Hi all, Is anyone using granular roles or groups, with fewer permissions granted than _member_ ? If so, have you found a nice, simple (within the context of OpenStack) method or scheme for:-
a) modifying the default "admin_or_owner" rules, which would otherwise match any role as long as the tenant is correct, b) handling the ubiquitous empty rules, (e.g. "<rule>":""), which also allow a free pass, if reached. By way of background, at the Mitaka Summit a call was made [0] for operators to record changes they were making to their policy files. Most of the examples given [1] are either for roles with permissions elevated above _member_ (e.g. ProjectAdmin), or where the wider permissions also granted (e.g. by a) and b), above) would not be a concern. Cheers, Michael [0] http://lists.openstack.org/pipermail/openstack-operators/2015-October/008547.html [1] https://etherpad.openstack.org/p/mitaka-ops-policy-modifications -- Michael Richardson Catalyst IT Limited _______________________________________________ OpenStack-operators mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
