
>
> If so, any hints?
>
> In addition, I'd like to create a role which isn't admin but can manage
> projects(create project, delete his project, manage project members and
> etc.)
>
> thanks in advance!
>
> --
> Thanks,
> Chengwei
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
>
>
>
> --
> Tang Yaguang
>
>
>
> SECURITY NOTE: file ~/.netrc must not be accessible by others
--
Thanks,
Chengwei
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20171023/23008a7e/attachment.sig>
More information about the Openstack
mailing list