One additional note on that, however: for legacy reasons many of the projects have hardcoded assumptions about the role named "admin". In Grizzly we'll be working to make the role-based access control truly customizable, but for now you're stuck with needing that one.
- Gabriel From: openstack-bounces+gabriel.hurley=nebula....@lists.launchpad.net [mailto:openstack-bounces+gabriel.hurley=nebula....@lists.launchpad.net] On Behalf Of Dolph Mathews Sent: Friday, August 31, 2012 12:34 AM To: Jack Cc: openstack Subject: Re: [Openstack] About the Role and User's rights Those roles you see in keystone are merely examples, and don't have any "meaning" by themselves. You create your own roles in keystone (e.g. $ keystone role-create) and define the associated actions specific to each service via each service's own policy.json. For example, here's nova's default policy.json: https://github.com/openstack/nova/blob/master/etc/nova/policy.json -Dolph On Fri, Aug 31, 2012 at 2:21 AM, Jack <545997...@qq.com<mailto:545997...@qq.com>> wrote: hi all, openstack uses a rights management system that employs a Role-Based Access Control , Roles control the actions that a user is allowed to perform .there are 5 roles in keystone ,there are admin,KeystoneAdmin,KeystoneServiceAdmin,Member,anotherrole ,but ,how openstack control every role's rights? how openstack lmits the actions of each role? Looking forward _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net<mailto:openstack@lists.launchpad.net> Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
