Hi, creating rbac entries by non-admins will be controlled by policy.json. So you can enable it or disable it there.
> Also is the action access_as_external available now ? Not yet. The code is still under review. On Thu, Jun 25, 2015 at 10:15 AM, Assaf Muller <[email protected]> wrote: > I'll defer to Kevin, the spec author, but you should know that the > implementation is not merged yet. > > ----- Original Message ----- > > Hi Assaf, > > > > Now reading the rbac network specs carefully, I believe it does allow > private > > networks to be shared to other tenants by non-admin users. > > > > So the command " neutron rbac create < net - uuid | net - name > -- type > > network -- tenant - id < tenant - uuid > -- action access_a > > s_shared " - can this be only used by an admin ? From the specs, it did > not > > seem so. > > > > Also is the action access_as_external available now ? > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Tue, Jun 2, 2015 at 9:14 PM, Assaf Muller < [email protected] > > wrote: > > > > > > Check out: > > > http://specs.openstack.org/openstack/neutron-specs/specs/liberty/rbac-networks.html > > If I understand correctly, what Anik is probably asking for is way to > connect > > two OpenStack projects together from a network point of view, where a > > private network in Project1 can be connected to a Router in Project2. > AFAIK, > > I don't think we are planning to expose such model in RBAC where a tenant > > (non-admin) has a way control who can see/connect-to his/her resources. > > > > @Anik, please correct me if I am wrong. > > > > > > > > > > Kevin is trying to solve exactly this problem. We're really hoping to > land it > > in > > time for Liberty. > > > > ----- Original Message ----- > > > Hi, > > > > > > Trying to understand if somebody has come across the following > scenario: > > > > > > I have a two projects: Project 1 and Project 2 > > > > > > I have a neutron private network in Project 1, that I want to connect > that > > > private network to a neutron port in Project 2. > > > > > > This does not seem to be possible without using admin credentials. I > am not > > > talking about a shared provider network here. > > > > > > It seems that the problem lies in the fact that there is no data model > > > today > > > that lets one Project have knowledge about any other Project inside the > > > same > > > OpenStack region. > > > > > > Any pointers there will be helpful. > > > Regards, > > > Anik > > > > > > > > > __________________________________________________________________________ > > > OpenStack Development Mailing List (not for usage questions) > > > Unsubscribe: > [email protected]?subject:unsubscribe > > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > > > > > > > > > > > __________________________________________________________________________ > > OpenStack Development Mailing List (not for usage questions) > > Unsubscribe: > [email protected]?subject:unsubscribe > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > > > > > > > > > > __________________________________________________________________________ > > OpenStack Development Mailing List (not for usage questions) > > Unsubscribe: > [email protected]?subject:unsubscribe > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > > > > > > > > > > __________________________________________________________________________ > > OpenStack Development Mailing List (not for usage questions) > > Unsubscribe: > [email protected]?subject:unsubscribe > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > >
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
