Hi Rick, In Keystone, Domains are the container of users, so a user belongs to a domain and you can grant role assignments for projects.
With this call that you made, you will set the project default to this user, after that you need to grant a role for this user in this project. So, you can do:* openstack role add --user USER_NAME --project TENANT_ID ROLE_NAME* and after that, you can verify if the assignment works doing:* openstack role list --user USER_NAME --projec TENANT_ID* You can find more information about this here: http://docs.openstack.org/user-guide-admin/manage_projects_users_and_roles.html or find us on #openstack-keystone Cheers, Raildo Mascena On Tue, Jun 16, 2015 at 1:52 PM Rich Megginson <[email protected]> wrote: > Using admin token credentials with the Keystone v2.0 API and the > openstackclient, doing this: > > # openstack project create bar --enable > # openstack user create foo --project bar --enable ... > > The user will be added to the project. > > Using admin token credentials with the Keystone v3 API and the > openstackclient, using the v3 policy file with is_admin:1 added just > about everywhere, doing this: > > # openstack project create bar --domain Default --enable > # openstack user create foo --domain Default --enable --project > $project_id_of_bar ... > > The user will NOT be added to the project. > > Is this intentional? Am I missing some sort of policy to allow user > create to add the user to the given project? > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: [email protected]?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
