Thanks Adam and Remo, I'll check it out.
On 21 April 2014 01:59, Remo Mattei <[email protected]> wrote: > Hi Reza, > as Adam suggested, I have in fact, created a new lab for some of the new > hire regarding this topic. Here is the public URL you can use to follow the > instruction on how to do this. > > http://docs.openstack.org/developer/horizon/topics/policy.html > > > > On 04/17/2014 02:15 AM, Reza Bakhshayeshi wrote: > > Hi, > > I want to integrate an external service with keystone, in a way that > only an authorized user in keystone could make access to that service. > In the simplest form, consider it as a web service which receive the > user's request and return a specific feature of his/her instance. > Surely, users should be unable to see other's instance specifications, > and must be authorized in the keystone. > What do you think is the best way of performing this scenario? > > > Use RBAC, create a Role specific to your new service, and only assign that > role to people that you trust. Create a policy file that checks for that > the calling user has that role before any operations. > > > Thanks, > Reza > > > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : [email protected] > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > !DSPAM:1,53543175213691779914982! > _______________________________________________ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : [email protected] > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > !DSPAM:1,53543175213691779914982! > > > > > _______________________________________________ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : [email protected] > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
