On 10/17/2018 12:29 PM, Moore, Michael Dane (GSFC-720.0)[BUSINESS
INTEGRA, INC.] wrote:
I’m seeing unexpected behavior in our Queens environment related to
Glance image visibility. Specifically users who, based on my
understanding of the visibility and ownership fields, should NOT be able
to see or view the image.
If I create a new image with openstack image create and specify –project
<tenant> and –private a non-admin user in a different tenant can see and
boot that image.
That seems to be the opposite of what should happen. Any ideas?
Yep, something's not right there.
Are you sure that the user that can see the image doesn't have the admin
role (for the project in its keystone token) ?
Did you verify that the image's owner is what you intended, and that the
visibility really is "private" ?
~iain
_______________________________________________
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators