Hi Yuki,
This sounds interesting. AFAIK, there is no similar use-case you mentioned.
On 2016/04/15 10:13, Yuki Nisiwaki wrote:
Hi openstacker working on congress.
I want to implement the authorization mechanisms for each user, not role
base.
For example, User A can change security group, But User B can’t change
security group like IAM feature of AWS.
In order to achieve it,
I’m considering whether can I utilize Congress feature.
I am thinking somehow that I can achieve it by following step.
1. create policy for each user with datalog in congress
2. prepare the wsgi filter for each project that works confirming
authorization of each user to Congress.
Could you clarify your usecase? I think it can be done by roles and
modifying policy.json. If you assume A and B are under some conditions,
what kind of condition do you want to use?
btw, I added [Congress] prefix in the subject.
I think this use-case is very popular and there is someone who think
same thing.
But There is no information about it in any website (blog, presentation
in summit).
So why is there anyone who achieve it?
or does this approach have anxious point?
If you are interested in this approach or think same thing, I want to
know it.
Best regards
Yuki Nishiwaki
NTT Communitions
Technology development
Cloud Core Technology Unit
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
best regards,
Masahito
--
室井 雅仁(Masahito MUROI)
Software Innovation Center, NTT
Tel: +81-422-59-4539
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
